Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Vista 2012 Security residuals


  • This topic is locked This topic is locked
30 replies to this topic

#1 Padshead

Padshead

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 11 January 2012 - 11:58 PM

Hi,

I recently got the windows vista 2012 security virus. I followed some online instructions, which involved running tdsskiller and malware bytes -- unfortunately this was a month or so ago, and I can't remember exactly what was done. This seemed to remove some of the issues, however, there seem to be multiple residuals which are doing weird things. The CPU usuage is high, the process responsible seems to be PING.EXE *32, which internet searches seem to suggest is being hijacked by a virus. Malware bytes also seems to continually find trojans. More troubling is that, in preparing for this post, I found that I could not access the windows firewall settings due to an unknown problem. Additionally, scan disk will not work.

Thanks for your help!

Here is the DDS.txt file:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_27
Run by me at 21:55:35 on 2012-01-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4085.2272 [GMT -6:00]
.
AV: McAfee VirusScan *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\STacSV64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\UltraVNC\winvnc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\ProgramData\UltraVNC\winvnc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\RacAgent.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\FirewallControlPanel.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\PROGRA~2\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\me\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1271614899523
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9C70EA5F-E5D3-4710-8DBD-04112A815698} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{BE73F605-696E-4D4B-8CD1-C2AA03641523} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\68l51pnp.default\
FF - prefs.js: network.proxy.type - 2
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\me\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\me\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\me\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\me\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-8 10408]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-12-11 517632]
R2 McShield;McAfee Real-time Scanner;C:\Program Files\McAfee\VirusScan\Mcshield.exe [2009-3-2 153920]
R2 uvnc_service;UltraVNC Server;C:\ProgramData\UltraVNC\winvnc.exe -service --> C:\ProgramData\UltraVNC\winvnc.exe -service [?]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-2-11 603896]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60a.sys --> C:\Windows\system32\DRIVERS\b57nd60a.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S2 Apache2.2;Remote Access Media Server;C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe [2007-9-21 15872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB64.sys --> C:\Windows\system32\DRIVERS\Ph3xIB64.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-10-18 89920]
S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]
S4 dsl-db;Remote Access DB;C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [2007-9-14 5730304]
S4 dsl-fs-sync;Remote Access File Sync Service;C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-4-13 189680]
S4 McSysmon;McAfee SystemGuards;C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe [2009-3-2 606736]
.
=============== Created Last 30 ================
.
2011-12-19 19:25:12 -------- d-----w- C:\Users\me\AppData\Roaming\Malwarebytes
2011-12-19 19:25:08 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-19 19:25:04 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-19 19:25:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-16 18:05:20 -------- d-----w- C:\Users\me\AppData\Local\temp
2011-12-16 18:01:41 -------- d-----w- C:\Windows\SysWow64\Logs
2011-12-16 17:57:31 -------- d-----w- C:\$RECYCLE.BIN
2011-12-16 17:56:30 -------- d-----we C:\Windows\system64
2011-12-16 17:41:52 98816 ----a-w- C:\Windows\sed.exe
2011-12-16 17:41:52 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-16 17:41:52 256000 ----a-w- C:\Windows\PEV.exe
2011-12-16 17:41:52 208896 ----a-w- C:\Windows\MBR.exe
2011-12-16 16:10:01 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B28F2649-23A6-40A6-B920-0484C26B30FD}\mpengine.dll
.
==================== Find3M ====================
.
2011-11-23 13:57:38 2764800 ----a-w- C:\Windows\System32\win32k.sys
2011-11-08 14:58:31 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-08 14:42:19 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 15:20:26 1383424 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-04 14:54:57 1383424 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-25 16:09:37 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-20 16:19:14 1032192 ----a-w- C:\Windows\System32\wininet.dll
2011-10-20 15:55:43 834048 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-10-20 14:40:54 485376 ----a-w- C:\Windows\System32\html.iec
2011-10-20 14:08:44 389632 ----a-w- C:\Windows\SysWow64\html.iec
2011-10-16 19:14:04 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-14 17:30:05 559616 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-14 16:02:19 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
.
============= FINISH: 21:56:37.22 ===============

Here is the log file for the GMER.exe program:
[attachment=116722:GMER.log]

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:53 AM

Posted 16 January 2012 - 12:37 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:53 AM

Posted 19 January 2012 - 01:25 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Padshead

Padshead
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 19 January 2012 - 01:32 AM

Hi Gringo,
Thanks for your response, and sorry about my slow response. I am travelling this week until Saturday for work. I don't have the infected computer with me, unfortunately, so will not be able to do anything until I get home. I will run Combofix as soon as I get home, and let you know the result.
-Thanks!

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:53 AM

Posted 19 January 2012 - 01:41 AM

no problem and thanks for letting me know - I will check on you in a couple of days



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:53 AM

Posted 22 January 2012 - 01:48 AM

How are things going?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Padshead

Padshead
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 22 January 2012 - 11:48 AM

Hi Gringo,

I realize I already ran combofix earlier before I was getting proper help. I will paste the log from that run below. After running this, I ran malware bytes. Do you want me to run combofix again?

Thanks!

ComboFix 11-12-16.01 - me 12/16/2011 11:48:06.1.2 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4085.2485 [GMT -6:00]
Running from: c:\users\me\Downloads\ComboFix.exe
AV: McAfee VirusScan *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\me\AppData\Local\lfh.exe
c:\users\me\AppData\Roaming\Install.dat
c:\users\me\Documents\~WRL0032.tmp
c:\users\me\Documents\~WRL0073.tmp
c:\users\me\Documents\~WRL0157.tmp
c:\users\me\Documents\~WRL0176.tmp
c:\users\me\Documents\~WRL0207.tmp
c:\users\me\Documents\~WRL0223.tmp
c:\users\me\Documents\~WRL0243.tmp
c:\users\me\Documents\~WRL0244.tmp
c:\users\me\Documents\~WRL0274.tmp
c:\users\me\Documents\~WRL0278.tmp
c:\users\me\Documents\~WRL0305.tmp
c:\users\me\Documents\~WRL0377.tmp
c:\users\me\Documents\~WRL0387.tmp
c:\users\me\Documents\~WRL0411.tmp
c:\users\me\Documents\~WRL0496.tmp
c:\users\me\Documents\~WRL0512.tmp
c:\users\me\Documents\~WRL0527.tmp
c:\users\me\Documents\~WRL0559.tmp
c:\users\me\Documents\~WRL0610.tmp
c:\users\me\Documents\~WRL0623.tmp
c:\users\me\Documents\~WRL0687.tmp
c:\users\me\Documents\~WRL0731.tmp
c:\users\me\Documents\~WRL0732.tmp
c:\users\me\Documents\~WRL0766.tmp
c:\users\me\Documents\~WRL0863.tmp
c:\users\me\Documents\~WRL1004.tmp
c:\users\me\Documents\~WRL1008.tmp
c:\users\me\Documents\~WRL1025.tmp
c:\users\me\Documents\~WRL1028.tmp
c:\users\me\Documents\~WRL1084.tmp
c:\users\me\Documents\~WRL1115.tmp
c:\users\me\Documents\~WRL1151.tmp
c:\users\me\Documents\~WRL1204.tmp
c:\users\me\Documents\~WRL1291.tmp
c:\users\me\Documents\~WRL1353.tmp
c:\users\me\Documents\~WRL1364.tmp
c:\users\me\Documents\~WRL1368.tmp
c:\users\me\Documents\~WRL1374.tmp
c:\users\me\Documents\~WRL1409.tmp
c:\users\me\Documents\~WRL1428.tmp
c:\users\me\Documents\~WRL1439.tmp
c:\users\me\Documents\~WRL1470.tmp
c:\users\me\Documents\~WRL1476.tmp
c:\users\me\Documents\~WRL1526.tmp
c:\users\me\Documents\~WRL1529.tmp
c:\users\me\Documents\~WRL1597.tmp
c:\users\me\Documents\~WRL1645.tmp
c:\users\me\Documents\~WRL1661.tmp
c:\users\me\Documents\~WRL1666.tmp
c:\users\me\Documents\~WRL1734.tmp
c:\users\me\Documents\~WRL1808.tmp
c:\users\me\Documents\~WRL1820.tmp
c:\users\me\Documents\~WRL1821.tmp
c:\users\me\Documents\~WRL1846.tmp
c:\users\me\Documents\~WRL1875.tmp
c:\users\me\Documents\~WRL1877.tmp
c:\users\me\Documents\~WRL1879.tmp
c:\users\me\Documents\~WRL1886.tmp
c:\users\me\Documents\~WRL1890.tmp
c:\users\me\Documents\~WRL1907.tmp
c:\users\me\Documents\~WRL1966.tmp
c:\users\me\Documents\~WRL2054.tmp
c:\users\me\Documents\~WRL2068.tmp
c:\users\me\Documents\~WRL2141.tmp
c:\users\me\Documents\~WRL2179.tmp
c:\users\me\Documents\~WRL2195.tmp
c:\users\me\Documents\~WRL2280.tmp
c:\users\me\Documents\~WRL2320.tmp
c:\users\me\Documents\~WRL2387.tmp
c:\users\me\Documents\~WRL2467.tmp
c:\users\me\Documents\~WRL2506.tmp
c:\users\me\Documents\~WRL2578.tmp
c:\users\me\Documents\~WRL2584.tmp
c:\users\me\Documents\~WRL2609.tmp
c:\users\me\Documents\~WRL2691.tmp
c:\users\me\Documents\~WRL2716.tmp
c:\users\me\Documents\~WRL2717.tmp
c:\users\me\Documents\~WRL2736.tmp
c:\users\me\Documents\~WRL2839.tmp
c:\users\me\Documents\~WRL2886.tmp
c:\users\me\Documents\~WRL2914.tmp
c:\users\me\Documents\~WRL3020.tmp
c:\users\me\Documents\~WRL3038.tmp
c:\users\me\Documents\~WRL3047.tmp
c:\users\me\Documents\~WRL3059.tmp
c:\users\me\Documents\~WRL3135.tmp
c:\users\me\Documents\~WRL3376.tmp
c:\users\me\Documents\~WRL3478.tmp
c:\users\me\Documents\~WRL3513.tmp
c:\users\me\Documents\~WRL3608.tmp
c:\users\me\Documents\~WRL3655.tmp
c:\users\me\Documents\~WRL3681.tmp
c:\users\me\Documents\~WRL3683.tmp
c:\users\me\Documents\~WRL3696.tmp
c:\users\me\Documents\~WRL3708.tmp
c:\users\me\Documents\~WRL3742.tmp
c:\users\me\Documents\~WRL3743.tmp
c:\users\me\Documents\~WRL3751.tmp
c:\users\me\Documents\~WRL3768.tmp
c:\users\me\Documents\~WRL3828.tmp
c:\users\me\Documents\~WRL3888.tmp
c:\users\me\Documents\~WRL3896.tmp
c:\users\me\Documents\~WRL3898.tmp
c:\users\me\Documents\~WRL3904.tmp
c:\users\me\Documents\~WRL4033.tmp
c:\users\me\Documents\~WRL4043.tmp
c:\users\me\Documents\~WRL4070.tmp
c:\users\me\Documents\~WRL4072.tmp
c:\users\me\GoToAssistDownloadHelper.exe
c:\windows\System64
c:\windows\SysWow64\logs
.
.
((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
.
.
2011-12-16 17:56 . 2011-12-16 17:56 -------- d-----we c:\windows\system64
2011-12-16 16:10 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B28F2649-23A6-40A6-B920-0484C26B30FD}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-16 19:14 . 2010-06-07 04:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-20 21:06 . 2011-11-09 13:08 1426304 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\me\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\me\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\me\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0
.
R2 Apache2.2;Remote Access Media Server;c:\program files (x86)\Common Files\Dell\apache\bin\httpd.exe [2007-09-21 15872]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe [x]
R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
R4 dsl-db;Remote Access DB;c:\program files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [2007-09-14 5730304]
R4 dsl-fs-sync;Remote Access File Sync Service;c:\program files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-04-13 189680]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-04-30 517632]
S2 uvnc_service;UltraVNC Server;c:\programdata\UltraVNC\winvnc.exe [2008-08-31 1519168]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-02-11 603896]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2101711819-4090675429-1681858312-1000Core1cb6f8ecc4e16e0.job
- c:\users\me\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-18 15:38]
.
2011-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-03-16 15:53]
.
2011-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-03-16 15:53]
.
2011-12-15 c:\windows\Tasks\User_Feed_Synchronization-{9E77A0EC-391D-4127-AFE4-22473A334C39}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\me\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\me\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\me\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\me\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-09-10 22:50 3380736 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-09-10 22:50 3380736 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\me\AppData\Roaming\Mozilla\Firefox\Profiles\68l51pnp.default\
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\McAfee\MPF\MPFSrv.exe
c:\program files (x86)\McAfee\MSK\MskSrver.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\McAfee\MSC\mcmscsvc.exe
c:\progra~2\mcafee\VIRUSS~1\mcvsmap.exe
.
**************************************************************************
.
Completion time: 2011-12-16 12:05:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-16 18:05
.
Pre-Run: 174,803,320,832 bytes free
Post-Run: 176,818,151,424 bytes free
.
- - End Of File - - CA1F44FD386AAA114A4490EDC2AFF423

