Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware Problem (datingpuma.com redirects)


  • This topic is locked This topic is locked
26 replies to this topic

#1 Dervajanky

Dervajanky

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 09 February 2012 - 04:44 PM

So... yea.

Recently I've noticed that, when using google, I will get a redirected through datingpuma.com before being directed to the clicked link. Occasionally, I will get redirected to another site entirely.

This problem is not 100% persistent. It just showed up last night, and then disappeared after I reset all I.E.8/9 (can't remember which is current) settings. It just reappeared today (2/9/12) for about an hour, and then disappeared again.

I already ran the antivirus scans I had on my computer (symantec) and when browsing around I also came across the Kaspersky TDSSKiller, which I ran as well.

Since I had no luck with either case, I decided to find a forum, and get some help. As a note, I'm running windows 7 (64bit) home premium on an AsusG51 series laptop.

Thanks for whatever help you give me, I look forward to your responses.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Sean at 16:32:22 on 2012-02-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8053.4272 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Users\Sean\AppData\Local\Apps\2.0\KLJTXDJ0.AQ4\9TBZ7CG2.9AK\curs..tion_eee711038731a406_0004.0000_2ad57791d5c42008\CurseClient.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Razer\Naga\NagaTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Sean\Desktop\abc123.com.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
uSearch Bar = Preserve
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\NagaTray.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
StartupFolder: C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Sean\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: kongregate.com\www
DPF: {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} - hxxp://optimum.net/downloads/TNetworkScannerXControl.ocx
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{20234A54-626F-4900-BCD2-4C5618874902} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{20234A54-626F-4900-BCD2-4C5618874902}\35343434D2055726C6963613 : DhcpNameServer = 12.127.16.67 12.127.17.71
TCP: Interfaces\{20234A54-626F-4900-BCD2-4C5618874902}\7564C4942475962756C6563737 : DhcpNameServer = 172.16.13.253 4.2.2.2
TCP: Interfaces\{20234A54-626F-4900-BCD2-4C5618874902}\7596E647562737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{20234A54-626F-4900-BCD2-4C5618874902}\C496E6B6379737 : DhcpNameServer = 192.168.2.1 167.206.254.2 167.206.254.1
TCP: Interfaces\{20234A54-626F-4900-BCD2-4C5618874902}\C696E6B6379737 : DhcpNameServer = 172.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\NagaTray.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: acaptuser32.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-3-2 14904]
R2 OberonGameConsoleService;Oberon Media Game Console service;C:\Program Files (x86)\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe [2010-3-2 44312]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-4-1 1822296]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-3-2 2314240]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-1-25 138360]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-2 135664]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-3-2 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-3-2 79360]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-2 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw1v64.sys --> C:\Windows\system32\DRIVERS\NETw1v64.sys [?]
S3 RzSynapse;Razer Naga Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-01-11 17:34:25 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 17:34:25 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 17:34:23 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 17:34:22 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 17:34:20 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 17:34:20 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 17:34:19 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 17:34:18 67072 ----a-w- C:\Windows\SysWow64\packager.dll
.
==================== Find3M ====================
.
2012-01-25 23:48:45 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-13 15:00:22 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 16:33:06.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:47 PM

Posted 10 February 2012 - 10:04 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Dervajanky

Dervajanky
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 11 February 2012 - 07:57 PM

Sorry about the slow reply, had a busy two days.
My apologies about running the 2 programs before posting. I prefer to DIY. as for attaching that first file (I'm assuming you underlined that part for a reason?) I was just following the instructions from the help topic at the top of this particular forum. sorry if I did something wrong there.

Anyways, in the past two days, I have not had any issues with the datingpuma.com redirect. my google results have been going straight to the page they say they are. but nothing on the system has been deleted, (not even emptying the recycle bin. albeit, that's been empty for several weeks) so I'm assuming that the file is still there somewhere?? assuming combofix didn't get it.

Speaking of combofix, here's the log.

ComboFix 12-02-11.03 - Sean 02/11/2012 19:07:57.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8053.5960 [GMT -5:00]
Running from: c:\users\Sean\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C6AC5055-556C-4EE6-95B5-68FEA7FD9FA4}.xps
c:\users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D234E00F-8526-4C7E-A09C-CF1F5B606BAC}.xps
c:\users\Sean\Documents\~WRL3800.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-12 00:21 . 2012-02-12 00:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-26 02:21 . 2011-11-17 06:35 340992 ----a-w- c:\windows\system32\schannel.dll
2012-01-25 23:48 . 2012-01-25 23:48 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-25 23:48 . 2011-09-28 19:29 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-25 23:06 . 2011-10-12 18:07 3642528 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-01-13 15:00 . 2010-08-29 01:03 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-11-24 04:52 . 2011-12-17 00:57 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 14:58 . 2012-01-11 17:34 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 17:34 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-17 06:41 . 2012-01-11 17:34 1731920 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 05:38 . 2012-01-11 17:34 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2010-09-16 4425048]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-02 39408]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-17 3077528]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-09 6937216]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"VolPanel"="c:\program files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" [2008-12-30 237693]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-01-25 115560]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\NagaTray.exe" [2010-05-11 810880]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
.
c:\users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-8-12 0]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-02 135664]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-03-02 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-03-02 79360]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-02 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x]
R3 RzSynapse;Razer Naga Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-08 138360]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 15539119
*NewlyCreated* - 52668844
*NewlyCreated* - 82188443
*NewlyCreated* - ERASERUTILDRV11122
*Deregistered* - 15539119
*Deregistered* - 52668844
*Deregistered* - 82188443
*Deregistered* - EraserUtilDrv11122
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-02 23:20]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-02 23:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EeeStorageBackup"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-11-26 1732608]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: kongregate.com\www
TCP: DhcpNameServer = 192.168.0.1
DPF: {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} - hxxp://optimum.net/downloads/TNetworkScannerXControl.ocx
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
SafeBoot-Symantec Antvirus
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-ASUS_ScreenSaver_GSeries - c:\windows\system32\ASUS_ScreenSaver_GSeries.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-11 19:48:00
ComboFix-quarantined-files.txt 2012-02-12 00:47
.
Pre-Run: 13,753,266,176 bytes free
Post-Run: 15,736,516,608 bytes free
.
- - End Of File - - B59272D34B3F7784F36330D80DAAB817



I didn't realize that the "windows defender" program was even still functional on this thing. sorry if that might have messed anything up on the scan

Thanks again for the help.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:47 PM

Posted 11 February 2012 - 08:01 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Dervajanky

Dervajanky
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 11 February 2012 - 08:53 PM

before I post logs; I re-enabled symantec between following your first set of instructions, and running tdsskiller and aswMBR.

while running the aswMBR scan, I receive a report some symantec that it found a trojan. Do I need to re-disable symantec (and does re-enabling symantec techinical fall under "Do not run any other tool untill instructed to do so!" or "Do not run anything while running a fix"? if so, I apologize and will proceed to rescan)

#6 Dervajanky

Dervajanky
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 11 February 2012 - 09:12 PM

