Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hard disk failure - possible malware attack?


  • This topic is locked This topic is locked
22 replies to this topic

#1 kayjan04

kayjan04

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:43 AM

Posted 02 March 2012 - 10:13 PM

I apologize but I'm not quite sure what is wrong with my mother's laptop. It keeps reporting a hard disk failure warning. She was told by someone at HP Support that it is a result of an infection.

Below is the DDS log. She has a 64-bit operating system so I did not run GMER.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Betty at 21:58:33 on 2012-03-02
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO: EgisPBIE Class: {7b51ccbe-4af9-44a6-bdab-d7f7e4c4e6f9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [iYogi Support Dock] "C:\Program Files (x86)\iYogi Support Dock\iYogiSupportDock.exe"
dRun: [Bomgar_Cleanup_ZD57548714] cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-000000004F4C00E2" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD57548714 /f
StartupFolder: C:\Users\Betty\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8060F998-1511-40CC-BED2-6D1B9EB67EA4} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8060F998-1511-40CC-BED2-6D1B9EB67EA4}\2375942554534313 : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = EgisPwdFilter EgisDSPwdFilter
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll
BHO-X64: EgisPBIE - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [iYogi Support Dock] "C:\Program Files (x86)\iYogi Support Dock\iYogiSupportDock.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\fkxlddag.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-03-02 16:01:07 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E4E3151C-A07F-44E8-B7D3-95A9CDDF4442}\mpengine.dll
2012-03-02 00:38:31 0 ----a-w- C:\Windows\SysWow64\shoFA10.tmp
2012-02-29 00:30:20 -------- d-----w- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-02-27 22:34:28 -------- d-----w- C:\Users\Betty\AppData\Roaming\iYogi
2012-02-27 22:32:24 -------- d-----w- C:\ProgramData\iYogi
2012-02-27 22:31:52 -------- d-----w- C:\Program Files (x86)\iYogi Support Dock
2012-02-27 22:30:53 -------- d-----w- C:\Users\Betty\AppData\Roaming\Malwarebytes
2012-02-27 22:30:37 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-27 22:30:34 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-27 22:30:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-27 21:58:15 0 ----a-w- C:\Windows\SysWow64\shoB996.tmp
2012-02-20 02:16:27 -------- d-----w- C:\Users\Betty\AppData\Roaming\PrimoPDF
2012-02-20 02:15:40 95008 ----a-w- C:\Windows\System32\Primomonnt.dll
2012-02-20 02:15:34 -------- d-----w- C:\Program Files (x86)\Nitro PDF
2012-02-19 17:01:42 0 ----a-w- C:\Windows\SysWow64\shoD401.tmp
2012-02-18 03:34:39 -------- d-----w- C:\Users\Betty\AppData\Roaming\SmartDraw
2012-02-11 15:45:10 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A4CDB17E-ED4E-4F15-8E61-F9A73486C849}\gapaengine.dll
2012-02-10 21:08:54 0 ----a-w- C:\Windows\SysWow64\sho3928.tmp
.
==================== Find3M ====================
.
2012-02-15 17:29:49 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-12-16 08:46:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 22:06:16.09 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:43 PM

Posted 04 March 2012 - 01:41 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kayjan04

kayjan04
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:43 AM

Posted 05 March 2012 - 05:44 PM

Gringo,

I followed the steps above; below you will find the log. The computer's activity has not changed. I received the error message stating the illegal operation & rebooted after ComboFix. The warning messages at the onset of booting remain the same:

"The SMART Hard disk check has detected an imminent failure...backup immediately...run the Hard Disk Test..."

"Windows detected a hard disk problem..."