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:53 AM

Posted 22 January 2012 - 03:53 PM

Hello

Yes lets run it again but run it like this - if it asks to update allow it

also let me know how the computer is doing


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Padshead

Padshead
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 22 January 2012 - 05:06 PM

Hi Gringo,

I ran combofix. I got the same error message over and over again: "Windows cannot find NIRKMD..." and something about how I may have typed it incorrectly and to try again. I clicked ok each time, and Combofix eventually finished.

The computer is running ok, however, this is similar to last time and the virus came back. Also, I can't seem to run chkdsk or turn on the windows firewall.

Here is the combofix log:

ComboFix 12-01-21.02 - me 01/22/2012 15:30:09.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4085.2627 [GMT -6:00]
Running from: c:\users\me\Desktop\ComboFix.exe
Command switches used :: c:\users\me\Desktop\CFScript.txt
AV: McAfee VirusScan *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\SysWow64\logs
.
.
((((((((((((((((((((((((( Files Created from 2011-12-22 to 2012-01-22 )))))))))))))))))))))))))))))))
.
.
2012-01-22 21:44 . 2012-01-22 21:48 -------- d-----w- c:\users\me\AppData\Local\temp
2012-01-22 21:44 . 2012-01-22 21:44 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2012-01-22 21:44 . 2012-01-22 21:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-22 21:44 . 2012-01-22 21:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-18 15:38 . 2012-01-18 15:38 -------- d-----w- c:\users\me\AppData\Roaming\CyberLink
2012-01-11 23:00 . 2011-12-01 15:29 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 23:00 . 2011-12-01 15:21 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:57 . 2011-12-14 13:37 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 11:40 . 2011-12-16 16:10 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B28F2649-23A6-40A6-B920-0484C26B30FD}\mpengine.dll
2011-11-08 14:58 . 2011-12-14 13:37 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-08 14:42 . 2011-12-14 13:37 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 15:20 . 2011-12-14 13:37 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-04 14:54 . 2011-12-14 13:37 1383424 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-25 16:09 . 2011-12-14 13:37 85504 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-16_17.57.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-11 22:58 . 2011-11-18 17:47 66560 c:\windows\SysWOW64\packager.dll
- 2006-11-02 12:13 . 2006-11-02 09:46 23552 c:\windows\SysWOW64\mciseq.dll
+ 2012-01-11 22:58 . 2011-10-14 16:00 23552 c:\windows\SysWOW64\mciseq.dll
- 2011-12-16 17:34 . 2011-12-16 17:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2011-12-16 17:34 . 2012-01-12 04:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2008-01-21 02:23 . 2012-01-22 16:10 53016 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-01-22 21:48 85314 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-18 22:55 . 2012-01-22 21:48 13750 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2101711819-4090675429-1681858312-1000_UserData.bin
+ 2012-01-11 22:58 . 2011-11-18 18:07 76800 c:\windows\system32\packager.dll
- 2006-11-02 09:53 . 2006-11-02 11:17 28672 c:\windows\system32\mciwave.dll
+ 2012-01-11 22:58 . 2011-10-14 17:27 28672 c:\windows\system32\mciwave.dll
- 2006-11-02 09:53 . 2006-11-02 11:17 28160 c:\windows\system32\mciseq.dll
+ 2012-01-11 22:58 . 2011-10-14 17:27 28160 c:\windows\system32\mciseq.dll
- 2006-11-02 09:53 . 2006-11-02 11:17 48128 c:\windows\system32\mcicda.dll
+ 2012-01-11 22:58 . 2011-10-14 17:27 48128 c:\windows\system32\mcicda.dll
+ 2011-12-19 19:25 . 2011-08-31 23:00 25416 c:\windows\system32\drivers\mbam.sys
- 2010-10-18 21:25 . 2011-12-16 17:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-18 21:25 . 2012-01-22 21:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-18 21:25 . 2012-01-22 21:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-18 21:25 . 2011-12-16 17:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-10-18 21:25 . 2011-12-16 17:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-18 21:25 . 2012-01-22 21:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-21 21:43 . 2012-01-22 16:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-21 21:43 . 2011-12-14 13:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-21 21:43 . 2011-12-14 13:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-21 21:43 . 2012-01-22 16:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-11 22:57 . 2011-12-27 02:51 43280 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
+ 2012-01-11 22:57 . 2011-12-27 02:51 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
- 2011-10-13 12:35 . 2011-10-13 12:35 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-10-13 12:35 . 2011-10-13 12:35 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-13 12:34 . 2011-10-13 12:34 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-13 12:34 . 2011-10-13 12:34 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-12-28 07:00 . 2011-12-28 07:00 74646 c:\windows\Downloaded Program Files\tscan1.dat
+ 2011-12-28 07:00 . 2011-12-28 07:00 98112 c:\windows\Downloaded Program Files\scrauth.dat
+ 2010-02-10 13:22 . 2010-02-10 13:22 42112 c:\windows\Downloaded Program Files\ecmldr32.dll
+ 2012-01-12 23:05 . 2012-01-12 23:05 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\32988c989fec0b0a6ea7420b687847f0\System.Web.DynamicData.Design.ni.dll
+ 2012-01-13 00:46 . 2012-01-13 00:46 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\45904e3cf3a3043ade103996f8a89a5b\System.Web.DynamicData.Design.ni.dll
- 2011-12-16 17:56 . 2011-12-16 17:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-22 21:45 . 2012-01-22 21:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-22 21:45 . 2012-01-22 21:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-16 17:56 . 2011-12-16 17:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-28 07:00 . 2011-12-28 07:00 3934 c:\windows\Downloaded Program Files\tscan1hd.dat
+ 2011-12-28 07:00 . 2011-12-28 07:00 1957 c:\windows\Downloaded Program Files\tinfl.dat
+ 2011-12-28 07:00 . 2011-12-28 07:00 2584 c:\windows\Downloaded Program Files\catalog.dat
- 2010-10-19 02:32 . 2009-04-11 06:28 189952 c:\windows\SysWOW64\winmm.dll
+ 2012-01-11 22:58 . 2011-10-14 16:03 189952 c:\windows\SysWOW64\winmm.dll
+ 2012-01-11 22:58 . 2011-10-25 15:58 497152 c:\windows\SysWOW64\qdvd.dll
- 2010-10-19 02:31 . 2009-04-11 06:28 497152 c:\windows\SysWOW64\qdvd.dll
+ 2008-01-21 03:20 . 2012-01-22 21:46 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-10 17:02 . 2011-06-17 16:16 451072 c:\windows\system32\winsrv.dll
+ 2012-01-11 22:58 . 2011-11-25 16:25 451072 c:\windows\system32\winsrv.dll
- 2010-10-19 02:32 . 2009-04-11 07:11 211968 c:\windows\system32\winmm.dll
+ 2012-01-11 22:58 . 2011-10-14 17:31 211968 c:\windows\system32\winmm.dll
+ 2010-10-19 12:53 . 2012-01-22 21:19 415796 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2010-10-19 02:31 . 2009-04-11 07:11 352256 c:\windows\system32\qdvd.dll
+ 2012-01-11 22:58 . 2011-10-25 16:13 352256 c:\windows\system32\qdvd.dll
+ 2006-11-02 12:46 . 2012-01-22 16:29 604734 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-01-22 16:29 104402 c:\windows\system32\perfc009.dat
- 2011-02-21 05:05 . 2011-12-16 17:17 231100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-21 05:05 . 2012-01-22 21:44 231100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-26 11:47 . 2011-12-26 11:47 261912 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe
+ 2012-01-11 22:57 . 2011-12-27 02:51 744720 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll
+ 2011-12-26 10:39 . 2011-12-26 10:39 192792 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2012-01-11 22:57 . 2011-12-27 02:51 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2011-10-13 12:34 . 2011-10-13 12:34 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-10-13 12:34 . 2011-10-13 12:34 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-01-11 22:58 . 2011-11-01 16:35 196096 c:\windows\ehome\mstvcapn.dll
+ 2011-12-28 07:00 . 2011-12-28 07:00 399109 c:\windows\Downloaded Program Files\virscan6.dat
+ 2011-12-28 07:00 . 2011-12-28 07:00 320439 c:\windows\Downloaded Program Files\virscan4.dat
+ 2011-12-28 07:00 . 2011-12-28 07:00 158060 c:\windows\Downloaded Program Files\virscan3.dat
+ 2011-12-28 07:00 . 2011-12-28 07:00 574398 c:\windows\Downloaded Program Files\virscan2.dat
+ 2011-12-28 07:00 . 2011-12-28 07:00 674896 c:\windows\Downloaded Program Files\tcscan9.dat
+ 2011-12-28 07:00 . 2011-12-28 07:00 178840 c:\windows\Downloaded Program Files\tcscan8.dat
+ 2010-02-10 13:24 . 2010-02-10 13:24 284048 c:\windows\Downloaded Program Files\rufsi.dll
+ 2011-12-28 07:00 . 2011-12-28 07:00 177520 c:\windows\Downloaded Program Files\naveng32.dll
+ 2010-02-10 13:22 . 2010-02-10 13:22 201896 c:\windows\Downloaded Program Files\navapi32.dll
+ 2011-12-28 07:00 . 2011-12-28 07:00 279992 c:\windows\Downloaded Program Files\ecmsvr32.dll
+ 2010-02-10 13:24 . 2010-02-10 13:24 264080 c:\windows\Downloaded Program Files\avsniffdlgs.dll
+ 2010-02-10 13:24 . 2010-02-10 13:24 337808 c:\windows\Downloaded Program Files\avsniff.dll
+ 2012-01-12 23:05 . 2012-01-12 23:05 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\305bff6f5396544a7bfc56e84bfa1e87\System.Web.Routing.ni.dll
+ 2012-01-12 23:05 . 2012-01-12 23:05 449536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\0e0a0efe9ab9642700a8f57a4edbe976\System.Web.Entity.ni.dll
+ 2012-01-12 23:05 . 2012-01-12 23:05 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\d5d13f24e51a4fa41be09b8d2241f600\System.Web.Entity.Design.ni.dll
+ 2012-01-12 23:05 . 2012-01-12 23:05 754176 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\86f7d8a68c51823d89921f55ff7e2603\System.Web.DynamicData.ni.dll
+ 2012-01-12 23:05 . 2012-01-12 23:05 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\40994da02056e19475c5958f64195807\System.Web.Abstractions.ni.dll
+ 2012-01-12 23:04 . 2012-01-12 23:04 438784 c:\windows\assembly\NativeImages_v2.0.50727_64\ServiceModelReg\6ba06b090714e51e8a92499ade057045\ServiceModelReg.ni.exe
+ 2012-01-13 00:45 . 2012-01-13 00:45 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\c34137f10f77821c81ee264b92391ab1\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-01-13 00:45 . 2012-01-13 00:45 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b972c26396424874ae179bc9e931ff9a\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-01-13 00:45 . 2012-01-13 00:45 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6e3ccc6c644bb7b393b92756edd48a4e\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-01-13 00:45 . 2012-01-13 00:45 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2cff18ec553c04ef62a3366b07f93abb\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-01-13 00:46 . 2012-01-13 00:46 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\1d3da9468a4b3eaf6e2ea9def503d888\System.Web.Routing.ni.dll
+ 2012-01-13 00:46 . 2012-01-13 00:46 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\dba78af9f778d38117fe4ccf5f4c76f7\System.Web.Extensions.Design.ni.dll
+ 2012-01-13 00:46 . 2012-01-13 00:46 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\fcd6fda81cab3ace8b9d77887a01e892\System.Web.Entity.ni.dll
+ 2012-01-13 00:46 . 2012-01-13 00:46 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\337de84cce8fc2bcbbf7900132abbc2f\System.Web.Entity.Design.ni.dll