TDSSkiller report

20:42:50.0711 16832 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
20:42:51.0031 16832 ============================================================
20:42:51.0031 16832 Current date / time: 2012/02/11 20:42:51.0031
20:42:51.0031 16832 SystemInfo:
20:42:51.0031 16832
20:42:51.0031 16832 OS Version: 6.1.7601 ServicePack: 1.0
20:42:51.0031 16832 Product type: Workstation
20:42:51.0031 16832 ComputerName: SEAN-LAPTAOP
20:42:51.0031 16832 UserName: Sean
20:42:51.0031 16832 Windows directory: C:\Windows
20:42:51.0031 16832 System windows directory: C:\Windows
20:42:51.0031 16832 Running under WOW64
20:42:51.0031 16832 Processor architecture: Intel x64
20:42:51.0031 16832 Number of processors: 4
20:42:51.0031 16832 Page size: 0x1000
20:42:51.0031 16832 Boot type: Normal boot
20:42:51.0031 16832 ============================================================
20:42:51.0684 16832 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:42:51.0690 16832 \Device\Harddisk0\DR0:
20:42:51.0690 16832 MBR used
20:42:51.0690 16832 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0xE8E0360
20:42:51.0707 16832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x10FF1A15, BlocksNum 0x2939322C
20:42:51.0765 16832 Initialize success
20:42:51.0765 16832 ============================================================
20:42:53.0216 22832 ============================================================
20:42:53.0216 22832 Scan started
20:42:53.0216 22832 Mode: Manual;
20:42:53.0216 22832 ============================================================
20:42:55.0645 22832 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:42:55.0647 22832 1394ohci - ok
20:42:55.0706 22832 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:42:55.0707 22832 ACPI - ok
20:42:55.0740 22832 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:42:55.0741 22832 AcpiPmi - ok
20:42:55.0816 22832 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:42:55.0819 22832 adp94xx - ok
20:42:55.0839 22832 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:42:55.0842 22832 adpahci - ok
20:42:55.0862 22832 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:42:55.0863 22832 adpu320 - ok
20:42:55.0949 22832 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:42:55.0971 22832 AFD - ok
20:42:56.0004 22832 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:42:56.0006 22832 agp440 - ok
20:42:56.0041 22832 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:42:56.0042 22832 aliide - ok
20:42:56.0078 22832 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:42:56.0079 22832 amdide - ok
20:42:56.0115 22832 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:42:56.0116 22832 AmdK8 - ok
20:42:56.0154 22832 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:42:56.0154 22832 AmdPPM - ok
20:42:56.0179 22832 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:42:56.0180 22832 amdsata - ok
20:42:56.0217 22832 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:42:56.0219 22832 amdsbs - ok
20:42:56.0245 22832 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:42:56.0246 22832 amdxata - ok
20:42:56.0294 22832 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:42:56.0295 22832 AppID - ok
20:42:56.0332 22832 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:42:56.0333 22832 arc - ok
20:42:56.0354 22832 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:42:56.0355 22832 arcsas - ok
20:42:56.0377 22832 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
20:42:56.0378 22832 AsDsm - ok
20:42:56.0472 22832 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
20:42:56.0473 22832 ASMMAP64 - ok
20:42:56.0519 22832 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:42:56.0519 22832 AsyncMac - ok
20:42:56.0573 22832 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:42:56.0574 22832 atapi - ok
20:42:56.0623 22832 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
20:42:56.0631 22832 athr - ok
20:42:56.0694 22832 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:42:56.0697 22832 b06bdrv - ok
20:42:56.0735 22832 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:42:56.0736 22832 b57nd60a - ok
20:42:56.0760 22832 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:42:56.0760 22832 Beep - ok
20:42:56.0804 22832 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:42:56.0815 22832 blbdrive - ok
20:42:56.0872 22832 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:42:56.0873 22832 bowser - ok
20:42:56.0893 22832 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:42:56.0894 22832 BrFiltLo - ok
20:42:56.0908 22832 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:42:56.0909 22832 BrFiltUp - ok
20:42:56.0952 22832 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:42:56.0965 22832 BridgeMP - ok
20:42:57.0024 22832 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:42:57.0026 22832 Brserid - ok
20:42:57.0048 22832 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:42:57.0049 22832 BrSerWdm - ok
20:42:57.0067 22832 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:42:57.0078 22832 BrUsbMdm - ok
20:42:57.0094 22832 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:42:57.0095 22832 BrUsbSer - ok
20:42:57.0158 22832 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
20:42:57.0161 22832 BthEnum - ok
20:42:57.0191 22832 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:42:57.0192 22832 BTHMODEM - ok
20:42:57.0215 22832 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
20:42:57.0216 22832 BthPan - ok
20:42:57.0251 22832 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
20:42:57.0254 22832 BTHPORT - ok
20:42:57.0281 22832 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
20:42:57.0282 22832 BTHUSB - ok
20:42:57.0319 22832 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
20:42:57.0320 22832 btwaudio - ok
20:42:57.0342 22832 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys
20:42:57.0343 22832 btwavdt - ok
20:42:57.0394 22832 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
20:42:57.0395 22832 btwl2cap - ok
20:42:57.0415 22832 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
20:42:57.0416 22832 btwrchid - ok
20:42:57.0432 22832 catchme - ok
20:42:57.0488 22832 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:42:57.0489 22832 cdfs - ok
20:42:57.0545 22832 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:42:57.0547 22832 cdrom - ok
20:42:57.0595 22832 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:42:57.0596 22832 circlass - ok
20:42:57.0626 22832 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:42:57.0641 22832 CLFS - ok
20:42:57.0687 22832 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:42:57.0687 22832 CmBatt - ok
20:42:57.0721 22832 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:42:57.0722 22832 cmdide - ok
20:42:57.0767 22832 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:42:57.0769 22832 CNG - ok
20:42:57.0812 22832 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:42:57.0829 22832 Compbatt - ok
20:42:57.0890 22832 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:42:57.0891 22832 CompositeBus - ok
20:42:57.0924 22832 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:42:57.0938 22832 crcdisk - ok
20:42:58.0022 22832 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:42:58.0023 22832 DfsC - ok
20:42:58.0047 22832 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:42:58.0047 22832 discache - ok
20:42:58.0074 22832 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:42:58.0075 22832 Disk - ok
20:42:58.0108 22832 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:42:58.0109 22832 drmkaud - ok
20:42:58.0157 22832 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:42:58.0163 22832 DXGKrnl - ok
20:42:58.0253 22832 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:42:58.0271 22832 ebdrv - ok
20:42:58.0358 22832 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:42:58.0360 22832 eeCtrl - ok
20:42:58.0424 22832 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:42:58.0426 22832 elxstor - ok
20:42:58.0494 22832 EraserUtilDrv11122 (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys
20:42:58.0511 22832 EraserUtilDrv11122 - ok
20:42:58.0567 22832 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:42:58.0568 22832 EraserUtilRebootDrv - ok
20:42:58.0633 22832 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:42:58.0634 22832 ErrDev - ok
20:42:58.0683 22832 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:42:58.0685 22832 exfat - ok
20:42:58.0707 22832 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:42:58.0709 22832 fastfat - ok
20:42:58.0736 22832 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:42:58.0737 22832 fdc - ok
20:42:58.0766 22832 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:42:58.0767 22832 FileInfo - ok
20:42:58.0787 22832 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:42:58.0788 22832 Filetrace - ok
20:42:58.0822 22832 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:42:58.0823 22832 flpydisk - ok
20:42:58.0871 22832 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:42:58.0873 22832 FltMgr - ok
20:42:58.0892 22832 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:42:58.0893 22832 FsDepends - ok
20:42:58.0939 22832 fssfltr (5814011b2f6e088e29d689b5fcd49b8f) C:\Windows\system32\DRIVERS\fssfltr.sys
20:42:58.0939 22832 fssfltr - ok
20:42:58.0964 22832 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:42:58.0965 22832 Fs_Rec - ok
20:42:59.0015 22832 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:42:59.0034 22832 fvevol - ok
20:42:59.0061 22832 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:42:59.0062 22832 gagp30kx - ok
20:42:59.0145 22832 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:42:59.0145 22832 hcw85cir - ok
20:42:59.0205 22832 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:42:59.0207 22832 HdAudAddService - ok
20:42:59.0251 22832 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:42:59.0253 22832 HDAudBus - ok
20:42:59.0277 22832 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
20:42:59.0278 22832 HECIx64 - ok
20:42:59.0291 22832 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:42:59.0292 22832 HidBatt - ok
20:42:59.0342 22832 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:42:59.0343 22832 HidBth - ok
20:42:59.0378 22832 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:42:59.0379 22832 HidIr - ok
20:42:59.0418 22832 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:42:59.0436 22832 HidUsb - ok
20:42:59.0468 22832 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:42:59.0469 22832 HpSAMD - ok
20:42:59.0535 22832 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:42:59.0539 22832 HTTP - ok
20:42:59.0579 22832 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:42:59.0579 22832 hwpolicy - ok
20:42:59.0608 22832 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:42:59.0609 22832 i8042prt - ok
20:42:59.0639 22832 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
20:42:59.0642 22832 iaStor - ok
20:42:59.0669 22832 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:42:59.0671 22832 iaStorV - ok
20:42:59.0693 22832 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:42:59.0707 22832 iirsp - ok
20:42:59.0754 22832 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
20:42:59.0756 22832 Impcd - ok
20:42:59.0827 22832 IntcAzAudAddService (52d9171838bb92319f23656f502916e9) C:\Windows\system32\drivers\RTKVHD64.sys
20:42:59.0837 22832 IntcAzAudAddService - ok
20:42:59.0880 22832 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:42:59.0881 22832 intelide - ok
20:42:59.0923 22832 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:42:59.0923 22832 intelppm - ok
20:42:59.0967 22832 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:42:59.0968 22832 IpFilterDriver - ok
20:42:59.0990 22832 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:42:59.0990 22832 IPMIDRV - ok
20:43:00.0009 22832 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:43:00.0010 22832 IPNAT - ok
20:43:00.0043 22832 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:43:00.0044 22832 IRENUM - ok
20:43:00.0061 22832 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:43:00.0062 22832 isapnp - ok
20:43:00.0089 22832 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:43:00.0090 22832 iScsiPrt - ok
20:43:00.0120 22832 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:43:00.0121 22832 kbdclass - ok
20:43:00.0145 22832 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:43:00.0145 22832 kbdhid - ok
20:43:00.0184 22832 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
20:43:00.0185 22832 kbfiltr - ok
20:43:00.0226 22832 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:43:00.0227 22832 KSecDD - ok
20:43:00.0288 22832 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:43:00.0289 22832 KSecPkg - ok
20:43:00.0303 22832 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:43:00.0304 22832 ksthunk - ok
20:43:00.0345 22832 L1C (01c711667abedf8148998f3ac91991db) C:\Windows\system32\DRIVERS\L1C62x64.sys
20:43:00.0346 22832 L1C - ok
20:43:00.0391 22832 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:43:00.0392 22832 lltdio - ok
20:43:00.0440 22832 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:43:00.0442 22832 LSI_FC - ok
20:43:00.0484 22832 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:43:00.0486 22832 LSI_SAS - ok
20:43:00.0519 22832 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:43:00.0520 22832 LSI_SAS2 - ok
20:43:00.0553 22832 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:43:00.0554 22832 LSI_SCSI - ok
20:43:00.0591 22832 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:43:00.0592 22832 luafv - ok
20:43:00.0643 22832 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:43:00.0644 22832 megasas - ok
20:43:00.0682 22832 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:43:00.0684 22832 MegaSR - ok
20:43:00.0728 22832 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:43:00.0729 22832 Modem - ok
20:43:00.0772 22832 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:43:00.0785 22832 monitor - ok
20:43:00.0849 22832 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:43:00.0850 22832 mouclass - ok
20:43:00.0893 22832 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:43:00.0894 22832 mouhid - ok
20:43:00.0934 22832 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:43:00.0935 22832 mountmgr - ok
20:43:00.0981 22832 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:43:00.0982 22832 mpio - ok
20:43:01.0006 22832 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:43:01.0007 22832 mpsdrv - ok
20:43:01.0047 22832 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:43:01.0048 22832 MRxDAV - ok
20:43:01.0078 22832 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:43:01.0080 22832 mrxsmb - ok
20:43:01.0115 22832 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:43:01.0117 22832 mrxsmb10 - ok
20:43:01.0140 22832 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:43:01.0142 22832 mrxsmb20 - ok
20:43:01.0182 22832 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:43:01.0183 22832 msahci - ok
20:43:01.0201 22832 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:43:01.0203 22832 msdsm - ok
20:43:01.0237 22832 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:43:01.0238 22832 Msfs - ok