ComboFix 12-03-04.02 - Betty 03/04/2012 21:37:12.1.4 - x64
Running from: c:\users\Betty\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Betty\Documents\ZDS00779.TMP
c:\users\Betty\Documents\ZDS00849.TMP
c:\users\Betty\Documents\ZDS05485.TMP
c:\users\Betty\Documents\ZDS14825.TMP
c:\users\Betty\Documents\ZDS14845.TMP
c:\users\Betty\Documents\ZDS21291.TMP
c:\users\Betty\Documents\ZDS21731.TMP
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-05 02:50 . 2012-03-05 02:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-04 05:06 . 2012-03-04 05:06 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6E4F33D-68BF-4360-91E6-31A02BAE89BC}\offreg.dll
2012-03-04 02:33 . 2012-02-20 06:05 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6E4F33D-68BF-4360-91E6-31A02BAE89BC}\mpengine.dll
2012-02-29 00:30 . 2012-02-29 00:30 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-02-27 22:34 . 2012-02-27 22:34 -------- d-----w- c:\users\Betty\AppData\Roaming\iYogi
2012-02-27 22:32 . 2012-02-27 22:41 -------- d-----w- c:\programdata\iYogi
2012-02-27 22:31 . 2012-02-27 23:20 -------- d-----w- c:\program files (x86)\iYogi Support Dock
2012-02-27 22:30 . 2012-02-27 22:30 -------- d-----w- c:\users\Betty\AppData\Roaming\Malwarebytes
2012-02-27 22:30 . 2012-02-27 22:30 -------- d-----w- c:\programdata\Malwarebytes
2012-02-27 22:30 . 2012-02-27 22:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-27 22:30 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-20 02:16 . 2012-02-20 02:17 -------- d-----w- c:\users\Betty\AppData\Roaming\PrimoPDF
2012-02-20 02:15 . 2011-02-28 22:37 95008 ----a-w- c:\windows\system32\Primomonnt.dll
2012-02-20 02:15 . 2012-02-20 02:15 -------- d-----w- c:\program files (x86)\Nitro PDF
2012-02-18 03:34 . 2012-02-18 03:38 -------- d-----w- c:\users\Betty\AppData\Roaming\SmartDraw
2012-02-15 17:29 . 2012-02-15 17:29 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-02 00:38 . 2012-03-02 00:38 0 ----a-w- c:\windows\SysWow64\shoFA10.tmp
2012-02-27 21:58 . 2012-02-27 21:58 0 ----a-w- c:\windows\SysWow64\shoB996.tmp
2012-02-19 17:01 . 2012-02-19 17:01 0 ----a-w- c:\windows\SysWow64\shoD401.tmp
2012-02-15 17:29 . 2011-06-07 21:30 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-10 21:08 . 2012-02-10 21:08 0 ----a-w- c:\windows\SysWow64\sho3928.tmp
2012-01-29 10:10 . 2011-04-05 14:02 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-30 05:27 . 2012-02-17 02:04 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-16 07:54 . 2012-02-17 02:04 981504 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]
"VitaKeyTSR"="c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe" [2010-06-09 380272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-11-03 365336]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"iYogi Support Dock"="c:\program files (x86)\iYogi Support Dock\iYogiSupportDock.exe" [2011-12-06 1639664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bomgar_Cleanup_ZD57548714"="rd" [X]
.
c:\users\Betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 SupportDockService.exe;Support Dock Service;c:\program files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockService.exe [2011-11-18 76288]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-05-17 89600]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DMAgent;IntelŽ PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-06-07 408576]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-06-25 338168]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [2010-06-09 697712]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-06-09 646000]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-06-14 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 IYSODiskOptimizer;IYSODiskOptimizer;c:\program files (x86)\iYogi Support Dock\pccare\IYSODefragSrv64.exe [2010-04-20 286720]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-04-15 2533400]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
S2 WiMAXAppSrv;IntelŽ PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPNAT
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-29 c:\windows\Tasks\HPCeeScheduleForBetty.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-26 324096]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-21 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-17 525312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"combofix"="c:\combofix\CF24208.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\fkxlddag.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-04 22:06:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-05 03:06
.
Pre-Run: 533,137,227,776 bytes free
Post-Run: 533,488,287,744 bytes free
.
- - End Of File - - 1B753E1AFD7423BDEE7DBB7BE756755F

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:43 PM

Posted 05 March 2012 - 07:55 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 kayjan04

kayjan04
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:43 AM

Posted 06 March 2012 - 09:19 PM

Below you will find the log for TDSS Killer. During the aswMBR scan, the computer shut down and rebooted with a screen stating that a problem has been detected and windows has been shut down to prevent damage...to follow certain steps, if the screen resurfaced after restarting...and then it began dumping physical memory to disk.