+ 2012-01-13 00:46 . 2012-01-13 00:46 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d8313ac5d702f0ffc0e77ea9d945cfd2\System.Web.DynamicData.ni.dll
+ 2012-01-13 00:46 . 2012-01-13 00:46 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\0de7bfc89e883f66f872c1158e06d5cb\System.Web.Abstractions.ni.dll
+ 2012-01-13 00:45 . 2012-01-13 00:45 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
+ 2012-01-13 00:46 . 2012-01-13 00:46 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\c60afe58108cefe6b558996f0d9a1c11\System.Data.Entity.Design.ni.dll
+ 2012-01-13 00:46 . 2012-01-13 00:46 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\050c7465e7222cdab000294af3131403\ServiceModelReg.ni.exe
+ 2012-01-11 22:58 . 2011-10-25 15:58 1314816 c:\windows\SysWOW64\quartz.dll
- 2010-10-18 23:18 . 2009-12-04 18:29 1314816 c:\windows\SysWOW64\quartz.dll
+ 2012-01-11 22:58 . 2011-11-18 20:55 1167984 c:\windows\SysWOW64\ntdll.dll
+ 2008-01-21 03:20 . 2012-01-22 21:46 3440640 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-01-22 21:46 4063232 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-11 22:58 . 2011-10-25 16:13 1570816 c:\windows\system32\quartz.dll
- 2010-10-18 23:18 . 2009-12-04 18:51 1570816 c:\windows\system32\quartz.dll
+ 2012-01-11 22:58 . 2011-11-18 20:55 1585152 c:\windows\system32\ntdll.dll
+ 2012-01-11 22:57 . 2011-12-27 02:51 5259264 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll
+ 2012-01-11 22:57 . 2011-12-27 02:51 5251072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 3510600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-12 22:45 . 2012-01-12 22:45 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-13 12:34 . 2011-10-13 12:34 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2011-10-13 12:34 . 2011-10-13 12:34 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-12 22:44 . 2012-01-12 22:44 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2011-10-13 12:35 . 2011-10-13 12:35 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-12-25 11:48 . 2011-12-25 11:48 1505792 c:\windows\Installer\58dfb.msp
+ 2011-12-26 12:24 . 2011-12-26 12:24 8835072 c:\windows\Installer\58df3.msp
+ 2011-12-28 07:00 . 2011-12-28 07:00 6513665 c:\windows\Downloaded Program Files\virscan9.dat
+ 2011-12-28 07:00 . 2011-12-28 07:00 1015339 c:\windows\Downloaded Program Files\virscan8.dat
+ 2011-12-28 07:00 . 2011-12-28 07:00 1064523 c:\windows\Downloaded Program Files\virscan1.dat
+ 2011-12-28 07:00 . 2011-12-28 07:00 1934704 c:\windows\Downloaded Program Files\navex32a.dll
+ 2012-01-12 23:05 . 2012-01-12 23:05 1754112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\4223600dc6133441b1898abaf12031ca\System.WorkflowServices.ni.dll
+ 2012-01-12 22:46 . 2012-01-12 22:46 2702848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\afbeeaf9c41f39886704cbf181b1feb2\System.Workflow.Runtime.ni.dll
+ 2012-01-12 22:42 . 2012-01-12 22:42 5956608 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\ac5a3688b743358aa5b24b9efd971d9d\System.Workflow.ComponentModel.ni.dll
+ 2012-01-12 22:41 . 2012-01-12 22:41 3893248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\007c8c2f4141fd472da7d3558efba598\System.Workflow.Activities.ni.dll
+ 2012-01-12 23:02 . 2012-01-12 23:02 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\f3222dbcdeebd53ee1c3f88c9ebf6c94\System.Web.Services.ni.dll
+ 2012-01-12 23:05 . 2012-01-12 23:05 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\525e8846136415d472c2e7ba482ccd54\System.Web.Mobile.ni.dll
+ 2012-01-12 23:05 . 2012-01-12 23:05 1154560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\cedfd9b90274b017d11ed50abe8634e8\System.Web.Extensions.Design.ni.dll
+ 2012-01-12 23:05 . 2012-01-12 23:05 3046912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\c0d2bc2e2357ed023b85d18b96e21d60\System.Web.Extensions.ni.dll
+ 2012-01-12 23:05 . 2012-01-12 23:05 2239488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\cb5200c2d67ebf37333bdd57a06e7a11\System.ServiceModel.Web.ni.dll
+ 2012-01-12 23:03 . 2012-01-12 23:03 1022464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\a0a442c47ac0b846bb886aa405a10138\System.Runtime.Remoting.ni.dll
+ 2012-01-12 23:03 . 2012-01-12 23:03 1428992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\74f5ddf803f50c428293fe6115d6eea7\System.IdentityModel.ni.dll
+ 2012-01-12 23:05 . 2012-01-12 23:05 1845248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\3a35cfdccde13bc82cad2d185cbf499b\System.Data.Services.ni.dll
+ 2012-01-12 23:05 . 2012-01-12 23:05 1078272 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\31ea0ae493a84f5f9fdb53ac2ea0ef5e\System.Data.Entity.Design.ni.dll
+ 2012-01-12 23:04 . 2012-01-12 23:04 7836672 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\6029a4ca1be3d971d470eb2c1ff627e0\MIGUIControls.ni.dll
+ 2012-01-12 23:03 . 2012-01-12 23:03 2173952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\7fe40682a4f2f30ddb25da3a8796d282\Microsoft.VisualBasic.ni.dll
+ 2012-01-12 23:04 . 2012-01-12 23:04 2101248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\23408f67b7fddc32d03fa6d8deeafcd7\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-12 23:04 . 2012-01-12 23:04 7721472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\3894a5164ae656639bed7f6270f97182\Microsoft.MediaCenter.UI.ni.dll
+ 2012-01-13 00:45 . 2012-01-13 00:45 2002944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c0314bf188819ae03ab7ecfbecc50edf\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-01-13 00:45 . 2012-01-13 00:45 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b83dcc2a0b3c449dabfd44f7eaaa60d3\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-01-13 00:46 . 2012-01-13 00:46 1316864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\32a67054a82cf24c011e116e94d11864\System.WorkflowServices.ni.dll
+ 2012-01-12 22:46 . 2012-01-12 22:46 1911296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\8bfc3619e3848592a4924cba58a00459\System.Workflow.Runtime.ni.dll
+ 2012-01-12 22:46 . 2012-01-12 22:46 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\3721ccdfdca60443a32ca9f8a937f315\System.Workflow.ComponentModel.ni.dll
+ 2012-01-12 22:46 . 2012-01-12 22:46 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\79e0fe6c014999d64e7cf9717624013f\System.Workflow.Activities.ni.dll
+ 2012-01-13 00:45 . 2012-01-13 00:45 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2cf510e07b605923c496b1ae3c31335f\System.Web.Services.ni.dll
+ 2012-01-13 00:46 . 2012-01-13 00:46 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\800af0d5c4bcd9b600a229050b22d6bd\System.Web.Mobile.ni.dll
+ 2012-01-13 00:46 . 2012-01-13 00:46 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c759aa20f1f012c1dc5dd7076d0816f7\System.Web.Extensions.ni.dll
+ 2012-01-13 00:46 . 2012-01-13 00:46 1651200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\3c93a9b25482a56053eb509a58860dbf\System.ServiceModel.Web.ni.dll
+ 2012-01-13 00:46 . 2012-01-13 00:46 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\6a1e2938633d08d9d97c6940a537b1ff\System.IdentityModel.ni.dll
+ 2012-01-13 00:46 . 2012-01-13 00:46 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\d75b561b3c22f68af985785352660022\System.Data.Services.ni.dll
+ 2012-01-13 00:46 . 2012-01-13 00:46 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\6e0b0d4d67c760e1e2f6cfd7cd6a8492\MIGUIControls.ni.dll
+ 2012-01-13 00:46 . 2012-01-13 00:46 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\902ba03598b46f478f3d7561ece592e6\Microsoft.VisualBasic.ni.dll
+ 2012-01-13 00:46 . 2012-01-13 00:46 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3732b9e409000beda05e878d02da1813\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-13 00:46 . 2012-01-13 00:46 5486080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\bb28192d6fcdca44077406c2bf1ad37c\Microsoft.MediaCenter.UI.ni.dll
- 2010-10-18 21:35 . 2010-10-18 21:35 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-12 22:48 . 2012-01-12 22:48 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-11 22:57 . 2011-12-27 02:51 5259264 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-11 22:57 . 2011-12-27 02:51 5251072 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2006-11-02 12:33 . 2011-12-16 09:01 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2006-11-02 12:33 . 2012-01-16 05:26 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2006-11-02 12:35 . 2012-01-12 22:48 54008112 c:\windows\system32\mrt.exe
+ 2011-12-28 07:00 . 2011-12-28 07:00 16217287 c:\windows\Downloaded Program Files\virscan5.dat
+ 2011-12-28 07:00 . 2011-12-28 07:00 23199573 c:\windows\Downloaded Program Files\tcscan7.dat
+ 2011-12-28 07:00 . 2011-12-28 07:00 24499854 c:\windows\Downloaded Program Files\tcdefs.dat
+ 2012-01-12 23:03 . 2012-01-12 23:03 15245824 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\0a2ea7a9a9d9fd9ae47468adbdee2e05\System.Web.ni.dll
+ 2012-01-12 23:03 . 2012-01-12 23:03 23813632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\efc60b11b649ed506c64172b3373f936\System.ServiceModel.ni.dll
+ 2012-01-12 22:41 . 2012-01-12 22:41 13718528 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\c41b930b44ddfaef2faf314f690bb35e\System.Design.ni.dll
+ 2012-01-12 23:04 . 2012-01-12 23:04 15825920 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\b8a06c151452395f513aaa5d730fb5a4\ehshell.ni.dll
+ 2012-01-13 00:45 . 2012-01-13 00:45 11820032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
+ 2012-01-13 00:46 . 2012-01-13 00:46 17404416 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\a2046fbb45b00425d083cc8706b75479\System.ServiceModel.ni.dll
+ 2012-01-12 22:46 . 2012-01-12 22:46 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\30a87086e78b69d17416bfb74aab355f\System.Design.ni.dll
+ 2011-12-28 07:00 . 2011-12-28 07:00 214371952 c:\windows\Downloaded Program Files\virscan7.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\me\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\me\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\me\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\me\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe [x]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2101711819-4090675429-1681858312-1000Core1cb6f8ecc4e16e0.job
- c:\users\me\AppData\Local\Google\Update\GoogleUpdate.exe [2009-03-18 15:38]
.
2011-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-03-16 15:53]
.
2011-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-03-16 15:53]
.
2012-01-22 c:\windows\Tasks\User_Feed_Synchronization-{9E77A0EC-391D-4127-AFE4-22473A334C39}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\me\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\me\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\me\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\me\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-09-10 22:50 3380736 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-09-10 22:50 3380736 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\me\AppData\Roaming\Mozilla\Firefox\Profiles\68l51pnp.default\
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\McAfee\MPF\MPFSrv.exe
c:\program files (x86)\McAfee\MSK\MskSrver.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programdata\UltraVNC\winvnc.exe
c:\programdata\UltraVNC\winvnc.exe
c:\program files (x86)\McAfee\MSC\mcmscsvc.exe
.
**************************************************************************
.
Completion time: 2012-01-22 15:57:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-22 21:57
ComboFix2.txt 2011-12-16 18:05
.
Pre-Run: 171,269,943,296 bytes free
Post-Run: 171,242,373,120 bytes free
.
- - End Of File - - 15714125F10D4EC40EDB363E4F152C40