20:43:01.0272 22832 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:43:01.0273 22832 mshidkmdf - ok
20:43:01.0317 22832 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:43:01.0318 22832 msisadrv - ok
20:43:01.0364 22832 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:43:01.0364 22832 MSKSSRV - ok
20:43:01.0379 22832 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:43:01.0380 22832 MSPCLOCK - ok
20:43:01.0393 22832 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:43:01.0394 22832 MSPQM - ok
20:43:01.0460 22832 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:43:01.0462 22832 MsRPC - ok
20:43:01.0476 22832 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:43:01.0477 22832 mssmbios - ok
20:43:01.0514 22832 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:43:01.0515 22832 MSTEE - ok
20:43:01.0540 22832 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:43:01.0541 22832 MTConfig - ok
20:43:01.0579 22832 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
20:43:01.0579 22832 MTsensor - ok
20:43:01.0612 22832 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:43:01.0613 22832 Mup - ok
20:43:01.0665 22832 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:43:01.0667 22832 NativeWifiP - ok
20:43:01.0777 22832 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120211.006\ENG64.SYS
20:43:01.0778 22832 NAVENG - ok
20:43:01.0829 22832 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120211.006\EX64.SYS
20:43:01.0840 22832 NAVEX15 - ok
20:43:01.0930 22832 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:43:01.0936 22832 NDIS - ok
20:43:01.0983 22832 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:43:01.0984 22832 NdisCap - ok
20:43:02.0021 22832 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:43:02.0022 22832 NdisTapi - ok
20:43:02.0071 22832 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:43:02.0071 22832 Ndisuio - ok
20:43:02.0122 22832 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:43:02.0124 22832 NdisWan - ok
20:43:02.0161 22832 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:43:02.0162 22832 NDProxy - ok
20:43:02.0194 22832 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:43:02.0195 22832 NetBIOS - ok
20:43:02.0243 22832 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:43:02.0245 22832 NetBT - ok
20:43:02.0422 22832 NETw1v64 (e72f4522801ffb8f0456924fb0017bff) C:\Windows\system32\DRIVERS\NETw1v64.sys
20:43:02.0456 22832 NETw1v64 - ok
20:43:02.0592 22832 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
20:43:02.0625 22832 NETw5s64 - ok
20:43:02.0693 22832 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:43:02.0709 22832 nfrd960 - ok
20:43:02.0759 22832 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:43:02.0760 22832 Npfs - ok
20:43:02.0784 22832 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:43:02.0798 22832 nsiproxy - ok
20:43:02.0853 22832 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:43:02.0862 22832 Ntfs - ok
20:43:02.0882 22832 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:43:02.0883 22832 Null - ok
20:43:02.0924 22832 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
20:43:02.0925 22832 NVHDA - ok
20:43:03.0143 22832 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:43:03.0204 22832 nvlddmkm - ok
20:43:03.0248 22832 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:43:03.0250 22832 nvraid - ok
20:43:03.0271 22832 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:43:03.0272 22832 nvstor - ok
20:43:03.0337 22832 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:43:03.0338 22832 nv_agp - ok
20:43:03.0388 22832 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:43:03.0400 22832 ohci1394 - ok
20:43:03.0458 22832 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:43:03.0459 22832 Parport - ok
20:43:03.0497 22832 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:43:03.0498 22832 partmgr - ok
20:43:03.0551 22832 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:43:03.0552 22832 pci - ok
20:43:03.0569 22832 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:43:03.0570 22832 pciide - ok
20:43:03.0596 22832 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:43:03.0598 22832 pcmcia - ok
20:43:03.0618 22832 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:43:03.0619 22832 pcw - ok
20:43:03.0646 22832 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:43:03.0650 22832 PEAUTH - ok
20:43:03.0726 22832 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:43:03.0727 22832 PptpMiniport - ok
20:43:03.0763 22832 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:43:03.0764 22832 Processor - ok
20:43:03.0822 22832 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:43:03.0823 22832 Psched - ok
20:43:03.0866 22832 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:43:03.0874 22832 ql2300 - ok
20:43:03.0898 22832 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:43:03.0899 22832 ql40xx - ok
20:43:03.0918 22832 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:43:03.0919 22832 QWAVEdrv - ok
20:43:03.0940 22832 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:43:03.0941 22832 RasAcd - ok
20:43:03.0978 22832 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:43:03.0979 22832 RasAgileVpn - ok
20:43:04.0021 22832 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:43:04.0023 22832 Rasl2tp - ok
20:43:04.0046 22832 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:43:04.0047 22832 RasPppoe - ok
20:43:04.0081 22832 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:43:04.0082 22832 RasSstp - ok
20:43:04.0125 22832 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:43:04.0127 22832 rdbss - ok
20:43:04.0152 22832 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:43:04.0152 22832 rdpbus - ok
20:43:04.0175 22832 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:43:04.0187 22832 RDPCDD - ok
20:43:04.0210 22832 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:43:04.0222 22832 RDPENCDD - ok
20:43:04.0242 22832 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:43:04.0243 22832 RDPREFMP - ok
20:43:04.0290 22832 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:43:04.0305 22832 RDPWD - ok
20:43:04.0347 22832 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:43:04.0349 22832 rdyboost - ok
20:43:04.0385 22832 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
20:43:04.0386 22832 RFCOMM - ok
20:43:04.0414 22832 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys
20:43:04.0415 22832 rimspci - ok
20:43:04.0447 22832 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\Windows\system32\DRIVERS\rixdpe64.sys
20:43:04.0448 22832 rixdpcie - ok
20:43:04.0513 22832 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
20:43:04.0515 22832 RsFx0103 - ok
20:43:04.0560 22832 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:43:04.0561 22832 rspndr - ok
20:43:04.0609 22832 RzSynapse (d2ceff3befe9c468717b6bb7fa4a5e44) C:\Windows\system32\DRIVERS\RzSynapse.sys
20:43:04.0610 22832 RzSynapse - ok
20:43:04.0649 22832 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:43:04.0650 22832 sbp2port - ok
20:43:04.0694 22832 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:43:04.0695 22832 scfilter - ok
20:43:04.0730 22832 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
20:43:04.0732 22832 sdbus - ok
20:43:04.0777 22832 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:43:04.0778 22832 secdrv - ok
20:43:04.0807 22832 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:43:04.0808 22832 Serenum - ok
20:43:04.0842 22832 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:43:04.0861 22832 Serial - ok
20:43:04.0898 22832 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:43:04.0898 22832 sermouse - ok
20:43:04.0943 22832 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:43:04.0944 22832 sffdisk - ok
20:43:04.0970 22832 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:43:04.0970 22832 sffp_mmc - ok
20:43:04.0986 22832 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:43:04.0987 22832 sffp_sd - ok
20:43:05.0011 22832 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:43:05.0012 22832 sfloppy - ok
20:43:05.0041 22832 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
20:43:05.0042 22832 SiSGbeLH - ok
20:43:05.0076 22832 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:43:05.0090 22832 SiSRaid2 - ok
20:43:05.0113 22832 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:43:05.0115 22832 SiSRaid4 - ok
20:43:05.0143 22832 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:43:05.0144 22832 Smb - ok
20:43:05.0222 22832 SNP2UVC (7aec460dbdd193680f0e77724e40e7b6) C:\Windows\system32\DRIVERS\snp2uvc.sys
20:43:05.0231 22832 SNP2UVC - ok
20:43:05.0247 22832 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:43:05.0248 22832 spldr - ok
20:43:05.0314 22832 SRTSP (b531fc8918dcdaae638511a123c3465e) C:\Windows\system32\Drivers\SRTSP64.SYS
20:43:05.0328 22832 SRTSP - ok
20:43:05.0368 22832 SRTSPL (2bd3a73d0601320b72486fc3ebc2544f) C:\Windows\system32\Drivers\SRTSPL64.SYS
20:43:05.0371 22832 SRTSPL - ok
20:43:05.0394 22832 SRTSPX (529b337c1aeeb289f0b502eb0ee6a8f5) C:\Windows\system32\Drivers\SRTSPX64.SYS
20:43:05.0395 22832 SRTSPX - ok
20:43:05.0435 22832 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:43:05.0437 22832 srv - ok
20:43:05.0475 22832 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:43:05.0477 22832 srv2 - ok
20:43:05.0518 22832 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:43:05.0519 22832 srvnet - ok
20:43:05.0566 22832 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:43:05.0566 22832 stexstor - ok
20:43:05.0610 22832 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:43:05.0611 22832 swenum - ok
20:43:05.0676 22832 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:43:05.0678 22832 SymEvent - ok
20:43:05.0715 22832 SynTP (0faa1933fbcf916c301ff94acc623031) C:\Windows\system32\DRIVERS\SynTP.sys
20:43:05.0717 22832 SynTP - ok
20:43:05.0800 22832 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:43:05.0809 22832 Tcpip - ok
20:43:05.0877 22832 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:43:05.0886 22832 TCPIP6 - ok
20:43:05.0946 22832 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:43:05.0947 22832 tcpipreg - ok
20:43:05.0988 22832 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:43:05.0989 22832 TDPIPE - ok
20:43:06.0011 22832 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:43:06.0012 22832 TDTCP - ok
20:43:06.0062 22832 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:43:06.0064 22832 tdx - ok
20:43:06.0100 22832 Teefer2 (ef6ccf8b483201f7196d83fc136fa43a) C:\Windows\system32\DRIVERS\teefer2.sys
20:43:06.0112 22832 Teefer2 - ok
20:43:06.0146 22832 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:43:06.0147 22832 TermDD - ok
20:43:06.0213 22832 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:43:06.0214 22832 tssecsrv - ok
20:43:06.0260 22832 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:43:06.0261 22832 TsUsbFlt - ok
20:43:06.0324 22832 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:43:06.0325 22832 tunnel - ok
20:43:06.0364 22832 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:43:06.0365 22832 uagp35 - ok
20:43:06.0414 22832 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:43:06.0416 22832 udfs - ok
20:43:06.0456 22832 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:43:06.0457 22832 uliagpkx - ok
20:43:06.0511 22832 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:43:06.0512 22832 umbus - ok
20:43:06.0547 22832 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:43:06.0558 22832 UmPass - ok
20:43:06.0618 22832 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:43:06.0620 22832 usbaudio - ok
20:43:06.0646 22832 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:43:06.0647 22832 usbccgp - ok
20:43:06.0672 22832 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:43:06.0673 22832 usbcir - ok
20:43:06.0713 22832 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:43:06.0714 22832 usbehci - ok
20:43:06.0739 22832 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:43:06.0741 22832 usbhub - ok
20:43:06.0768 22832 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:43:06.0768 22832 usbohci - ok
20:43:06.0802 22832 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:43:06.0803 22832 usbprint - ok
20:43:06.0829 22832 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:43:06.0830 22832 USBSTOR - ok
20:43:06.0856 22832 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:43:06.0857 22832 usbuhci - ok
20:43:06.0894 22832 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:43:06.0896 22832 usbvideo - ok
20:43:06.0924 22832 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:43:06.0925 22832 vdrvroot - ok
20:43:06.0949 22832 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:43:06.0950 22832 vga - ok
20:43:06.0969 22832 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:43:06.0970 22832 VgaSave - ok
20:43:06.0996 22832 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:43:06.0998 22832 vhdmp - ok
20:43:07.0026 22832 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:43:07.0027 22832 viaide - ok
20:43:07.0066 22832 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:43:07.0067 22832 volmgr - ok
20:43:07.0106 22832 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:43:07.0108 22832 volmgrx - ok
20:43:07.0131 22832 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:43:07.0133 22832 volsnap - ok
20:43:07.0173 22832 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:43:07.0174 22832 vsmraid - ok
20:43:07.0199 22832 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:43:07.0200 22832 vwifibus - ok
20:43:07.0222 22832 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:43:07.0223 22832 vwififlt - ok
20:43:07.0253 22832 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:43:07.0253 22832 WacomPen - ok
20:43:07.0289 22832 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:43:07.0291 22832 WANARP - ok
20:43:07.0296 22832 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:43:07.0297 22832 Wanarpv6 - ok
20:43:07.0356 22832 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:43:07.0357 22832 Wd - ok
20:43:07.0393 22832 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:43:07.0397 22832 Wdf01000 - ok
20:43:07.0428 22832 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:43:07.0428 22832 WfpLwf - ok
20:43:07.0469 22832 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
20:43:07.0470 22832 WimFltr - ok
20:43:07.0509 22832 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:43:07.0510 22832 WIMMount - ok
20:43:07.0606 22832 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:43:07.0607 22832 WmiAcpi - ok
20:43:07.0657 22832 WPS (1d98e69903bc3a2d8383696dd701b679) C:\Windows\system32\drivers\wpsdrvnt.sys
20:43:07.0663 22832 WPS - ok
20:43:07.0701 22832 WpsHelper (d9b5a13804b7d97770c42da484a9d86e) C:\Windows\system32\drivers\WpsHelper.sys
20:43:07.0715 22832 WpsHelper - ok
20:43:07.0743 22832 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:43:07.0744 22832 ws2ifsl - ok
20:43:07.0795 22832 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:43:07.0796 22832 WudfPf - ok
20:43:07.0825 22832 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:43:07.0827 22832 WUDFRd - ok
20:43:07.0865 22832 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:43:07.0936 22832 \Device\Harddisk0\DR0 - ok