20:14:58.0214 5048 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
20:14:58.0775 5048 ============================================================
20:14:58.0775 5048 Current date / time: 2012/03/06 20:14:58.0775
20:14:58.0775 5048 SystemInfo:
20:14:58.0775 5048
20:14:58.0775 5048 OS Version: 6.1.7601 ServicePack: 1.0
20:14:58.0775 5048 Product type: Workstation
20:14:58.0775 5048 ComputerName: BETTY-HP
20:14:58.0775 5048 UserName: Betty
20:14:58.0775 5048 Windows directory: C:\Windows
20:14:58.0775 5048 System windows directory: C:\Windows
20:14:58.0775 5048 Running under WOW64
20:14:58.0775 5048 Processor architecture: Intel x64
20:14:58.0775 5048 Number of processors: 4
20:14:58.0775 5048 Page size: 0x1000
20:14:58.0775 5048 Boot type: Normal boot
20:14:58.0775 5048 ============================================================
20:15:13.0892 5048 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:15:13.0907 5048 \Device\Harddisk0\DR0:
20:15:13.0907 5048 MBR used
20:15:13.0907 5048 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:15:13.0907 5048 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x4786E000
20:15:13.0907 5048 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x478D2000, BlocksNum 0x2F52000
20:15:13.0907 5048 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
20:15:14.0032 5048 Initialize success
20:15:14.0032 5048 ============================================================
20:15:16.0778 2092 ============================================================
20:15:16.0778 2092 Scan started
20:15:16.0778 2092 Mode: Manual;
20:15:16.0778 2092 ============================================================
20:15:26.0419 2092 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:15:26.0419 2092 1394ohci - ok
20:15:26.0637 2092 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
20:15:26.0637 2092 Accelerometer - ok
20:15:26.0777 2092 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:15:26.0777 2092 ACPI - ok
20:15:26.0949 2092 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:15:26.0949 2092 AcpiPmi - ok
20:15:27.0183 2092 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:15:27.0183 2092 adp94xx - ok
20:15:27.0401 2092 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:15:27.0401 2092 adpahci - ok
20:15:27.0854 2092 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:15:27.0854 2092 adpu320 - ok
20:15:28.0135 2092 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:15:28.0150 2092 AFD - ok
20:15:28.0275 2092 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:15:28.0275 2092 agp440 - ok
20:15:29.0445 2092 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:15:29.0539 2092 aliide - ok
20:15:29.0819 2092 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:15:29.0819 2092 amdide - ok
20:15:29.0991 2092 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:15:30.0007 2092 AmdK8 - ok
20:15:30.0163 2092 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:15:30.0163 2092 AmdPPM - ok
20:15:30.0365 2092 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:15:30.0381 2092 amdsata - ok
20:15:30.0568 2092 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:15:30.0568 2092 amdsbs - ok
20:15:30.0724 2092 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:15:30.0724 2092 amdxata - ok
20:15:30.0880 2092 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:15:30.0896 2092 AppID - ok
20:15:31.0145 2092 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:15:31.0145 2092 arc - ok
20:15:31.0286 2092 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:15:31.0286 2092 arcsas - ok
20:15:31.0457 2092 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:15:31.0457 2092 AsyncMac - ok
20:15:32.0081 2092 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:15:32.0081 2092 atapi - ok
20:15:32.0393 2092 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:15:32.0393 2092 b06bdrv - ok
20:15:32.0721 2092 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:15:32.0737 2092 b57nd60a - ok
20:15:33.0017 2092 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:15:33.0017 2092 Beep - ok
20:15:33.0220 2092 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:15:33.0220 2092 blbdrive - ok
20:15:33.0345 2092 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:15:33.0345 2092 bowser - ok
20:15:33.0454 2092 bpenum (f46dd257fad7d2d097ef32e72220a06c) C:\Windows\system32\DRIVERS\bpenum.sys
20:15:33.0454 2092 bpenum - ok
20:15:33.0751 2092 bpmp (e82060aed0f28ed8909f2b07fa276185) C:\Windows\system32\DRIVERS\bpmp.sys