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:53 AM

Posted 22 January 2012 - 10:02 PM

Hello


Do this for the firewall and let me know

Download both the registry files

http://www.mediafire.com/?317ea53a883288d

http://www.mediafire.com/?z6aw8j7997qa7j9

Launch and import them to registry

Restart your PC

Now,open RUN and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Now,open RUN and type

services.msc and click ok

start base filtering engine service and then windows firewall service
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Padshead

Padshead
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 22 January 2012 - 11:03 PM

Hi Gringo,

That seems to have solved the firewall problem: I can now turn that on. Also, the CPU usage seems to be down to normal levels. However, I still can't turn on windows defender, and chkdsk still won't run.

Thanks for your help!

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:53 AM

Posted 22 January 2012 - 11:35 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Padshead

Padshead
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 22 January 2012 - 11:46 PM

Hi Gringo,

Ok, that ran and found no threats. Here is the log file:

22:41:23.0830 2432 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
22:41:24.0157 2432 ============================================================
22:41:24.0157 2432 Current date / time: 2012/01/22 22:41:24.0157
22:41:24.0157 2432 SystemInfo:
22:41:24.0157 2432
22:41:24.0157 2432 OS Version: 6.0.6002 ServicePack: 2.0
22:41:24.0157 2432 Product type: Workstation
22:41:24.0158 2432 ComputerName: DISSERTATIN
22:41:24.0158 2432 UserName: me
22:41:24.0158 2432 Windows directory: C:\Windows
22:41:24.0158 2432 System windows directory: C:\Windows
22:41:24.0158 2432 Running under WOW64
22:41:24.0158 2432 Processor architecture: Intel x64
22:41:24.0158 2432 Number of processors: 2
22:41:24.0158 2432 Page size: 0x1000
22:41:24.0158 2432 Boot type: Normal boot
22:41:24.0158 2432 ============================================================
22:41:24.0964 2432 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:41:25.0090 2432 Initialize success
22:41:27.0200 3532 ============================================================
22:41:27.0200 3532 Scan started
22:41:27.0200 3532 Mode: Manual;
22:41:27.0200 3532 ============================================================
22:41:27.0783 3532 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
22:41:27.0787 3532 ACPI - ok
22:41:27.0857 3532 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
22:41:27.0901 3532 adp94xx - ok
22:41:27.0947 3532 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
22:41:27.0988 3532 adpahci - ok
22:41:28.0001 3532 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
22:41:28.0036 3532 adpu160m - ok
22:41:28.0091 3532 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
22:41:28.0126 3532 adpu320 - ok
22:41:28.0213 3532 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
22:41:28.0251 3532 AFD - ok
22:41:28.0303 3532 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
22:41:28.0328 3532 agp440 - ok
22:41:28.0368 3532 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
22:41:28.0392 3532 aic78xx - ok
22:41:28.0436 3532 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
22:41:28.0454 3532 aliide - ok
22:41:28.0464 3532 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
22:41:28.0482 3532 amdide - ok
22:41:28.0491 3532 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
22:41:28.0508 3532 AmdK8 - ok
22:41:28.0552 3532 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
22:41:28.0572 3532 arc - ok
22:41:28.0617 3532 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
22:41:28.0635 3532 arcsas - ok
22:41:28.0662 3532 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
22:41:28.0677 3532 AsyncMac - ok
22:41:28.0726 3532 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
22:41:28.0742 3532 atapi - ok
22:41:28.0785 3532 b57nd60a (635868361f9878ea65ab417628f834ef) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:41:28.0805 3532 b57nd60a - ok
22:41:28.0871 3532 BCM42RLY (a7c9995ba861fce78b2ceaae61d39fd7) C:\Windows\system32\drivers\BCM42RLY.sys
22:41:28.0893 3532 BCM42RLY - ok
22:41:28.0946 3532 BCM43XX (d32f962b71fee6bdaaee630bb2c17280) C:\Windows\system32\DRIVERS\bcmwl664.sys
22:41:28.0958 3532 BCM43XX - ok
22:41:28.0969 3532 Beep - ok
22:41:29.0045 3532 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
22:41:29.0066 3532 blbdrive - ok
22:41:29.0121 3532 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
22:41:29.0149 3532 bowser - ok
22:41:29.0178 3532 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
22:41:29.0204 3532 BrFiltLo - ok
22:41:29.0234 3532 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
22:41:29.0260 3532 BrFiltUp - ok
22:41:29.0297 3532 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
22:41:29.0324 3532 Brserid - ok
22:41:29.0359 3532 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
22:41:29.0386 3532 BrSerWdm - ok
22:41:29.0416 3532 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
22:41:29.0441 3532 BrUsbMdm - ok
22:41:29.0451 3532 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
22:41:29.0478 3532 BrUsbSer - ok
22:41:29.0512 3532 BthEnum (09f926a0d9c0bafd8417a4307d2ed13c) C:\Windows\system32\DRIVERS\BthEnum.sys
22:41:29.0538 3532 BthEnum - ok
22:41:29.0572 3532 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
22:41:29.0599 3532 BTHMODEM - ok
22:41:29.0646 3532 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
22:41:29.0648 3532 BthPan - ok
22:41:29.0713 3532 BTHPORT (e1466882252ff51edde48c3f7eda2591) C:\Windows\system32\Drivers\BTHport.sys
22:41:29.0743 3532 BTHPORT - ok
22:41:29.0793 3532 BTHUSB (970192cded77a128e7e30722e5ee6b9c) C:\Windows\system32\Drivers\BTHUSB.sys
22:41:29.0821 3532 BTHUSB - ok
22:41:29.0825 3532 catchme - ok
22:41:29.0846 3532 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
22:41:29.0874 3532 cdfs - ok
22:41:29.0904 3532 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
22:41:29.0926 3532 cdrom - ok
22:41:29.0953 3532 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
22:41:29.0975 3532 circlass - ok
22:41:30.0011 3532 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
22:41:30.0042 3532 CLFS - ok
22:41:30.0096 3532 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
22:41:30.0117 3532 CmBatt - ok
22:41:30.0149 3532 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
22:41:30.0171 3532 cmdide - ok
22:41:30.0198 3532 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
22:41:30.0222 3532 Compbatt - ok
22:41:30.0246 3532 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
22:41:30.0269 3532 crcdisk - ok
22:41:30.0312 3532 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
22:41:30.0328 3532 DfsC - ok
22:41:30.0348 3532 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
22:41:30.0366 3532 disk - ok
22:41:30.0424 3532 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
22:41:30.0439 3532 drmkaud - ok
22:41:30.0536 3532 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
22:41:30.0542 3532 DXGKrnl - ok
22:41:30.0581 3532 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
22:41:30.0599 3532 E1G60 - ok
22:41:30.0645 3532 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
22:41:30.0670 3532 Ecache - ok
22:41:30.0725 3532 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
22:41:30.0758 3532 elxstor - ok
22:41:30.0791 3532 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
22:41:30.0812 3532 ErrDev - ok
22:41:30.0901 3532 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
22:41:30.0926 3532 exfat - ok
22:41:30.0953 3532 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
22:41:30.0979 3532 fastfat - ok
22:41:31.0012 3532 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
22:41:31.0039 3532 fdc - ok
22:41:31.0079 3532 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
22:41:31.0108 3532 FileInfo - ok
22:41:31.0117 3532 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
22:41:31.0139 3532 Filetrace - ok
22:41:31.0168 3532 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:41:31.0188 3532 flpydisk - ok
22:41:31.0218 3532 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
22:41:31.0238 3532 FltMgr - ok
22:41:31.0264 3532 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
22:41:31.0284 3532 Fs_Rec - ok
22:41:31.0324 3532 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
22:41:31.0348 3532 gagp30kx - ok
22:41:31.0418 3532 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:41:31.0447 3532 GEARAspiWDM - ok
22:41:31.0521 3532 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:41:31.0531 3532 HDAudBus - ok
22:41:31.0559 3532 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
22:41:31.0587 3532 HidBth - ok
22:41:31.0600 3532 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
22:41:31.0621 3532 HidIr - ok
22:41:31.0665 3532 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
22:41:31.0685 3532 HidUsb - ok
22:41:31.0715 3532 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
22:41:31.0733 3532 HpCISSs - ok
22:41:31.0796 3532 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
22:41:31.0836 3532 HTTP - ok
22:41:31.0863 3532 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
22:41:31.0881 3532 i2omp - ok
22:41:31.0929 3532 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
22:41:31.0946 3532 i8042prt - ok
22:41:32.0013 3532 iaStor (fc28e90f2204d8fd147fa9bfa8a51c01) C:\Windows\system32\drivers\iastor.sys
22:41:32.0015 3532 iaStor - ok
22:41:32.0098 3532 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
22:41:32.0128 3532 iaStorV - ok
22:41:32.0409 3532 igfx (50f15f9aee2e7692dfe58917e2d40498) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:41:32.0523 3532 igfx - ok
22:41:32.0629 3532 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
22:41:32.0660 3532 iirsp - ok
22:41:32.0754 3532 IntcHdmiAddService (574dbb0a69845e90c8ba1a2aa8beb527) C:\Windows\system32\drivers\IntcHdmi.sys
22:41:32.0784 3532 IntcHdmiAddService - ok
22:41:32.0827 3532 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\DRIVERS\intelide.sys
22:41:32.0850 3532 intelide - ok
22:41:32.0903 3532 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
22:41:32.0904 3532 intelppm - ok
22:41:32.0938 3532 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:41:32.0955 3532 IpFilterDriver - ok
22:41:33.0045 3532 IpInIp - ok
22:41:33.0094 3532 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
22:41:33.0112 3532 IPMIDRV - ok
22:41:33.0122 3532 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
22:41:33.0141 3532 IPNAT - ok
22:41:33.0230 3532 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
22:41:33.0247 3532 IRENUM - ok
22:41:33.0276 3532 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
22:41:33.0296 3532 isapnp - ok
22:41:33.0366 3532 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
22:41:33.0368 3532 iScsiPrt - ok
22:41:33.0399 3532 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
22:41:33.0418 3532 iteatapi - ok
22:41:33.0456 3532 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
22:41:33.0475 3532 iteraid - ok
22:41:33.0517 3532 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
22:41:33.0536 3532 kbdclass - ok
22:41:33.0572 3532 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
22:41:33.0588 3532 kbdhid - ok
22:41:33.0688 3532 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
22:41:33.0732 3532 KSecDD - ok
22:41:33.0778 3532 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
22:41:33.0793 3532 ksthunk - ok
22:41:33.0862 3532 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
22:41:33.0881 3532 lltdio - ok
22:41:33.0920 3532 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
22:41:33.0945 3532 LSI_FC - ok
22:41:33.0958 3532 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
22:41:33.0984 3532 LSI_SAS - ok
22:41:34.0003 3532 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
22:41:34.0030 3532 LSI_SCSI - ok
22:41:34.0062 3532 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
22:41:34.0084 3532 luafv - ok
22:41:34.0138 3532 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
22:41:34.0161 3532 megasas - ok
22:41:34.0197 3532 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
22:41:34.0230 3532 MegaSR - ok
22:41:34.0273 3532 mfeavfk (af36803f0e9ea98bb684bf1c1dc19d80) C:\Windows\system32\drivers\mfeavfk.sys
22:41:34.0297 3532 mfeavfk - ok
22:41:34.0321 3532 mfehidk (ac529f0bbc91b7c46acebdd7f0e90655) C:\Windows\system32\drivers\mfehidk.sys
22:41:34.0359 3532 mfehidk - ok
22:41:34.0398 3532 mferkdk (748ef3efda7c072cce0373cf64e97722) C:\Windows\system32\drivers\mferkdk.sys
22:41:34.0429 3532 mferkdk - ok
22:41:34.0456 3532 mfesmfk (52fbbe063468653491286cd105b1bad3) C:\Windows\system32\drivers\mfesmfk.sys
22:41:34.0486 3532 mfesmfk - ok
22:41:34.0522 3532 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
22:41:34.0550 3532 Modem - ok
22:41:34.0575 3532 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
22:41:34.0576 3532 monitor - ok
22:41:34.0627 3532 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
22:41:34.0657 3532 mouclass - ok
22:41:34.0675 3532 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
22:41:34.0702 3532 mouhid - ok
22:41:34.0719 3532 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
22:41:34.0752 3532 MountMgr - ok
22:41:34.0789 3532 MPFP (e843a4295a3381347b4cd17c5de4090a) C:\Windows\system32\Drivers\Mpfp.sys
22:41:34.0822 3532 MPFP - ok
22:41:34.0866 3532 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
22:41:34.0903 3532 mpio - ok
22:41:34.0945 3532 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
22:41:34.0974 3532 mpsdrv - ok
22:41:35.0022 3532 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
22:41:35.0052 3532 Mraid35x - ok