20:43:07.0945 22832 Boot (0x1200) (be00757fcad9ca4e39d9526f30b548f1) \Device\Harddisk0\DR0\Partition0
20:43:07.0947 22832 \Device\Harddisk0\DR0\Partition0 - ok
20:43:07.0962 22832 Boot (0x1200) (263e54a9e265becfeebe2212c5c92659) \Device\Harddisk0\DR0\Partition1
20:43:07.0964 22832 \Device\Harddisk0\DR0\Partition1 - ok
20:43:07.0964 22832 ============================================================
20:43:07.0964 22832 Scan finished
20:43:07.0964 22832 ============================================================
20:43:07.0975 16124 Detected object count: 0
20:43:07.0975 16124 Actual detected object count: 0
20:43:33.0967 12324 ============================================================
20:43:33.0967 12324 Scan started
20:43:33.0967 12324 Mode: Manual;
20:43:33.0967 12324 ============================================================
20:43:34.0254 12324 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:43:34.0256 12324 1394ohci - ok
20:43:34.0307 12324 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:43:34.0309 12324 ACPI - ok
20:43:34.0332 12324 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:43:34.0333 12324 AcpiPmi - ok
20:43:34.0367 12324 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:43:34.0370 12324 adp94xx - ok
20:43:34.0391 12324 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:43:34.0393 12324 adpahci - ok
20:43:34.0413 12324 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:43:34.0415 12324 adpu320 - ok
20:43:34.0475 12324 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:43:34.0478 12324 AFD - ok
20:43:34.0498 12324 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:43:34.0499 12324 agp440 - ok
20:43:34.0526 12324 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:43:34.0526 12324 aliide - ok
20:43:34.0546 12324 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:43:34.0546 12324 amdide - ok
20:43:34.0566 12324 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:43:34.0567 12324 AmdK8 - ok
20:43:34.0588 12324 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:43:34.0589 12324 AmdPPM - ok
20:43:34.0614 12324 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:43:34.0615 12324 amdsata - ok
20:43:34.0644 12324 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:43:34.0645 12324 amdsbs - ok
20:43:34.0671 12324 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:43:34.0672 12324 amdxata - ok
20:43:34.0729 12324 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:43:34.0730 12324 AppID - ok
20:43:34.0758 12324 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:43:34.0759 12324 arc - ok
20:43:34.0781 12324 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:43:34.0782 12324 arcsas - ok
20:43:34.0804 12324 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
20:43:34.0804 12324 AsDsm - ok
20:43:34.0850 12324 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
20:43:34.0850 12324 ASMMAP64 - ok
20:43:34.0871 12324 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:43:34.0872 12324 AsyncMac - ok
20:43:34.0893 12324 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:43:34.0893 12324 atapi - ok
20:43:34.0935 12324 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
20:43:34.0942 12324 athr - ok
20:43:34.0981 12324 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:43:34.0984 12324 b06bdrv - ok
20:43:35.0021 12324 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:43:35.0022 12324 b57nd60a - ok
20:43:35.0046 12324 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:43:35.0047 12324 Beep - ok
20:43:35.0066 12324 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:43:35.0067 12324 blbdrive - ok
20:43:35.0101 12324 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:43:35.0101 12324 bowser - ok
20:43:35.0122 12324 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:43:35.0122 12324 BrFiltLo - ok
20:43:35.0153 12324 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:43:35.0154 12324 BrFiltUp - ok
20:43:35.0172 12324 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:43:35.0173 12324 BridgeMP - ok
20:43:35.0195 12324 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:43:35.0197 12324 Brserid - ok
20:43:35.0219 12324 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:43:35.0220 12324 BrSerWdm - ok
20:43:35.0238 12324 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:43:35.0239 12324 BrUsbMdm - ok
20:43:35.0257 12324 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:43:35.0258 12324 BrUsbSer - ok
20:43:35.0295 12324 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
20:43:35.0296 12324 BthEnum - ok
20:43:35.0313 12324 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:43:35.0314 12324 BTHMODEM - ok
20:43:35.0336 12324 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
20:43:35.0337 12324 BthPan - ok
20:43:35.0364 12324 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
20:43:35.0367 12324 BTHPORT - ok
20:43:35.0385 12324 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
20:43:35.0386 12324 BTHUSB - ok
20:43:35.0415 12324 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
20:43:35.0416 12324 btwaudio - ok
20:43:35.0431 12324 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys
20:43:35.0433 12324 btwavdt - ok
20:43:35.0450 12324 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
20:43:35.0451 12324 btwl2cap - ok
20:43:35.0470 12324 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
20:43:35.0471 12324 btwrchid - ok
20:43:35.0473 12324 catchme - ok
20:43:35.0494 12324 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:43:35.0495 12324 cdfs - ok
20:43:35.0535 12324 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:43:35.0536 12324 cdrom - ok
20:43:35.0560 12324 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:43:35.0561 12324 circlass - ok
20:43:35.0590 12324 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:43:35.0593 12324 CLFS - ok
20:43:35.0618 12324 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:43:35.0619 12324 CmBatt - ok
20:43:35.0653 12324 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:43:35.0653 12324 cmdide - ok
20:43:35.0698 12324 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:43:35.0701 12324 CNG - ok
20:43:35.0719 12324 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:43:35.0720 12324 Compbatt - ok
20:43:35.0764 12324 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:43:35.0765 12324 CompositeBus - ok
20:43:35.0806 12324 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:43:35.0807 12324 crcdisk - ok
20:43:35.0863 12324 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:43:35.0864 12324 DfsC - ok
20:43:35.0887 12324 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:43:35.0888 12324 discache - ok
20:43:35.0906 12324 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:43:35.0907 12324 Disk - ok
20:43:35.0933 12324 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:43:35.0933 12324 drmkaud - ok
20:43:35.0981 12324 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:43:35.0986 12324 DXGKrnl - ok
20:43:36.0052 12324 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:43:36.0070 12324 ebdrv - ok
20:43:36.0157 12324 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:43:36.0160 12324 eeCtrl - ok
20:43:36.0196 12324 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:43:36.0199 12324 elxstor - ok
20:43:36.0236 12324 EraserUtilDrv11122 (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys
20:43:36.0237 12324 EraserUtilDrv11122 - ok
20:43:36.0276 12324 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:43:36.0277 12324 EraserUtilRebootDrv - ok
20:43:36.0318 12324 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:43:36.0318 12324 ErrDev - ok
20:43:36.0359 12324 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:43:36.0360 12324 exfat - ok
20:43:36.0383 12324 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:43:36.0384 12324 fastfat - ok
20:43:36.0404 12324 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:43:36.0404 12324 fdc - ok
20:43:36.0441 12324 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:43:36.0442 12324 FileInfo - ok
20:43:36.0463 12324 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:43:36.0464 12324 Filetrace - ok
20:43:36.0490 12324 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:43:36.0491 12324 flpydisk - ok
20:43:36.0530 12324 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:43:36.0532 12324 FltMgr - ok
20:43:36.0551 12324 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:43:36.0552 12324 FsDepends - ok
20:43:36.0580 12324 fssfltr (5814011b2f6e088e29d689b5fcd49b8f) C:\Windows\system32\DRIVERS\fssfltr.sys
20:43:36.0581 12324 fssfltr - ok
20:43:36.0607 12324 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:43:36.0608 12324 Fs_Rec - ok
20:43:36.0633 12324 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:43:36.0635 12324 fvevol - ok
20:43:36.0655 12324 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:43:36.0656 12324 gagp30kx - ok
20:43:36.0688 12324 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:43:36.0689 12324 hcw85cir - ok
20:43:36.0729 12324 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:43:36.0732 12324 HdAudAddService - ok
20:43:36.0770 12324 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:43:36.0771 12324 HDAudBus - ok
20:43:36.0796 12324 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
20:43:36.0797 12324 HECIx64 - ok
20:43:36.0810 12324 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:43:36.0811 12324 HidBatt - ok
20:43:36.0836 12324 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:43:36.0837 12324 HidBth - ok
20:43:36.0856 12324 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:43:36.0856 12324 HidIr - ok
20:43:36.0879 12324 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:43:36.0880 12324 HidUsb - ok
20:43:36.0913 12324 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:43:36.0914 12324 HpSAMD - ok
20:43:36.0963 12324 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:43:36.0967 12324 HTTP - ok
20:43:37.0007 12324 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:43:37.0007 12324 hwpolicy - ok
20:43:37.0052 12324 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:43:37.0054 12324 i8042prt - ok
20:43:37.0092 12324 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
20:43:37.0095 12324 iaStor - ok
20:43:37.0122 12324 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:43:37.0124 12324 iaStorV - ok
20:43:37.0138 12324 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:43:37.0139 12324 iirsp - ok
20:43:37.0166 12324 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
20:43:37.0167 12324 Impcd - ok
20:43:37.0231 12324 IntcAzAudAddService (52d9171838bb92319f23656f502916e9) C:\Windows\system32\drivers\RTKVHD64.sys
20:43:37.0241 12324 IntcAzAudAddService - ok
20:43:37.0267 12324 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:43:37.0268 12324 intelide - ok
20:43:37.0293 12324 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:43:37.0294 12324 intelppm - ok
20:43:37.0337 12324 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:43:37.0339 12324 IpFilterDriver - ok
20:43:37.0360 12324 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:43:37.0361 12324 IPMIDRV - ok
20:43:37.0380 12324 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:43:37.0381 12324 IPNAT - ok
20:43:37.0405 12324 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:43:37.0406 12324 IRENUM - ok
20:43:37.0423 12324 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:43:37.0424 12324 isapnp - ok
20:43:37.0442 12324 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:43:37.0444 12324 iScsiPrt - ok
20:43:37.0466 12324 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:43:37.0467 12324 kbdclass - ok
20:43:37.0482 12324 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:43:37.0483 12324 kbdhid - ok
20:43:37.0497 12324 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
20:43:37.0498 12324 kbfiltr - ok
20:43:37.0539 12324 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:43:37.0540 12324 KSecDD - ok
20:43:37.0584 12324 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:43:37.0586 12324 KSecPkg - ok
20:43:37.0599 12324 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:43:37.0599 12324 ksthunk - ok
20:43:37.0634 12324 L1C (01c711667abedf8148998f3ac91991db) C:\Windows\system32\DRIVERS\L1C62x64.sys
20:43:37.0635 12324 L1C - ok
20:43:37.0662 12324 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:43:37.0663 12324 lltdio - ok
20:43:37.0687 12324 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:43:37.0688 12324 LSI_FC - ok
20:43:37.0706 12324 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:43:37.0707 12324 LSI_SAS - ok
20:43:37.0725 12324 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:43:37.0726 12324 LSI_SAS2 - ok
20:43:37.0742 12324 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:43:37.0743 12324 LSI_SCSI - ok
20:43:37.0763 12324 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:43:37.0765 12324 luafv - ok
20:43:37.0782 12324 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:43:37.0783 12324 megasas - ok
20:43:37.0804 12324 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:43:37.0806 12324 MegaSR - ok
20:43:37.0823 12324 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:43:37.0824 12324 Modem - ok
20:43:37.0837 12324 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:43:37.0838 12324 monitor - ok
20:43:37.0873 12324 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:43:37.0874 12324 mouclass - ok
20:43:37.0901 12324 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:43:37.0901 12324 mouhid - ok
20:43:37.0941 12324 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:43:37.0943 12324 mountmgr - ok
20:43:37.0980 12324 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:43:37.0981 12324 mpio - ok
20:43:38.0005 12324 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:43:38.0006 12324 mpsdrv - ok
20:43:38.0045 12324 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:43:38.0048 12324 MRxDAV - ok
20:43:38.0086 12324 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:43:38.0087 12324 mrxsmb - ok
20:43:38.0122 12324 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:43:38.0124 12324 mrxsmb10 - ok
20:43:38.0140 12324 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:43:38.0141 12324 mrxsmb20 - ok
20:43:38.0181 12324 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:43:38.0182 12324 msahci - ok
20:43:38.0201 12324 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:43:38.0202 12324 msdsm - ok
20:43:38.0228 12324 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:43:38.0229 12324 Msfs - ok
20:43:38.0246 12324 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:43:38.0247 12324 mshidkmdf - ok
20:43:38.0267 12324 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:43:38.0268 12324 msisadrv - ok
20:43:38.0305 12324 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:43:38.0306 12324 MSKSSRV - ok
20:43:38.0321 12324 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:43:38.0322 12324 MSPCLOCK - ok
20:43:38.0333 12324 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:43:38.0334 12324 MSPQM - ok
20:43:38.0376 12324 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:43:38.0379 12324 MsRPC - ok
20:43:38.0400 12324 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:43:38.0401 12324 mssmbios - ok