22:41:35.0168 3532 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
22:41:35.0223 3532 MREMP50 - ok
22:41:35.0268 3532 MREMP50a64 - ok
22:41:35.0288 3532 MREMPR5 - ok
22:41:35.0295 3532 MRENDIS5 - ok
22:41:35.0319 3532 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
22:41:35.0373 3532 MRESP50 - ok
22:41:35.0381 3532 MRESP50a64 - ok
22:41:35.0420 3532 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
22:41:35.0462 3532 MRxDAV - ok
22:41:35.0496 3532 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:41:35.0537 3532 mrxsmb - ok
22:41:35.0595 3532 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:41:35.0630 3532 mrxsmb10 - ok
22:41:35.0645 3532 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:41:35.0674 3532 mrxsmb20 - ok
22:41:35.0739 3532 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
22:41:35.0768 3532 msahci - ok
22:41:35.0796 3532 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
22:41:35.0822 3532 msdsm - ok
22:41:35.0875 3532 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
22:41:35.0896 3532 Msfs - ok
22:41:35.0919 3532 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
22:41:35.0941 3532 msisadrv - ok
22:41:35.0978 3532 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
22:41:35.0999 3532 MSKSSRV - ok
22:41:36.0032 3532 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
22:41:36.0053 3532 MSPCLOCK - ok
22:41:36.0065 3532 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
22:41:36.0086 3532 MSPQM - ok
22:41:36.0118 3532 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
22:41:36.0137 3532 MsRPC - ok
22:41:36.0156 3532 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
22:41:36.0157 3532 mssmbios - ok
22:41:36.0190 3532 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
22:41:36.0210 3532 MSTEE - ok
22:41:36.0240 3532 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
22:41:36.0263 3532 Mup - ok
22:41:36.0305 3532 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
22:41:36.0329 3532 NativeWifiP - ok
22:41:36.0377 3532 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
22:41:36.0382 3532 NDIS - ok
22:41:36.0401 3532 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
22:41:36.0429 3532 NdisTapi - ok
22:41:36.0446 3532 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
22:41:36.0473 3532 Ndisuio - ok
22:41:36.0505 3532 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
22:41:36.0529 3532 NdisWan - ok
22:41:36.0551 3532 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
22:41:36.0573 3532 NDProxy - ok
22:41:36.0601 3532 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
22:41:36.0622 3532 NetBIOS - ok
22:41:36.0660 3532 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
22:41:36.0686 3532 netbt - ok
22:41:36.0732 3532 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
22:41:36.0755 3532 nfrd960 - ok
22:41:36.0789 3532 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
22:41:36.0812 3532 Npfs - ok
22:41:36.0841 3532 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
22:41:36.0862 3532 nsiproxy - ok
22:41:36.0924 3532 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
22:41:36.0995 3532 Ntfs - ok
22:41:37.0011 3532 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
22:41:37.0037 3532 Null - ok
22:41:37.0079 3532 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
22:41:37.0113 3532 nvraid - ok
22:41:37.0137 3532 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
22:41:37.0169 3532 nvstor - ok
22:41:37.0181 3532 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
22:41:37.0216 3532 nv_agp - ok
22:41:37.0225 3532 NwlnkFlt - ok
22:41:37.0239 3532 NwlnkFwd - ok
22:41:37.0290 3532 OEM02Dev (44a9473d72983dd484b4f1bf0d946571) C:\Windows\system32\DRIVERS\OEM02Dev.sys
22:41:37.0323 3532 OEM02Dev - ok
22:41:37.0335 3532 OEM02Vfx (766f689564bc30e5a91f8621ce65ad68) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
22:41:37.0362 3532 OEM02Vfx - ok
22:41:37.0399 3532 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
22:41:37.0400 3532 ohci1394 - ok
22:41:37.0457 3532 Packet (43e24699a18126f11e3d9bf6db85518b) C:\Windows\system32\DRIVERS\packet.sys
22:41:37.0484 3532 Packet - ok
22:41:37.0529 3532 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
22:41:37.0557 3532 Parport - ok
22:41:37.0605 3532 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
22:41:37.0636 3532 partmgr - ok
22:41:37.0653 3532 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
22:41:37.0688 3532 pci - ok
22:41:37.0704 3532 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
22:41:37.0725 3532 pciide - ok
22:41:37.0781 3532 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
22:41:37.0808 3532 pcmcia - ok
22:41:37.0855 3532 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
22:41:37.0899 3532 PEAUTH - ok
22:41:37.0976 3532 Ph3xIB64 (e9158fa6923e80bd57cf068ce9cddaa2) C:\Windows\system32\DRIVERS\Ph3xIB64.sys
22:41:38.0007 3532 Ph3xIB64 - ok
22:41:38.0072 3532 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
22:41:38.0095 3532 PptpMiniport - ok
22:41:38.0128 3532 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
22:41:38.0149 3532 Processor - ok
22:41:38.0195 3532 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
22:41:38.0217 3532 PSched - ok
22:41:38.0297 3532 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
22:41:38.0350 3532 ql2300 - ok
22:41:38.0364 3532 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
22:41:38.0396 3532 ql40xx - ok
22:41:38.0452 3532 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
22:41:38.0473 3532 QWAVEdrv - ok
22:41:38.0491 3532 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
22:41:38.0511 3532 RasAcd - ok
22:41:38.0531 3532 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:41:38.0554 3532 Rasl2tp - ok
22:41:38.0595 3532 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
22:41:38.0617 3532 RasPppoe - ok
22:41:38.0660 3532 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
22:41:38.0682 3532 RasSstp - ok
22:41:38.0716 3532 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
22:41:38.0752 3532 rdbss - ok
22:41:38.0791 3532 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:41:38.0818 3532 RDPCDD - ok
22:41:38.0875 3532 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
22:41:38.0908 3532 rdpdr - ok
22:41:38.0918 3532 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
22:41:38.0948 3532 RDPENCDD - ok
22:41:39.0007 3532 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
22:41:39.0040 3532 RDPWD - ok
22:41:39.0104 3532 RFCOMM (cd71e053d7260e4102d99a28f9196070) C:\Windows\system32\DRIVERS\rfcomm.sys
22:41:39.0133 3532 RFCOMM - ok
22:41:39.0164 3532 rimmptsk (e31960692cbb3a8bcdf300bc1d889e1f) C:\Windows\system32\DRIVERS\rimmpx64.sys
22:41:39.0191 3532 rimmptsk - ok
22:41:39.0213 3532 rimsptsk (82356915157ab59064a24993ae5be8aa) C:\Windows\system32\DRIVERS\rimspx64.sys
22:41:39.0241 3532 rimsptsk - ok
22:41:39.0252 3532 rismxdp (c01a92a546854a3e34103b642f0f94a1) C:\Windows\system32\DRIVERS\rixdpx64.sys
22:41:39.0280 3532 rismxdp - ok
22:41:39.0311 3532 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
22:41:39.0340 3532 rspndr - ok
22:41:39.0357 3532 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
22:41:39.0389 3532 sbp2port - ok
22:41:39.0430 3532 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
22:41:39.0453 3532 sdbus - ok
22:41:39.0479 3532 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:41:39.0499 3532 secdrv - ok
22:41:39.0536 3532 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
22:41:39.0556 3532 Serenum - ok
22:41:39.0586 3532 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
22:41:39.0608 3532 Serial - ok
22:41:39.0631 3532 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
22:41:39.0652 3532 sermouse - ok
22:41:39.0693 3532 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
22:41:39.0713 3532 sffdisk - ok
22:41:39.0723 3532 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
22:41:39.0744 3532 sffp_mmc - ok
22:41:39.0759 3532 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
22:41:39.0779 3532 sffp_sd - ok
22:41:39.0790 3532 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
22:41:39.0807 3532 sfloppy - ok
22:41:39.0874 3532 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
22:41:39.0892 3532 SiSRaid2 - ok
22:41:39.0903 3532 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
22:41:39.0923 3532 SiSRaid4 - ok
22:41:39.0967 3532 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
22:41:39.0984 3532 Smb - ok
22:41:40.0022 3532 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
22:41:40.0038 3532 spldr - ok
22:41:40.0097 3532 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
22:41:40.0121 3532 srv - ok
22:41:40.0182 3532 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
22:41:40.0203 3532 srv2 - ok
22:41:40.0262 3532 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
22:41:40.0286 3532 srvnet - ok
22:41:40.0366 3532 STHDA (e964db5400cfd56fc99cd2ab1b21213f) C:\Windows\system32\drivers\stwrt64.sys
22:41:40.0391 3532 STHDA - ok
22:41:40.0434 3532 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
22:41:40.0456 3532 swenum - ok
22:41:40.0499 3532 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
22:41:40.0521 3532 Symc8xx - ok
22:41:40.0536 3532 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
22:41:40.0559 3532 Sym_hi - ok
22:41:40.0579 3532 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
22:41:40.0601 3532 Sym_u3 - ok
22:41:40.0653 3532 SynTP (b2a7d0790246e6fcdbdd256c4fcc4975) C:\Windows\system32\DRIVERS\SynTP.sys
22:41:40.0682 3532 SynTP - ok
22:41:40.0775 3532 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
22:41:40.0808 3532 Tcpip - ok
22:41:40.0864 3532 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
22:41:40.0875 3532 Tcpip6 - ok
22:41:40.0927 3532 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
22:41:40.0948 3532 tcpipreg - ok
22:41:40.0991 3532 TcUsb (c050f120451b08fbf79588f66bf51ccd) C:\Windows\system32\Drivers\tcusb.sys
22:41:41.0021 3532 TcUsb - ok
22:41:41.0067 3532 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
22:41:41.0095 3532 TDPIPE - ok
22:41:41.0113 3532 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
22:41:41.0141 3532 TDTCP - ok
22:41:41.0191 3532 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
22:41:41.0219 3532 tdx - ok
22:41:41.0249 3532 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
22:41:41.0268 3532 TermDD - ok
22:41:41.0315 3532 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:41:41.0343 3532 tssecsrv - ok
22:41:41.0366 3532 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
22:41:41.0393 3532 tunmp - ok
22:41:41.0402 3532 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
22:41:41.0424 3532 tunnel - ok
22:41:41.0462 3532 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
22:41:41.0486 3532 uagp35 - ok
22:41:41.0541 3532 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
22:41:41.0568 3532 udfs - ok
22:41:41.0605 3532 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
22:41:41.0630 3532 uliagpkx - ok
22:41:41.0649 3532 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
22:41:41.0680 3532 uliahci - ok
22:41:41.0720 3532 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
22:41:41.0747 3532 UlSata - ok
22:41:41.0785 3532 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
22:41:41.0812 3532 ulsata2 - ok
22:41:41.0845 3532 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
22:41:41.0867 3532 umbus - ok
22:41:41.0902 3532 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
22:41:41.0924 3532 USBAAPL64 - ok
22:41:41.0957 3532 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
22:41:41.0979 3532 usbccgp - ok
22:41:41.0990 3532 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
22:41:42.0015 3532 usbcir - ok
22:41:42.0043 3532 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
22:41:42.0065 3532 usbehci - ok
22:41:42.0090 3532 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
22:41:42.0123 3532 usbhub - ok
22:41:42.0160 3532 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
22:41:42.0187 3532 usbohci - ok
22:41:42.0236 3532 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
22:41:42.0264 3532 usbprint - ok
22:41:42.0299 3532 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:41:42.0327 3532 USBSTOR - ok
22:41:42.0344 3532 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
22:41:42.0371 3532 usbuhci - ok
22:41:42.0423 3532 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
22:41:42.0450 3532 vga - ok
22:41:42.0476 3532 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
22:41:42.0504 3532 VgaSave - ok
22:41:42.0541 3532 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
22:41:42.0569 3532 viaide - ok
22:41:42.0607 3532 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
22:41:42.0638 3532 volmgr - ok
22:41:42.0682 3532 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
22:41:42.0725 3532 volmgrx - ok
22:41:42.0749 3532 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
22:41:42.0790 3532 volsnap - ok
22:41:42.0862 3532 vpnva (e526a69d932538ae8bc96b3f4a5a90b1) C:\Windows\system32\DRIVERS\vpnva64.sys
22:41:42.0894 3532 vpnva - ok
22:41:42.0924 3532 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
22:41:42.0952 3532 vsmraid - ok
22:41:43.0019 3532 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
22:41:43.0036 3532 WacomPen - ok
22:41:43.0071 3532 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:41:43.0089 3532 Wanarp - ok
22:41:43.0096 3532 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:41:43.0097 3532 Wanarpv6 - ok
22:41:43.0113 3532 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
22:41:43.0130 3532 Wd - ok
22:41:43.0167 3532 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
22:41:43.0202 3532 Wdf01000 - ok
22:41:43.0253 3532 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:41:43.0254 3532 WmiAcpi - ok
22:41:43.0302 3532 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
22:41:43.0319 3532 WpdUsb - ok
22:41:43.0355 3532 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
22:41:43.0370 3532 ws2ifsl - ok
22:41:43.0419 3532 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:41:43.0435 3532 WUDFRd - ok
22:41:43.0497 3532 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:41:43.0557 3532 \Device\Harddisk0\DR0 - ok
22:41:43.0570 3532 Boot (0x1200) (f24ec062fc7afa5b1e09f94dc037df1c) \Device\Harddisk0\DR0\Partition0
22:41:43.0572 3532 \Device\Harddisk0\DR0\Partition0 - ok
22:41:43.0576 3532 Boot (0x1200) (44e7babdfd0605a8cf91ad42c54408fb) \Device\Harddisk0\DR0\Partition1
22:41:43.0577 3532 \Device\Harddisk0\DR0\Partition1 - ok
22:41:43.0579 3532 ============================================================
22:41:43.0579 3532 Scan finished
22:41:43.0579 3532 ============================================================
22:41:43.0593 3940 Detected object count: 0
22:41:43.0593 3940 Actual detected object count: 0
22:42:11.0446 3228 ============================================================
22:42:11.0446 3228 Scan started
22:42:11.0446 3228 Mode: Manual;
22:42:11.0446 3228 ============================================================
22:42:11.0709 3228 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
22:42:11.0712 3228 ACPI - ok
22:42:11.0772 3228 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
22:42:11.0775 3228 adp94xx - ok
22:42:11.0795 3228 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
22:42:11.0798 3228 adpahci - ok
22:42:11.0813 3228 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
22:42:11.0815 3228 adpu160m - ok
22:42:11.0828 3228 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
22:42:11.0830 3228 adpu320 - ok
22:42:11.0905 3228 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
22:42:11.0908 3228 AFD - ok
22:42:11.0941 3228 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
22:42:11.0942 3228 agp440 - ok
22:42:11.0961 3228 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
22:42:11.0962 3228 aic78xx - ok
22:42:11.0996 3228 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
22:42:11.0996 3228 aliide - ok
22:42:12.0009 3228 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
22:42:12.0010 3228 amdide - ok
22:42:12.0021 3228 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
22:42:12.0025 3228 AmdK8 - ok
22:42:12.0052 3228 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
22:42:12.0053 3228 arc - ok
22:42:12.0088 3228 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
22:42:12.0089 3228 arcsas - ok
22:42:12.0110 3228 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
22:42:12.0111 3228 AsyncMac - ok
22:42:12.0152 3228 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
22:42:12.0153 3228 atapi - ok
22:42:12.0200 3228 b57nd60a (635868361f9878ea65ab417628f834ef) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:42:12.0202 3228 b57nd60a - ok
22:42:12.0231 3228 BCM42RLY (a7c9995ba861fce78b2ceaae61d39fd7) C:\Windows\system32\drivers\BCM42RLY.sys
22:42:12.0232 3228 BCM42RLY - ok
22:42:12.0283 3228 BCM43XX (d32f962b71fee6bdaaee630bb2c17280) C:\Windows\system32\DRIVERS\bcmwl664.sys
22:42:12.0294 3228 BCM43XX - ok
22:42:12.0303 3228 Beep - ok
22:42:12.0338 3228 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
22:42:12.0339 3228 blbdrive - ok
22:42:12.0391 3228 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
22:42:12.0392 3228 bowser - ok
22:42:12.0415 3228 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
22:42:12.0416 3228 BrFiltLo - ok
22:42:12.0438 3228 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
22:42:12.0442 3228 BrFiltUp - ok
22:42:12.0512 3228 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
22:42:12.0513 3228 Brserid - ok
22:42:12.0541 3228 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
22:42:12.0542 3228 BrSerWdm - ok
22:42:12.0564 3228 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
22:42:12.0565 3228 BrUsbMdm - ok
22:42:12.0581 3228 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
22:42:12.0582 3228 BrUsbSer - ok
22:42:12.0626 3228 BthEnum (09f926a0d9c0bafd8417a4307d2ed13c) C:\Windows\system32\DRIVERS\BthEnum.sys
22:42:12.0627 3228 BthEnum - ok
22:42:12.0665 3228 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
22:42:12.0666 3228 BTHMODEM - ok
22:42:12.0717 3228 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
22:42:12.0718 3228 BthPan - ok
22:42:12.0784 3228 BTHPORT (e1466882252ff51edde48c3f7eda2591) C:\Windows\system32\Drivers\BTHport.sys
22:42:12.0790 3228 BTHPORT - ok
22:42:12.0841 3228 BTHUSB (970192cded77a128e7e30722e5ee6b9c) C:\Windows\system32\Drivers\BTHUSB.sys
22:42:12.0842 3228 BTHUSB - ok
22:42:12.0847 3228 catchme - ok
22:42:12.0872 3228 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
22:42:12.0874 3228 cdfs - ok
22:42:12.0908 3228 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
22:42:12.0910 3228 cdrom - ok
22:42:12.0957 3228 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
22:42:12.0958 3228 circlass - ok
22:42:13.0016 3228 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
22:42:13.0019 3228 CLFS - ok
22:42:13.0078 3228 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
22:42:13.0078 3228 CmBatt - ok
22:42:13.0108 3228 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
22:42:13.0109 3228 cmdide - ok
22:42:13.0135 3228 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
22:42:13.0136 3228 Compbatt - ok
22:42:13.0150 3228 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
22:42:13.0151 3228 crcdisk - ok
22:42:13.0196 3228 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
22:42:13.0198 3228 DfsC - ok
22:42:13.0230 3228 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
22:42:13.0231 3228 disk - ok
22:42:13.0295 3228 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
22:42:13.0295 3228 drmkaud - ok
22:42:13.0365 3228 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
22:42:13.0374 3228 DXGKrnl - ok
22:42:13.0419 3228 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
22:42:13.0421 3228 E1G60 - ok
22:42:13.0471 3228 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
22:42:13.0473 3228 Ecache - ok
22:42:13.0541 3228 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
22:42:13.0545 3228 elxstor - ok
22:42:13.0583 3228 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
22:42:13.0584 3228 ErrDev - ok
22:42:13.0672 3228 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
22:42:13.0674 3228 exfat - ok
22:42:13.0715 3228 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
22:42:13.0717 3228 fastfat - ok
22:42:13.0760 3228 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
22:42:13.0761 3228 fdc - ok
22:42:13.0794 3228 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
22:42:13.0795 3228 FileInfo - ok
22:42:13.0808 3228 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
22:42:13.0809 3228 Filetrace - ok
22:42:13.0849 3228 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:42:13.0850 3228 flpydisk - ok
22:42:13.0888 3228 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
22:42:13.0890 3228 FltMgr - ok
22:42:13.0912 3228 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
22:42:13.0912 3228 Fs_Rec - ok
22:42:13.0949 3228 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
22:42:13.0950 3228 gagp30kx - ok
22:42:14.0011 3228 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:42:14.0012 3228 GEARAspiWDM - ok
22:42:14.0080 3228 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:42:14.0090 3228 HDAudBus - ok
22:42:14.0118 3228 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
22:42:14.0119 3228 HidBth - ok
22:42:14.0137 3228 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
22:42:14.0138 3228 HidIr - ok
22:42:14.0191 3228 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
22:42:14.0192 3228 HidUsb - ok
22:42:14.0230 3228 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
22:42:14.0231 3228 HpCISSs - ok
22:42:14.0291 3228 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
22:42:14.0297 3228 HTTP - ok
22:42:14.0322 3228 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
22:42:14.0323 3228 i2omp - ok
22:42:14.0355 3228 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
22:42:14.0357 3228 i8042prt - ok
22:42:14.0406 3228 iaStor (fc28e90f2204d8fd147fa9bfa8a51c01) C:\Windows\system32\drivers\iastor.sys
22:42:14.0410 3228 iaStor - ok
22:42:14.0457 3228 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
22:42:14.0460 3228 iaStorV - ok
22:42:14.0712 3228 igfx (50f15f9aee2e7692dfe58917e2d40498) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:42:14.0787 3228 igfx - ok
22:42:14.0821 3228 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
22:42:14.0822 3228 iirsp - ok
22:42:14.0868 3228 IntcHdmiAddService (574dbb0a69845e90c8ba1a2aa8beb527) C:\Windows\system32\drivers\IntcHdmi.sys
22:42:14.0869 3228 IntcHdmiAddService - ok
22:42:14.0896 3228 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\DRIVERS\intelide.sys
22:42:14.0897 3228 intelide - ok
22:42:14.0929 3228 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
22:42:14.0930 3228 intelppm - ok
22:42:14.0975 3228 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:42:14.0976 3228 IpFilterDriver - ok
22:42:14.0985 3228 IpInIp - ok
22:42:15.0030 3228 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
22:42:15.0031 3228 IPMIDRV - ok
22:42:15.0042 3228 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
22:42:15.0044 3228 IPNAT - ok
22:42:15.0100 3228 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
22:42:15.0101 3228 IRENUM - ok
22:42:15.0123 3228 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
22:42:15.0124 3228 isapnp - ok
22:42:15.0158 3228 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
22:42:15.0160 3228 iScsiPrt - ok
22:42:15.0191 3228 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
22:42:15.0192 3228 iteatapi - ok
22:42:15.0214 3228 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
22:42:15.0216 3228 iteraid - ok
22:42:15.0242 3228 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
22:42:15.0243 3228 kbdclass - ok
22:42:15.0275 3228 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
22:42:15.0276 3228 kbdhid - ok
22:42:15.0315 3228 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
22:42:15.0321 3228 KSecDD - ok
22:42:15.0331 3228 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
22:42:15.0332 3228 ksthunk - ok
22:42:15.0376 3228 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
22:42:15.0378 3228 lltdio - ok
22:42:15.0423 3228 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
22:42:15.0424 3228 LSI_FC - ok
22:42:15.0436 3228 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
22:42:15.0437 3228 LSI_SAS - ok
22:42:15.0473 3228 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
22:42:15.0474 3228 LSI_SCSI - ok
22:42:15.0509 3228 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
22:42:15.0511 3228 luafv - ok
22:42:15.0574 3228 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
22:42:15.0575 3228 megasas - ok
22:42:15.0623 3228 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
22:42:15.0628 3228 MegaSR - ok
22:42:15.0674 3228 mfeavfk (af36803f0e9ea98bb684bf1c1dc19d80) C:\Windows\system32\drivers\mfeavfk.sys
22:42:15.0676 3228 mfeavfk - ok
22:42:15.0702 3228 mfehidk (ac529f0bbc91b7c46acebdd7f0e90655) C:\Windows\system32\drivers\mfehidk.sys
22:42:15.0708 3228 mfehidk - ok
22:42:15.0757 3228 mferkdk (748ef3efda7c072cce0373cf64e97722) C:\Windows\system32\drivers\mferkdk.sys
22:42:15.0758 3228 mferkdk - ok
22:42:15.0792 3228 mfesmfk (52fbbe063468653491286cd105b1bad3) C:\Windows\system32\drivers\mfesmfk.sys
22:42:15.0793 3228 mfesmfk - ok
22:42:15.0835 3228 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
22:42:15.0837 3228 Modem - ok
22:42:15.0866 3228 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
22:42:15.0867 3228 monitor - ok
22:42:15.0885 3228 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
22:42:15.0886 3228 mouclass - ok
22:42:15.0911 3228 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
22:42:15.0912 3228 mouhid - ok
22:42:15.0932 3228 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
22:42:15.0934 3228 MountMgr - ok
22:42:15.0969 3228 MPFP (e843a4295a3381347b4cd17c5de4090a) C:\Windows\system32\Drivers\Mpfp.sys
22:42:15.0972 3228 MPFP - ok
22:42:16.0013 3228 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
22:42:16.0015 3228 mpio - ok
22:42:16.0048 3228 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
22:42:16.0049 3228 mpsdrv - ok
22:42:16.0080 3228 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
22:42:16.0081 3228 Mraid35x - ok
22:42:16.0204 3228 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
22:42:16.0205 3228 MREMP50 - ok
22:42:16.0248 3228 MREMP50a64 - ok
22:42:16.0256 3228 MREMPR5 - ok
22:42:16.0263 3228 MRENDIS5 - ok
22:42:16.0288 3228 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
22:42:16.0289 3228 MRESP50 - ok
22:42:16.0297 3228 MRESP50a64 - ok
22:42:16.0333 3228 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
22:42:16.0335 3228 MRxDAV - ok
22:42:16.0376 3228 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:42:16.0378 3228 mrxsmb - ok
22:42:16.0431 3228 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:42:16.0434 3228 mrxsmb10 - ok
22:42:16.0447 3228 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:42:16.0449 3228 mrxsmb20 - ok
22:42:16.0508 3228 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
22:42:16.0509 3228 msahci - ok
22:42:16.0543 3228 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
22:42:16.0545 3228 msdsm - ok
22:42:16.0589 3228 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
22:42:16.0590 3228 Msfs - ok