20:43:38.0416 12324 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:43:38.0417 12324 MSTEE - ok
20:43:38.0432 12324 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:43:38.0433 12324 MTConfig - ok
20:43:38.0454 12324 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
20:43:38.0455 12324 MTsensor - ok
20:43:38.0467 12324 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:43:38.0468 12324 Mup - ok
20:43:38.0490 12324 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:43:38.0492 12324 NativeWifiP - ok
20:43:38.0603 12324 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120211.006\ENG64.SYS
20:43:38.0604 12324 NAVENG - ok
20:43:38.0655 12324 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120211.006\EX64.SYS
20:43:38.0667 12324 NAVEX15 - ok
20:43:38.0715 12324 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:43:38.0720 12324 NDIS - ok
20:43:38.0751 12324 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:43:38.0752 12324 NdisCap - ok
20:43:38.0772 12324 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:43:38.0773 12324 NdisTapi - ok
20:43:38.0806 12324 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:43:38.0807 12324 Ndisuio - ok
20:43:38.0865 12324 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:43:38.0867 12324 NdisWan - ok
20:43:38.0913 12324 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:43:38.0914 12324 NDProxy - ok
20:43:38.0946 12324 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:43:38.0947 12324 NetBIOS - ok
20:43:39.0003 12324 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:43:39.0004 12324 NetBT - ok
20:43:39.0164 12324 NETw1v64 (e72f4522801ffb8f0456924fb0017bff) C:\Windows\system32\DRIVERS\NETw1v64.sys
20:43:39.0198 12324 NETw1v64 - ok
20:43:39.0312 12324 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
20:43:39.0348 12324 NETw5s64 - ok
20:43:39.0371 12324 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:43:39.0372 12324 nfrd960 - ok
20:43:39.0395 12324 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:43:39.0396 12324 Npfs - ok
20:43:39.0429 12324 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:43:39.0429 12324 nsiproxy - ok
20:43:39.0489 12324 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:43:39.0497 12324 Ntfs - ok
20:43:39.0535 12324 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:43:39.0535 12324 Null - ok
20:43:39.0577 12324 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
20:43:39.0578 12324 NVHDA - ok
20:43:39.0802 12324 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:43:39.0863 12324 nvlddmkm - ok
20:43:39.0909 12324 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:43:39.0911 12324 nvraid - ok
20:43:39.0931 12324 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:43:39.0933 12324 nvstor - ok
20:43:39.0982 12324 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:43:39.0983 12324 nv_agp - ok
20:43:40.0025 12324 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:43:40.0026 12324 ohci1394 - ok
20:43:40.0061 12324 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:43:40.0062 12324 Parport - ok
20:43:40.0103 12324 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:43:40.0104 12324 partmgr - ok
20:43:40.0129 12324 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:43:40.0131 12324 pci - ok
20:43:40.0148 12324 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:43:40.0148 12324 pciide - ok
20:43:40.0174 12324 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:43:40.0176 12324 pcmcia - ok
20:43:40.0196 12324 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:43:40.0197 12324 pcw - ok
20:43:40.0233 12324 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:43:40.0237 12324 PEAUTH - ok
20:43:40.0305 12324 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:43:40.0306 12324 PptpMiniport - ok
20:43:40.0323 12324 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:43:40.0324 12324 Processor - ok
20:43:40.0367 12324 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:43:40.0368 12324 Psched - ok
20:43:40.0412 12324 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:43:40.0420 12324 ql2300 - ok
20:43:40.0443 12324 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:43:40.0444 12324 ql40xx - ok
20:43:40.0463 12324 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:43:40.0465 12324 QWAVEdrv - ok
20:43:40.0486 12324 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:43:40.0487 12324 RasAcd - ok
20:43:40.0515 12324 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:43:40.0516 12324 RasAgileVpn - ok
20:43:40.0558 12324 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:43:40.0560 12324 Rasl2tp - ok
20:43:40.0603 12324 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:43:40.0604 12324 RasPppoe - ok
20:43:40.0626 12324 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:43:40.0627 12324 RasSstp - ok
20:43:40.0670 12324 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:43:40.0672 12324 rdbss - ok
20:43:40.0689 12324 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:43:40.0690 12324 rdpbus - ok
20:43:40.0712 12324 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:43:40.0713 12324 RDPCDD - ok
20:43:40.0739 12324 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:43:40.0740 12324 RDPENCDD - ok
20:43:40.0763 12324 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:43:40.0764 12324 RDPREFMP - ok
20:43:40.0810 12324 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:43:40.0812 12324 RDPWD - ok
20:43:40.0851 12324 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:43:40.0853 12324 rdyboost - ok
20:43:40.0880 12324 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
20:43:40.0882 12324 RFCOMM - ok
20:43:40.0902 12324 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys
20:43:40.0903 12324 rimspci - ok
20:43:40.0918 12324 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\Windows\system32\DRIVERS\rixdpe64.sys
20:43:40.0919 12324 rixdpcie - ok
20:43:40.0967 12324 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
20:43:40.0970 12324 RsFx0103 - ok
20:43:40.0998 12324 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:43:40.0999 12324 rspndr - ok
20:43:41.0023 12324 RzSynapse (d2ceff3befe9c468717b6bb7fa4a5e44) C:\Windows\system32\DRIVERS\RzSynapse.sys
20:43:41.0024 12324 RzSynapse - ok
20:43:41.0062 12324 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:43:41.0064 12324 sbp2port - ok
20:43:41.0109 12324 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:43:41.0112 12324 scfilter - ok
20:43:41.0144 12324 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
20:43:41.0145 12324 sdbus - ok
20:43:41.0161 12324 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:43:41.0162 12324 secdrv - ok
20:43:41.0187 12324 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:43:41.0188 12324 Serenum - ok
20:43:41.0206 12324 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:43:41.0207 12324 Serial - ok
20:43:41.0245 12324 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:43:41.0246 12324 sermouse - ok
20:43:41.0299 12324 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:43:41.0300 12324 sffdisk - ok
20:43:41.0317 12324 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:43:41.0318 12324 sffp_mmc - ok
20:43:41.0333 12324 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:43:41.0334 12324 sffp_sd - ok
20:43:41.0358 12324 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:43:41.0359 12324 sfloppy - ok
20:43:41.0388 12324 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
20:43:41.0389 12324 SiSGbeLH - ok
20:43:41.0415 12324 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:43:41.0416 12324 SiSRaid2 - ok
20:43:41.0461 12324 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:43:41.0462 12324 SiSRaid4 - ok
20:43:41.0499 12324 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:43:41.0500 12324 Smb - ok
20:43:41.0570 12324 SNP2UVC (7aec460dbdd193680f0e77724e40e7b6) C:\Windows\system32\DRIVERS\snp2uvc.sys
20:43:41.0580 12324 SNP2UVC - ok
20:43:41.0619 12324 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:43:41.0620 12324 spldr - ok
20:43:41.0678 12324 SRTSP (b531fc8918dcdaae638511a123c3465e) C:\Windows\system32\Drivers\SRTSP64.SYS
20:43:41.0681 12324 SRTSP - ok
20:43:41.0707 12324 SRTSPL (2bd3a73d0601320b72486fc3ebc2544f) C:\Windows\system32\Drivers\SRTSPL64.SYS
20:43:41.0709 12324 SRTSPL - ok
20:43:41.0733 12324 SRTSPX (529b337c1aeeb289f0b502eb0ee6a8f5) C:\Windows\system32\Drivers\SRTSPX64.SYS
20:43:41.0734 12324 SRTSPX - ok
20:43:41.0774 12324 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:43:41.0777 12324 srv - ok
20:43:41.0814 12324 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:43:41.0817 12324 srv2 - ok
20:43:41.0841 12324 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:43:41.0842 12324 srvnet - ok
20:43:41.0872 12324 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:43:41.0873 12324 stexstor - ok
20:43:41.0908 12324 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:43:41.0909 12324 swenum - ok
20:43:41.0941 12324 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:43:41.0943 12324 SymEvent - ok
20:43:41.0963 12324 SynTP (0faa1933fbcf916c301ff94acc623031) C:\Windows\system32\DRIVERS\SynTP.sys
20:43:41.0965 12324 SynTP - ok
20:43:42.0056 12324 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:43:42.0067 12324 Tcpip - ok
20:43:42.0115 12324 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:43:42.0125 12324 TCPIP6 - ok
20:43:42.0170 12324 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:43:42.0171 12324 tcpipreg - ok
20:43:42.0196 12324 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:43:42.0197 12324 TDPIPE - ok
20:43:42.0218 12324 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:43:42.0219 12324 TDTCP - ok
20:43:42.0261 12324 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:43:42.0263 12324 tdx - ok
20:43:42.0291 12324 Teefer2 (ef6ccf8b483201f7196d83fc136fa43a) C:\Windows\system32\DRIVERS\teefer2.sys
20:43:42.0292 12324 Teefer2 - ok
20:43:42.0337 12324 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:43:42.0338 12324 TermDD - ok
20:43:42.0395 12324 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:43:42.0396 12324 tssecsrv - ok
20:43:42.0434 12324 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:43:42.0435 12324 TsUsbFlt - ok
20:43:42.0473 12324 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:43:42.0474 12324 tunnel - ok
20:43:42.0510 12324 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:43:42.0511 12324 uagp35 - ok
20:43:42.0555 12324 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:43:42.0558 12324 udfs - ok
20:43:42.0589 12324 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:43:42.0590 12324 uliagpkx - ok
20:43:42.0628 12324 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:43:42.0629 12324 umbus - ok
20:43:42.0646 12324 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:43:42.0647 12324 UmPass - ok
20:43:42.0677 12324 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:43:42.0679 12324 usbaudio - ok
20:43:42.0705 12324 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:43:42.0706 12324 usbccgp - ok
20:43:42.0730 12324 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:43:42.0732 12324 usbcir - ok
20:43:42.0755 12324 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:43:42.0756 12324 usbehci - ok
20:43:42.0781 12324 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:43:42.0783 12324 usbhub - ok
20:43:42.0801 12324 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:43:42.0802 12324 usbohci - ok
20:43:42.0844 12324 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:43:42.0845 12324 usbprint - ok
20:43:42.0871 12324 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:43:42.0873 12324 USBSTOR - ok
20:43:42.0898 12324 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:43:42.0899 12324 usbuhci - ok
20:43:42.0928 12324 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:43:42.0929 12324 usbvideo - ok
20:43:42.0957 12324 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:43:42.0958 12324 vdrvroot - ok
20:43:42.0991 12324 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:43:42.0992 12324 vga - ok
20:43:43.0012 12324 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:43:43.0013 12324 VgaSave - ok
20:43:43.0038 12324 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:43:43.0040 12324 vhdmp - ok
20:43:43.0060 12324 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:43:43.0061 12324 viaide - ok
20:43:43.0083 12324 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:43:43.0084 12324 volmgr - ok
20:43:43.0131 12324 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:43:43.0134 12324 volmgrx - ok
20:43:43.0159 12324 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:43:43.0161 12324 volsnap - ok
20:43:43.0182 12324 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:43:43.0184 12324 vsmraid - ok
20:43:43.0208 12324 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:43:43.0209 12324 vwifibus - ok
20:43:43.0231 12324 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:43:43.0232 12324 vwififlt - ok
20:43:43.0253 12324 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:43:43.0254 12324 WacomPen - ok
20:43:43.0274 12324 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:43:43.0275 12324 WANARP - ok
20:43:43.0280 12324 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:43:43.0281 12324 Wanarpv6 - ok
20:43:43.0315 12324 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:43:43.0316 12324 Wd - ok
20:43:43.0351 12324 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:43:43.0356 12324 Wdf01000 - ok
20:43:43.0387 12324 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:43:43.0388 12324 WfpLwf - ok
20:43:43.0429 12324 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
20:43:43.0430 12324 WimFltr - ok
20:43:43.0452 12324 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:43:43.0453 12324 WIMMount - ok
20:43:43.0516 12324 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:43:43.0517 12324 WmiAcpi - ok
20:43:43.0567 12324 WPS (1d98e69903bc3a2d8383696dd701b679) C:\Windows\system32\drivers\wpsdrvnt.sys
20:43:43.0568 12324 WPS - ok
20:43:43.0603 12324 WpsHelper (d9b5a13804b7d97770c42da484a9d86e) C:\Windows\system32\drivers\WpsHelper.sys
20:43:43.0605 12324 WpsHelper - ok
20:43:43.0628 12324 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:43:43.0630 12324 ws2ifsl - ok
20:43:43.0680 12324 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:43:43.0682 12324 WudfPf - ok
20:43:43.0711 12324 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:43:43.0713 12324 WUDFRd - ok
20:43:43.0750 12324 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:43:43.0821 12324 \Device\Harddisk0\DR0 - ok
20:43:43.0830 12324 Boot (0x1200) (be00757fcad9ca4e39d9526f30b548f1) \Device\Harddisk0\DR0\Partition0
20:43:43.0832 12324 \Device\Harddisk0\DR0\Partition0 - ok
20:43:43.0847 12324 Boot (0x1200) (263e54a9e265becfeebe2212c5c92659) \Device\Harddisk0\DR0\Partition1
20:43:43.0849 12324 \Device\Harddisk0\DR0\Partition1 - ok
20:43:43.0849 12324 ============================================================
20:43:43.0849 12324 Scan finished
20:43:43.0849 12324 ============================================================
20:43:43.0858 23300 Detected object count: 0
20:43:43.0858 23300 Actual detected object count: 0