22:42:16.0610 3228 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
22:42:16.0611 3228 msisadrv - ok
22:42:16.0659 3228 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
22:42:16.0659 3228 MSKSSRV - ok
22:42:16.0690 3228 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
22:42:16.0691 3228 MSPCLOCK - ok
22:42:16.0712 3228 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
22:42:16.0713 3228 MSPQM - ok
22:42:16.0743 3228 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
22:42:16.0747 3228 MsRPC - ok
22:42:16.0770 3228 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
22:42:16.0771 3228 mssmbios - ok
22:42:16.0804 3228 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
22:42:16.0805 3228 MSTEE - ok
22:42:16.0842 3228 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
22:42:16.0843 3228 Mup - ok
22:42:16.0885 3228 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
22:42:16.0887 3228 NativeWifiP - ok
22:42:16.0936 3228 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
22:42:16.0944 3228 NDIS - ok
22:42:16.0959 3228 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
22:42:16.0960 3228 NdisTapi - ok
22:42:16.0981 3228 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
22:42:16.0982 3228 Ndisuio - ok
22:42:17.0018 3228 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
22:42:17.0021 3228 NdisWan - ok
22:42:17.0033 3228 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
22:42:17.0034 3228 NDProxy - ok
22:42:17.0058 3228 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
22:42:17.0060 3228 NetBIOS - ok
22:42:17.0096 3228 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
22:42:17.0099 3228 netbt - ok
22:42:17.0146 3228 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
22:42:17.0147 3228 nfrd960 - ok
22:42:17.0181 3228 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
22:42:17.0182 3228 Npfs - ok
22:42:17.0210 3228 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
22:42:17.0211 3228 nsiproxy - ok
22:42:17.0281 3228 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
22:42:17.0297 3228 Ntfs - ok
22:42:17.0313 3228 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
22:42:17.0314 3228 Null - ok
22:42:17.0359 3228 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
22:42:17.0361 3228 nvraid - ok
22:42:17.0384 3228 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
22:42:17.0385 3228 nvstor - ok
22:42:17.0400 3228 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
22:42:17.0402 3228 nv_agp - ok
22:42:17.0411 3228 NwlnkFlt - ok
22:42:17.0426 3228 NwlnkFwd - ok
22:42:17.0481 3228 OEM02Dev (44a9473d72983dd484b4f1bf0d946571) C:\Windows\system32\DRIVERS\OEM02Dev.sys
22:42:17.0484 3228 OEM02Dev - ok
22:42:17.0496 3228 OEM02Vfx (766f689564bc30e5a91f8621ce65ad68) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
22:42:17.0497 3228 OEM02Vfx - ok
22:42:17.0534 3228 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
22:42:17.0535 3228 ohci1394 - ok
22:42:17.0593 3228 Packet (43e24699a18126f11e3d9bf6db85518b) C:\Windows\system32\DRIVERS\packet.sys
22:42:17.0594 3228 Packet - ok
22:42:17.0631 3228 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
22:42:17.0632 3228 Parport - ok
22:42:17.0673 3228 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
22:42:17.0675 3228 partmgr - ok
22:42:17.0692 3228 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
22:42:17.0695 3228 pci - ok
22:42:17.0739 3228 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
22:42:17.0740 3228 pciide - ok
22:42:17.0783 3228 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
22:42:17.0785 3228 pcmcia - ok
22:42:17.0836 3228 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
22:42:17.0843 3228 PEAUTH - ok
22:42:17.0925 3228 Ph3xIB64 (e9158fa6923e80bd57cf068ce9cddaa2) C:\Windows\system32\DRIVERS\Ph3xIB64.sys
22:42:17.0939 3228 Ph3xIB64 - ok
22:42:17.0996 3228 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
22:42:17.0998 3228 PptpMiniport - ok
22:42:18.0030 3228 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
22:42:18.0032 3228 Processor - ok
22:42:18.0086 3228 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
22:42:18.0087 3228 PSched - ok
22:42:18.0178 3228 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
22:42:18.0189 3228 ql2300 - ok
22:42:18.0203 3228 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
22:42:18.0205 3228 ql40xx - ok
22:42:18.0242 3228 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
22:42:18.0244 3228 QWAVEdrv - ok
22:42:18.0259 3228 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
22:42:18.0260 3228 RasAcd - ok
22:42:18.0288 3228 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:42:18.0290 3228 Rasl2tp - ok
22:42:18.0330 3228 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
22:42:18.0331 3228 RasPppoe - ok
22:42:18.0373 3228 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
22:42:18.0374 3228 RasSstp - ok
22:42:18.0406 3228 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
22:42:18.0410 3228 rdbss - ok
22:42:18.0426 3228 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:42:18.0426 3228 RDPCDD - ok
22:42:18.0476 3228 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
22:42:18.0480 3228 rdpdr - ok
22:42:18.0491 3228 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
22:42:18.0492 3228 RDPENCDD - ok
22:42:18.0576 3228 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
22:42:18.0578 3228 RDPWD - ok
22:42:18.0627 3228 RFCOMM (cd71e053d7260e4102d99a28f9196070) C:\Windows\system32\DRIVERS\rfcomm.sys
22:42:18.0630 3228 RFCOMM - ok
22:42:18.0666 3228 rimmptsk (e31960692cbb3a8bcdf300bc1d889e1f) C:\Windows\system32\DRIVERS\rimmpx64.sys
22:42:18.0667 3228 rimmptsk - ok
22:42:18.0691 3228 rimsptsk (82356915157ab59064a24993ae5be8aa) C:\Windows\system32\DRIVERS\rimspx64.sys
22:42:18.0692 3228 rimsptsk - ok
22:42:18.0708 3228 rismxdp (c01a92a546854a3e34103b642f0f94a1) C:\Windows\system32\DRIVERS\rixdpx64.sys
22:42:18.0709 3228 rismxdp - ok
22:42:18.0746 3228 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
22:42:18.0748 3228 rspndr - ok
22:42:18.0764 3228 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
22:42:18.0766 3228 sbp2port - ok
22:42:18.0810 3228 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
22:42:18.0811 3228 sdbus - ok
22:42:18.0836 3228 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:42:18.0837 3228 secdrv - ok
22:42:18.0871 3228 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
22:42:18.0872 3228 Serenum - ok
22:42:18.0899 3228 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
22:42:18.0900 3228 Serial - ok
22:42:18.0921 3228 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
22:42:18.0922 3228 sermouse - ok
22:42:18.0950 3228 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
22:42:18.0951 3228 sffdisk - ok
22:42:18.0964 3228 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
22:42:18.0964 3228 sffp_mmc - ok
22:42:18.0982 3228 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
22:42:18.0983 3228 sffp_sd - ok
22:42:18.0995 3228 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
22:42:18.0996 3228 sfloppy - ok
22:42:19.0020 3228 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
22:42:19.0021 3228 SiSRaid2 - ok
22:42:19.0031 3228 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
22:42:19.0034 3228 SiSRaid4 - ok
22:42:19.0079 3228 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
22:42:19.0081 3228 Smb - ok
22:42:19.0123 3228 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
22:42:19.0124 3228 spldr - ok
22:42:19.0189 3228 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
22:42:19.0194 3228 srv - ok
22:42:19.0250 3228 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
22:42:19.0253 3228 srv2 - ok
22:42:19.0319 3228 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
22:42:19.0321 3228 srvnet - ok
22:42:19.0390 3228 STHDA (e964db5400cfd56fc99cd2ab1b21213f) C:\Windows\system32\drivers\stwrt64.sys
22:42:19.0394 3228 STHDA - ok
22:42:19.0447 3228 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
22:42:19.0448 3228 swenum - ok
22:42:19.0500 3228 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
22:42:19.0501 3228 Symc8xx - ok
22:42:19.0517 3228 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
22:42:19.0518 3228 Sym_hi - ok
22:42:19.0536 3228 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
22:42:19.0537 3228 Sym_u3 - ok
22:42:19.0589 3228 SynTP (b2a7d0790246e6fcdbdd256c4fcc4975) C:\Windows\system32\DRIVERS\SynTP.sys
22:42:19.0592 3228 SynTP - ok
22:42:19.0690 3228 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
22:42:19.0704 3228 Tcpip - ok
22:42:19.0768 3228 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
22:42:19.0781 3228 Tcpip6 - ok
22:42:19.0828 3228 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
22:42:19.0829 3228 tcpipreg - ok
22:42:19.0870 3228 TcUsb (c050f120451b08fbf79588f66bf51ccd) C:\Windows\system32\Drivers\tcusb.sys
22:42:19.0871 3228 TcUsb - ok
22:42:19.0924 3228 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
22:42:19.0925 3228 TDPIPE - ok
22:42:19.0948 3228 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
22:42:19.0949 3228 TDTCP - ok
22:42:19.0992 3228 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
22:42:19.0994 3228 tdx - ok
22:42:20.0039 3228 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
22:42:20.0040 3228 TermDD - ok
22:42:20.0075 3228 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:42:20.0079 3228 tssecsrv - ok
22:42:20.0100 3228 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
22:42:20.0101 3228 tunmp - ok
22:42:20.0113 3228 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
22:42:20.0114 3228 tunnel - ok
22:42:20.0152 3228 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
22:42:20.0153 3228 uagp35 - ok
22:42:20.0209 3228 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
22:42:20.0213 3228 udfs - ok
22:42:20.0262 3228 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
22:42:20.0263 3228 uliagpkx - ok
22:42:20.0295 3228 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
22:42:20.0298 3228 uliahci - ok
22:42:20.0313 3228 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
22:42:20.0315 3228 UlSata - ok
22:42:20.0332 3228 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
22:42:20.0336 3228 ulsata2 - ok
22:42:20.0369 3228 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
22:42:20.0370 3228 umbus - ok
22:42:20.0414 3228 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
22:42:20.0416 3228 USBAAPL64 - ok
22:42:20.0458 3228 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
22:42:20.0460 3228 usbccgp - ok
22:42:20.0508 3228 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
22:42:20.0509 3228 usbcir - ok
22:42:20.0555 3228 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
22:42:20.0556 3228 usbehci - ok
22:42:20.0614 3228 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
22:42:20.0617 3228 usbhub - ok
22:42:20.0650 3228 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
22:42:20.0651 3228 usbohci - ok
22:42:20.0693 3228 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
22:42:20.0694 3228 usbprint - ok
22:42:20.0723 3228 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:42:20.0724 3228 USBSTOR - ok
22:42:20.0745 3228 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
22:42:20.0746 3228 usbuhci - ok
22:42:20.0791 3228 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
22:42:20.0792 3228 vga - ok
22:42:20.0822 3228 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
22:42:20.0823 3228 VgaSave - ok
22:42:20.0853 3228 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
22:42:20.0854 3228 viaide - ok
22:42:20.0897 3228 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
22:42:20.0898 3228 volmgr - ok
22:42:20.0938 3228 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
22:42:20.0943 3228 volmgrx - ok
22:42:20.0973 3228 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
22:42:20.0979 3228 volsnap - ok
22:42:21.0030 3228 vpnva (e526a69d932538ae8bc96b3f4a5a90b1) C:\Windows\system32\DRIVERS\vpnva64.sys
22:42:21.0031 3228 vpnva - ok
22:42:21.0069 3228 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
22:42:21.0071 3228 vsmraid - ok
22:42:21.0109 3228 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
22:42:21.0110 3228 WacomPen - ok
22:42:21.0149 3228 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:42:21.0151 3228 Wanarp - ok
22:42:21.0157 3228 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:42:21.0158 3228 Wanarpv6 - ok
22:42:21.0177 3228 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
22:42:21.0178 3228 Wd - ok
22:42:21.0213 3228 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
22:42:21.0220 3228 Wdf01000 - ok
22:42:21.0287 3228 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:42:21.0288 3228 WmiAcpi - ok
22:42:21.0336 3228 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
22:42:21.0337 3228 WpdUsb - ok
22:42:21.0366 3228 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
22:42:21.0367 3228 ws2ifsl - ok
22:42:21.0408 3228 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:42:21.0409 3228 WUDFRd - ok
22:42:21.0465 3228 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:42:21.0524 3228 \Device\Harddisk0\DR0 - ok
22:42:21.0538 3228 Boot (0x1200) (f24ec062fc7afa5b1e09f94dc037df1c) \Device\Harddisk0\DR0\Partition0
22:42:21.0539 3228 \Device\Harddisk0\DR0\Partition0 - ok
22:42:21.0542 3228 Boot (0x1200) (44e7babdfd0605a8cf91ad42c54408fb) \Device\Harddisk0\DR0\Partition1
22:42:21.0543 3228 \Device\Harddisk0\DR0\Partition1 - ok
22:42:21.0545 3228 ============================================================
22:42:21.0545 3228 Scan finished
22:42:21.0545 3228 ============================================================
22:42:21.0554 0592 Detected object count: 0
22:42:21.0555 0592 Actual detected object count: 0

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:53 AM

Posted 23 January 2012 - 12:11 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Padshead

Padshead
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:53 AM

Posted 23 January 2012 - 07:23 PM

Hi Gringo,

Here is the log file:

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-23 07:25:06
-----------------------------
07:25:06.175 OS Version: Windows x64 6.0.6002 Service Pack 2
07:25:06.175 Number of processors: 2 586 0x170A
07:25:06.176 ComputerName: DISSERTATIN UserName: me
07:25:07.428 Initialize success
07:27:55.124 AVAST engine defs: 12012300
07:28:10.224 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
07:28:10.227 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
07:28:10.261 Disk 0 MBR read successfully
07:28:10.265 Disk 0 MBR scan
07:28:10.275 Disk 0 Windows VISTA default MBR code
07:28:10.280 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 94 MB offset 63
07:28:10.323 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 194560
07:28:10.365 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 292348 MB offset 21166080
07:28:10.377 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 619896832
07:28:10.428 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 619898880
07:28:10.441 Service scanning
07:28:15.315 Modules scanning
07:28:15.321 Disk 0 trace - called modules:
07:28:15.386 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
07:28:15.393 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ae7790]
07:28:15.400 3 CLASSPNP.SYS[fffffa6000d3ac33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80045c2050]
07:28:16.898 AVAST engine scan C:\Windows
07:28:32.952 AVAST engine scan C:\Windows\system32
07:33:00.280 AVAST engine scan C:\Windows\system32\drivers
07:33:31.222 AVAST engine scan C:\Users\me
08:10:58.278 AVAST engine scan C:\ProgramData
08:12:24.854 Scan finished successfully
08:52:18.174 Disk 0 MBR has been saved successfully to "C:\Users\me\Desktop\MBR.dat"
08:52:18.181 The log file has been saved successfully to "C:\Users\me\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users