Here is the aswMBR log



aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-11 21:27:50
-----------------------------
21:27:50.514 OS Version: Windows x64 6.1.7601 Service Pack 1
21:27:50.515 Number of processors: 4 586 0x2502
21:27:50.516 ComputerName: SEAN-LAPTAOP UserName: Sean
21:27:54.426 Initialize success
21:27:59.124 AVAST engine defs: 12021101
21:28:11.254 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:28:11.258 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3
21:28:11.283 Disk 0 MBR read successfully
21:28:11.286 Disk 0 MBR scan
21:28:11.291 Disk 0 Windows VISTA default MBR code
21:28:11.297 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 20001 MB offset 2048
21:28:11.319 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119232 MB offset 40965750
21:28:11.327 Disk 0 Partition - 00 0F Extended LBA 337702 MB offset 285153750
21:28:11.347 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 337702 MB offset 285153813
21:28:11.355 Service scanning
21:28:12.200 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
21:28:12.237 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
21:28:12.242 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
21:28:12.754 Modules scanning
21:28:12.764 Disk 0 trace - called modules:
21:28:12.772 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
21:28:12.779 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077c0060]
21:28:12.786 3 CLASSPNP.SYS[fffff88001d6043f] -> nt!IofCallDriver -> [0xfffffa800666d040]
21:28:12.793 5 ACPI.sys[fffff88000f867a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80074a8050]
21:28:18.643 AVAST engine scan C:\Windows
21:28:33.245 AVAST engine scan C:\Windows\system32
21:34:58.581 AVAST engine scan C:\Windows\system32\drivers
21:35:13.138 AVAST engine scan C:\Users\Sean
21:39:49.682 AVAST engine scan C:\ProgramData
21:41:23.513 Scan finished successfully
21:42:21.578 Disk 0 MBR has been saved successfully to "C:\Users\Sean\Desktop\MBR.dat"
21:42:21.584 The log file has been saved successfully to "C:\Users\Sean\Desktop\aswMBR.txt"
21:42:30.312 Disk 0 MBR has been saved successfully to "C:\Users\Sean\Desktop\MBR.dat"
21:42:30.321 The log file has been saved successfully to "C:\Users\Sean\Desktop\aswMBR.txt"

Edited by Dervajanky, 11 February 2012 - 09:44 PM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:47 PM

Posted 12 February 2012 - 01:20 AM

Hello


How are things running now?


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Dervajanky

Dervajanky
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 15 February 2012 - 10:14 PM

CF log

ComboFix 12-02-15.01 - Sean 02/15/2012 21:56:55.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8053.6022 [GMT -5:00]
Running from: c:\users\Sean\Desktop\ComboFix.exe
Command switches used :: c:\users\Sean\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-16 03:03 . 2012-02-16 03:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-12 16:37 . 2012-02-12 16:37 -------- d-----w- c:\users\Sean\AppData\Local\IsolatedStorage
2012-02-12 16:36 . 2012-02-12 16:36 -------- d-----w- c:\program files (x86)\TurboTax
2012-01-25 23:48 . 2012-01-25 23:48 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-12 16:34 . 2010-08-29 01:03 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-01-25 23:48 . 2011-09-28 19:29 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-25 23:06 . 2011-10-12 18:07 3642528 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-11-24 04:52 . 2011-12-17 00:57 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 14:58 . 2012-01-11 17:34 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 17:34 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-12_00.23.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-02-16 02:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-11 01:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-16 02:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-11 01:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-11 01:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-16 02:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-02-12 16:37 28702 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-10 11:54 . 2012-02-12 16:37 14842 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2358312811-2679556730-1227278864-1000_UserData.bin
+ 2010-08-10 11:53 . 2012-02-12 23:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-10 11:53 . 2012-01-30 03:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-01-11 15:40 . 2012-01-11 15:40 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-01-11 15:41 . 2012-01-11 15:41 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-01-11 15:40 . 2012-01-11 15:40 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-12 16:38 . 2012-02-12 16:38 50024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.QuickBaseClient\v4.0_6.0.24.0__30bbd97113d631f1\Intuit.Spc.Map.QuickBaseClient.dll
+ 2012-02-12 16:38 . 2012-02-12 16:38 57704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.Metrix.XmlSerializers\v4.0_6.0.24.0__30bbd97113d631f1\Intuit.Spc.Map.Metrix.XmlSerializers.dll
+ 2012-02-12 16:38 . 2012-02-12 16:38 79208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.Core\v4.0_6.0.24.0__30bbd97113d631f1\Intuit.Spc.Map.Core.dll
+ 2012-02-12 16:38 . 2012-02-12 16:38 58728 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.MajesticHtmlParser\v4.0_6.0.24.0__30bbd97113d631f1\Intuit.Spc.Map.3rdParty.MajesticHTMLParser.dll
+ 2012-02-12 16:38 . 2012-02-12 16:38 18792 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\v4.0_4.0.56.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
+ 2012-02-12 16:38 . 2012-02-12 16:38 47464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\v4.0_4.0.56.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
+ 2012-02-12 16:38 . 2012-02-12 16:38 18944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\v4.0_4.0.0.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
+ 2012-02-12 16:38 . 2012-02-12 16:38 45928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\v4.0_4.0.56.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.Update.exe
+ 2012-02-12 16:38 . 2012-02-12 16:38 40808 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv4\v4.0_4.0.56.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.ConfigUXv4.exe
+ 2012-02-12 16:38 . 2012-02-12 16:38 99688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\v4.0_4.0.56.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.DataAccess.dll
+ 2012-02-12 16:38 . 2012-02-12 16:38 44392 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess.XmlSerializers\v4.0_4.0.56.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.DataAccess.XmlSerializers.dll
+ 2012-02-12 16:38 . 2012-02-12 16:38 70504 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\v4.0_4.0.56.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.Common.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-11 15:39 . 2012-01-11 15:39 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-15 13:23 . 2012-02-15 13:23 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-15 13:23 . 2012-02-15 13:23 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-11 15:39 . 2012-01-11 15:39 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-08-12 21:44 . 2012-02-15 13:28 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-08-12 21:44 . 2012-01-12 20:50 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-08-12 21:44 . 2012-01-12 20:50 42848 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe
+ 2010-08-12 21:44 . 2012-02-15 13:28 42848 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe
+ 2010-08-12 21:44 . 2012-02-15 13:28 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-08-12 21:44 . 2012-01-12 20:50 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-01-11 15:39 . 2012-01-11 15:39 81248 c:\windows\assembly\temp\VYNGTJB6ZO\CustomMarshalers.dll
+ 2012-02-12 16:41 . 2012-02-12 16:41 14848 c:\windows\assembly\NativeImages_v4.0.30319_32\TVM\d7f374611a9165730aab03c050d104c4\TVM.ni.dll
+ 2010-08-15 13:07 . 2012-02-12 16:32 7458 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-02-15 13:17 . 2012-02-15 13:28 4338 c:\windows\SoftwareDistribution\PostRebootEventCache\{4DEAA331-7FE1-4351-A684-8BB1DC1A395C}.bin
+ 2012-02-12 16:34 . 2012-02-12 16:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-26 15:34 . 2012-01-26 15:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-26 15:34 . 2012-01-26 15:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-12 16:34 . 2012-02-12 16:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-12 16:38 . 2012-02-12 16:38 6656 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\v4.0_4.0.0.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
+ 2010-08-11 01:55 . 2012-02-16 01:31 393788 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 02:36 . 2012-02-09 20:56 730844 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-15 13:23 730844 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-02-15 13:23 148632 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-02-09 20:56 148632 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-01-26 15:32 439340 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-12 16:32 439340 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-15 13:24 . 2012-02-15 13:24 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-02-12 16:38 . 2012-02-12 16:38 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.Search\v4.0_6.0.24.0__30bbd97113d631f1\Intuit.Spc.Map.Search.dll
+ 2012-02-12 16:38 . 2012-02-12 16:38 480616 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\v4.0_6.0.24.0__30bbd97113d631f1\Intuit.Spc.Map.Reporter.dll
+ 2012-02-12 16:38 . 2012-02-12 16:38 212840 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter.XmlSerializers\v4.0_6.0.24.0__30bbd97113d631f1\Intuit.Spc.Map.Reporter.XmlSerializers.dll
+ 2012-02-12 16:38 . 2012-02-12 16:38 205160 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.QuickBaseClient.XmlSerializers\v4.0_6.0.24.0__30bbd97113d631f1\Intuit.Spc.Map.QuickBaseClient.XmlSerializers.dll
+ 2012-02-12 16:38 . 2012-02-12 16:38 135016 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.Metrix\v4.0_6.0.24.0__30bbd97113d631f1\Intuit.Spc.Map.Metrix.dll
+ 2012-02-12 16:38 . 2012-02-12 16:38 181608 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.SharpZipLib\v4.0_6.0.24.0__30bbd97113d631f1\Intuit.Spc.Map.3rdParty.SharpZipLib.dll
+ 2012-02-12 16:38 . 2012-02-12 16:38 402792 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Map.3rdParty.Lucene\v4.0_6.0.24.0__30bbd97113d631f1\Intuit.Spc.Map.3rdParty.Lucene.dll
+ 2012-02-12 16:38 . 2012-02-12 16:38 361832 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UX\v4.0_4.0.56.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Application.UX.dll
+ 2012-02-12 16:38 . 2012-02-12 16:38 423784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\v4.0_4.0.56.0__3ff6b78e2989595a\Intuit.Spc.Esd.WinClient.Api.Net.dll
+ 2012-02-12 16:38 . 2012-02-12 16:38 263528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\v4.0_4.0.16.0__3ff6b78e2989595a\Intuit.Spc.Esd.Core.dll
+ 2012-02-12 16:38 . 2012-02-12 16:38 196968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Core.XmlSerializers\v4.0_4.0.16.0__3ff6b78e2989595a\Intuit.Spc.Esd.Core.XmlSerializers.dll
+ 2012-02-12 16:38 . 2012-02-12 16:38 129896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\v4.0_4.0.56.0__3ff6b78e2989595a\Intuit.Spc.Esd.Client.BusinessLogic.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-01-11 15:40 . 2012-02-15 13:24 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-01-11 15:39 . 2012-02-15 13:23 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-11 15:39 . 2012-01-11 15:39 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-01-11 15:39 . 2012-02-15 13:23 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-11 15:39 . 2012-01-11 15:39 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-02-15 13:23 . 2012-02-15 13:23 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-02-12 16:38 . 2012-02-12 16:38 380776 c:\windows\Microsoft.NET\assembly\GAC_32\Intuit.Spc.Map.WindowsFirewallUtilities\v4.0_6.0.24.0__30bbd97113d631f1\Intuit.Spc.Map.WindowsFirewallUtilities.dll
+ 2011-12-30 23:56 . 2011-12-30 23:56 246272 c:\windows\Installer\47f56.msp
- 2010-08-12 21:44 . 2012-01-12 20:50 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-08-12 21:44 . 2012-02-15 13:28 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2010-08-12 21:44 . 2012-01-12 20:50 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-08-12 21:44 . 2012-02-15 13:28 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-08-12 21:44 . 2012-02-15 13:28 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2010-08-12 21:44 . 2012-01-12 20:50 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2010-08-12 21:44 . 2012-01-12 20:50 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-08-12 21:44 . 2012-02-15 13:28 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-08-12 21:44 . 2012-02-15 13:28 469856 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2010-08-12 21:44 . 2012-01-12 20:50 469856 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2010-08-12 21:44 . 2012-01-12 20:50 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2010-08-12 21:44 . 2012-02-15 13:28 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2012-01-11 15:40 . 2012-01-11 15:40 607064 c:\windows\assembly\temp\VALOXZEI2Z\System.Drawing.dll
+ 2012-01-11 15:40 . 2012-01-11 15:40 113512 c:\windows\assembly\temp\OCK8UZI6LG\System.ServiceProcess.dll
+ 2012-01-11 15:40 . 2012-01-11 15:40 269672 c:\windows\assembly\temp\JC9M5UBKMT\System.Transactions.dll
+ 2012-01-11 15:40 . 2012-01-11 15:40 857960 c:\windows\assembly\temp\ILQE26KMX7\System.Web.Services.dll
+ 2012-01-11 15:40 . 2012-01-11 15:40 261472 c:\windows\assembly\temp\HY1OM5RQ60\System.Security.dll
+ 2012-01-11 15:40 . 2012-01-11 15:40 138592 c:\windows\assembly\temp\5GHRBN6S7B\System.Xml.Linq.dll
+ 2012-01-11 15:39 . 2012-01-11 15:39 109568 c:\windows\assembly\temp\4FTEKFOVR7\System.EnterpriseServices.Wrapper.dll
+ 2012-01-11 15:39 . 2012-01-11 15:39 246128 c:\windows\assembly\temp\4FTEKFOVR7\System.EnterpriseServices.dll
+ 2012-01-11 15:40 . 2012-01-11 15:40 291184 c:\windows\assembly\temp\3W3QT8SBED\System.Runtime.Remoting.dll
+ 2012-01-11 15:40 . 2012-01-11 15:40 409448 c:\windows\assembly\temp\34288M1BRH\System.configuration.dll
+ 2012-02-12 16:41 . 2012-02-12 16:41 121856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inte#\36a0031459d98f87972800e657919dbb\System.Windows.Interactivity.ni.dll
+ 2012-02-15 13:26 . 2012-02-15 13:26 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\f7ddf9585d0b4b46437dc07b50955b64\System.Security.ni.dll
+ 2012-02-15 13:26 . 2012-02-15 13:26 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\746a79ac47809d2658daf85f2b5a2ad9\System.Dynamic.ni.dll
+ 2012-02-15 13:26 . 2012-02-15 13:26 224768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\74386d67c50ca97e37288764423c237d\System.Drawing.Design.ni.dll
+ 2012-02-15 13:26 . 2012-02-15 13:26 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1702c5e18cdd96c022d87c38561f19c9\System.Configuration.ni.dll
+ 2012-02-15 13:26 . 2012-02-15 13:26 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\a58dbf4346bc2bd65df689cb6b25326c\System.ComponentModel.Composition.ni.dll
+ 2012-02-15 13:26 . 2012-02-15 13:26 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9dbdf77b1208ccfea1b67b50084c3f1a\PresentationFramework.Aero.ni.dll
+ 2012-02-15 13:26 . 2012-02-15 13:26 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\870a3f81e3fa889dfd5f63ea813d1bb5\PresentationFramework.Royale.ni.dll
+ 2012-02-15 13:26 . 2012-02-15 13:26 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\5bf1ff80129ae0bca17f47ccf3dbc0c4\PresentationFramework.Classic.ni.dll
+ 2012-02-15 13:26 . 2012-02-15 13:26 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\590ab08a24d15cb6891608c80fdebb1a\PresentationFramework.Luna.ni.dll
+ 2012-02-12 16:41 . 2012-02-12 16:41 968192 c:\windows\assembly\NativeImages_v4.0.30319_32\Intuit.Ctg.Wte.Serv#\354f3086b3c813c43f57de08c3f3dd80\Intuit.Ctg.Wte.Service.Interface.ni.dll
+ 2012-02-12 16:40 . 2012-02-12 16:40 198656 c:\windows\assembly\NativeImages_v4.0.30319_32\IKVM.Runtime.JNI\3a329fbd207fee9300e667dd52681a4a\IKVM.Runtime.JNI.ni.dll
+ 2012-02-12 16:40 . 2012-02-12 16:40 697856 c:\windows\assembly\NativeImages_v4.0.30319_32\IKVM.OpenJDK.XML.API\9e982b7441dd525d3b123a3f8e00d23d\IKVM.OpenJDK.XML.API.ni.dll
+ 2012-02-12 16:40 . 2012-02-12 16:40 247808 c:\windows\assembly\NativeImages_v4.0.30319_32\common-utility\cf9f6ba940a240f39d411432ce7b5385\common-utility.ni.dll
+ 2011-10-13 23:43 . 2012-02-12 16:32 6822476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2358312811-2679556730-1227278864-1000-8192.dat
+ 2011-10-26 19:46 . 2011-10-26 19:46 3511880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
+ 2011-10-26 19:46 . 2011-10-26 19:46 3511880 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 3511880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-11 15:39 . 2012-02-15 13:23 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-11 15:39 . 2012-01-11 15:39 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-15 13:24 . 2012-02-15 13:24 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-01-11 15:39 . 2012-01-11 15:39 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-15 13:23 . 2012-02-15 13:23 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-01-11 15:40 . 2012-01-11 15:40 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-02-15 13:23 . 2012-02-15 13:23 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-11-18 23:52 . 2011-11-18 23:52 9183232 c:\windows\Installer\ec3f5be.msp
+ 2012-01-05 11:21 . 2012-01-05 11:21 4964864 c:\windows\Installer\ec3f5a7.msp
+ 2012-01-25 06:32 . 2012-01-25 06:32 3458560 c:\windows\Installer\ec3f590.msp
+ 2011-10-26 21:36 . 2011-10-26 21:36 2829312 c:\windows\Installer\ec3f57a.msp
+ 2012-01-25 23:15 . 2012-01-25 23:15 7598080 c:\windows\Installer\9eb8c40.msi
+ 2012-01-27 22:19 . 2012-01-27 22:19 1696768 c:\windows\Installer\48939.msi
+ 2012-02-07 00:42 . 2012-02-07 00:42 1150976 c:\windows\Installer\48933.msp
+ 2012-02-07 00:36 . 2012-02-07 00:36 4700160 c:\windows\Installer\488d9.msp
+ 2012-02-07 00:27 . 2012-02-07 00:27 8562176 c:\windows\Installer\4887b.msp
+ 2011-12-09 10:52 . 2011-12-09 10:52 1544704 c:\windows\Installer\47f40.msi
+ 2012-02-12 16:44 . 2012-02-12 16:44 1918288 c:\windows\Installer\{E463E171-4082-4744-A466-F7CBE8502789}\TurboTax.exe
- 2010-08-12 21:44 . 2012-01-12 20:50 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-08-12 21:44 . 2012-02-15 13:28 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-08-12 21:44 . 2012-02-15 13:28 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-08-12 21:44 . 2012-01-12 20:50 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-08-12 21:44 . 2012-02-15 13:28 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2010-08-12 21:44 . 2012-01-12 20:50 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-08-12 21:44 . 2012-02-15 13:28 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2010-08-12 21:44 . 2012-01-12 20:50 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-01-11 15:40 . 2012-01-11 15:40 3510600 c:\windows\assembly\temp\WDWW3VGQ90\System.dll
+ 2012-01-11 15:40 . 2012-01-11 15:40 1026936 c:\windows\assembly\temp\WCN8YRTHYY\System.Runtime.Serialization.dll
+ 2012-01-11 15:40 . 2012-01-11 15:40 1354584 c:\windows\assembly\temp\M9I6E4HYPV\System.Core.dll
+ 2012-01-11 15:40 . 2012-01-11 15:40 4464480 c:\windows\assembly\temp\ILO31KCH3B\System.Data.Entity.dll
+ 2012-01-11 15:39 . 2012-01-11 15:39 2975064 c:\windows\assembly\temp\HJ0YUXJGD3\System.Data.dll
+ 2012-01-11 15:40 . 2012-01-11 15:40 5028200 c:\windows\assembly\temp\F0LELFTH6X\System.Windows.Forms.dll
+ 2012-01-11 15:40 . 2012-01-11 15:40 2207568 c:\windows\assembly\temp\BUNVVA6Y9A\System.XML.dll
+ 2012-02-15 13:26 . 2012-02-15 13:26 3857920 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6be8cdc102f384653338279eff1f78fd\WindowsBase.ni.dll
+ 2012-02-12 16:40 . 2012-02-12 16:40 3345920 c:\windows\assembly\NativeImages_v4.0.30319_32\ttax\e8d13e772e97c91ffee197dd616f2391\ttax.ni.dll
+ 2012-02-15 13:26 . 2012-02-15 13:26 9091584 c:\windows\assembly\NativeImages_v4.0.30319_32\System\9c4788acc8f93c33214865395cee2e1c\System.ni.dll
+ 2012-02-15 13:26 . 2012-02-15 13:26 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a588133985ef7510d4cc8cc7924f8ec3\System.Xml.ni.dll
+ 2012-02-15 13:26 . 2012-02-15 13:26 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9d5b252266a6084a611b2be84fac9e1c\System.Drawing.ni.dll
+ 2012-02-15 13:26 . 2012-02-15 13:26 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\25a90057cd6623c3b3cc07e53c8de77a\System.Data.ni.dll
+ 2012-02-15 13:26 . 2012-02-15 13:26 2549760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\79ff5fcb68fc0f3dce4571f8fa950a51\System.Data.SqlXml.ni.dll
+ 2012-02-15 13:26 . 2012-02-15 13:26 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\ae45172466a99ef79ed2ab3ae5ad0ef9\System.Data.Linq.ni.dll
+ 2012-02-15 13:26 . 2012-02-15 13:26 7069696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\b6ac99f2787a9a672d7a696ef25588ee\System.Core.ni.dll
+ 2012-02-12 16:40 . 2012-02-12 16:40 9846784 c:\windows\assembly\NativeImages_v4.0.30319_32\print-engine\7fbae26623d30ca8dc79ca31c928aed7\print-engine.ni.dll
+ 2012-02-15 13:26 . 2012-02-15 13:26 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\bc7e22b7991a4f23c6bb9e83e2241d05\Microsoft.CSharp.ni.dll
+ 2012-02-12 16:41 . 2012-02-12 16:41 1678848 c:\windows\assembly\NativeImages_v4.0.30319_32\Intuit.Ctg.Map\0ff00c3690bfee1d52095a0376820c6d\Intuit.Ctg.Map.ni.dll
+ 2012-02-12 16:40 . 2012-02-12 16:40 2120704 c:\windows\assembly\NativeImages_v4.0.30319_32\IKVM.Runtime\ecbda0548b22c95df36a90e09b081655\IKVM.Runtime.ni.dll
+ 2012-02-12 16:40 . 2012-02-12 16:40 4390912 c:\windows\assembly\NativeImages_v4.0.30319_32\IKVM.OpenJDK.Util\da52faed8d56f966a0bb198ead6c1960\IKVM.OpenJDK.Util.ni.dll
+ 2012-02-12 16:40 . 2012-02-12 16:40 1371136 c:\windows\assembly\NativeImages_v4.0.30319_32\IKVM.OpenJDK.Text\d2f0f83ff5705721d518c8efb1fd4d8d\IKVM.OpenJDK.Text.ni.dll
+ 2012-02-12 16:40 . 2012-02-12 16:40 6602240 c:\windows\assembly\NativeImages_v4.0.30319_32\IKVM.OpenJDK.Securi#\368334cea18c8a8679c2108f1e80a1b7\IKVM.OpenJDK.Security.ni.dll
+ 2012-02-12 16:40 . 2012-02-12 16:40 8305664 c:\windows\assembly\NativeImages_v4.0.30319_32\IKVM.OpenJDK.Core\ac75f5b4be52f3cc525606643340be0c\IKVM.OpenJDK.Core.ni.dll
- 2009-07-14 02:34 . 2012-01-26 15:32 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-02-15 13:17 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-10-18 13:47 . 2012-02-15 13:17 54585368 c:\windows\system32\MRT.exe
+ 2011-11-06 04:35 . 2012-02-12 16:32 42887028 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2358312811-2679556730-1227278864-1000-4096.dat
+ 2011-12-09 10:52 . 2011-12-09 10:52 10202624 c:\windows\Installer\47f4d.msi
+ 2011-12-09 10:53 . 2011-12-09 10:53 35485696 c:\windows\Installer\47f48.msi
+ 2011-12-09 10:52 . 2011-12-09 10:52 34902528 c:\windows\Installer\47f44.msi
+ 2012-02-16 02:56 . 2012-02-16 02:56 10616832 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2012-02-15 13:25 . 2012-02-15 13:25 11879936 c:\windows\assembly\NativeImages_v4.0.30319_64\System\bbcac65b1d0045229354424a7595e258\System.ni.dll
+ 2012-02-15 13:26 . 2012-02-15 13:26 13138432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\edfa0f31cc4950e16011ecb549f553f7\System.Windows.Forms.ni.dll
+ 2012-02-15 13:27 . 2012-02-15 13:27 10999296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\0b9f5624d4eae19a085bb319e83a2d26\System.Design.ni.dll
+ 2012-02-15 13:27 . 2012-02-15 13:27 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bdf555b4cfed144a3b0b60e0308cbf2b\PresentationFramework.ni.dll
+ 2012-02-15 13:26 . 2012-02-15 13:26 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\37cfa5ae8473995db30414fa29167c28\PresentationCore.ni.dll
+ 2012-02-12 16:40 . 2012-02-12 16:40 10001408 c:\windows\assembly\NativeImages_v4.0.30319_32\itext\59049629c814b4e7a678a9fb7b2bd228\itext.ni.dll
+ 2012-02-12 16:40 . 2012-02-12 16:40 14786560 c:\windows\assembly\NativeImages_v4.0.30319_32\IKVM.OpenJDK.SwingA#\27c43786fc079290a3cdf6c8af7b18d4\IKVM.OpenJDK.SwingAWT.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2010-09-16 4425048]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-02 39408]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-17 3077528]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-09 6937216]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"VolPanel"="c:\program files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" [2008-12-30 237693]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-01-25 115560]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\NagaTray.exe" [2010-05-11 810880]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
.
c:\users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-8-12 0]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-02 135664]
R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-03-02 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-03-02 79360]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-02 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x]
R3 RzSynapse;Razer Naga Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 138360]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-02 23:20]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-02 23:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EeeStorageBackup"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-11-26 1732608]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: intuit.com\ttlc
Trusted Zone: kongregate.com\www
TCP: DhcpNameServer = 192.168.0.1
DPF: {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} - hxxp://optimum.net/downloads/TNetworkScannerXControl.ocx
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-15 22:04:35
ComboFix-quarantined-files.txt 2012-02-16 03:04
ComboFix2.txt 2012-02-12 00:48
.
Pre-Run: 20,023,496,704 bytes free
Post-Run: 20,031,750,144 bytes free
.
- - End Of File - - A6EDE0B32557C656A7495D9A5692D6D0


Still no problems with the datingpuma redirect, although I have had a series of trojans appearing that were not before.
DWHF34F.tmp Trojan.Gen.2 C:\Users\Sean\Appdata\Local\Temp
DWH2F18.tmp Trojan.Gen.2 C:\Users\Sean\Appdata\Local\Temp
DWH4392.tmp Trojan.Gen.2 C:\Users\Sean\Appdata\Local\Temp
Example names and locations of the trojens, as well as "threat type" listing from symantec

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:47 PM

Posted 15 February 2012 - 10:34 PM

Hello

Still no problems with the datingpuma redirect, although I have had a series of trojans appearing that were not before.
DWHF34F.tmp Trojan.Gen.2 C:\Users\Sean\Appdata\Local\Temp
DWH2F18.tmp Trojan.Gen.2 C:\Users\Sean\Appdata\Local\Temp
DWH4392.tmp Trojan.Gen.2 C:\Users\Sean\Appdata\Local\Temp
Example names and locations of the trojens, as well as "threat type" listing from symantec


Symantec being buggy

http://www.symantec.com/connect/forums/generic-trojan-dwhtmp-temp-folder

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.2 MUI
Java™ 6 Update 29
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Dervajanky

Dervajanky
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 15 February 2012 - 10:48 PM

I will get to this tomorrow.

On a related note: will I need to remove adobe acrobat in addition to adobe reader?

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:47 PM

Posted 15 February 2012 - 11:27 PM

adobe acrobat in addition to adobe reader?


no just reader



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:47 PM

Posted 19 February 2012 - 01:44 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Dervajanky

Dervajanky
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 19 February 2012 - 09:08 AM

my apologies, in addition to being sick, I've had a couple of busy days and have not had time to complete your instructions yet. with luck, I shoul be able to after my shift at work today

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:47 PM

Posted 19 February 2012 - 04:43 PM

No problem and thanks for letting me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:47 PM

Posted 22 February 2012 - 08:44 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users