20:15:33.0751 2092 bpmp - ok
20:15:33.0891 2092 bpusb (fc6313a5a45c1ae53d0491f0057d5a4d) C:\Windows\system32\Drivers\bpusb.sys
20:15:33.0891 2092 bpusb - ok
20:15:34.0016 2092 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:15:34.0016 2092 BrFiltLo - ok
20:15:34.0109 2092 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:15:34.0109 2092 BrFiltUp - ok
20:15:34.0343 2092 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:15:34.0343 2092 BridgeMP - ok
20:15:34.0546 2092 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:15:34.0546 2092 Brserid - ok
20:15:34.0858 2092 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:15:34.0952 2092 BrSerWdm - ok
20:15:36.0325 2092 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:15:36.0418 2092 BrUsbMdm - ok
20:15:37.0526 2092 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:15:37.0526 2092 BrUsbSer - ok
20:15:37.0838 2092 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:15:37.0838 2092 BTHMODEM - ok
20:15:37.0900 2092 catchme - ok
20:15:38.0025 2092 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:15:38.0025 2092 cdfs - ok
20:15:38.0197 2092 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:15:38.0197 2092 cdrom - ok
20:15:38.0306 2092 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:15:38.0321 2092 circlass - ok
20:15:38.0431 2092 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:15:38.0431 2092 CLFS - ok
20:15:38.0618 2092 clwvd (9573e8c7c3b3d1625fd941841fd0859c) C:\Windows\system32\DRIVERS\clwvd.sys
20:15:38.0618 2092 clwvd - ok
20:15:38.0711 2092 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:15:38.0711 2092 CmBatt - ok
20:15:38.0836 2092 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:15:38.0836 2092 cmdide - ok
20:15:38.0961 2092 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:15:38.0961 2092 CNG - ok
20:15:39.0101 2092 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:15:39.0101 2092 Compbatt - ok
20:15:39.0257 2092 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:15:39.0257 2092 CompositeBus - ok
20:15:39.0382 2092 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:15:39.0382 2092 crcdisk - ok
20:15:39.0694 2092 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:15:39.0694 2092 DfsC - ok
20:15:39.0803 2092 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:15:39.0803 2092 discache - ok
20:15:39.0897 2092 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:15:39.0913 2092 Disk - ok
20:15:40.0037 2092 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:15:40.0037 2092 drmkaud - ok
20:15:40.0178 2092 DVMIO (a298aea9fca253e7eff040a08c7c6376) C:\Windows\system32\DRIVERS\dvmio.sys
20:15:40.0178 2092 DVMIO - ok
20:15:40.0365 2092 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:15:40.0381 2092 DXGKrnl - ok
20:15:40.0786 2092 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:15:40.0880 2092 ebdrv - ok
20:15:41.0051 2092 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:15:41.0051 2092 elxstor - ok
20:15:41.0161 2092 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:15:41.0161 2092 ErrDev - ok
20:15:41.0332 2092 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:15:41.0332 2092 exfat - ok
20:15:41.0644 2092 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:15:41.0660 2092 fastfat - ok
20:15:41.0925 2092 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:15:41.0925 2092 fdc - ok
20:15:42.0065 2092 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:15:42.0065 2092 FileInfo - ok
20:15:42.0175 2092 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:15:42.0175 2092 Filetrace - ok
20:15:42.0487 2092 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:15:42.0565 2092 flpydisk - ok
20:15:44.0359 2092 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:15:44.0468 2092 FltMgr - ok
20:15:44.0733 2092 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:15:44.0733 2092 FsDepends - ok
20:15:44.0827 2092 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:15:44.0827 2092 Fs_Rec - ok
20:15:44.0936 2092 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:15:44.0936 2092 fvevol - ok
20:15:45.0061 2092 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:15:45.0061 2092 gagp30kx - ok
20:15:45.0185 2092 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:15:45.0185 2092 GEARAspiWDM - ok
20:15:45.0373 2092 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:15:45.0373 2092 hcw85cir - ok
20:15:45.0513 2092 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:15:45.0529 2092 HdAudAddService - ok
20:15:46.0012 2092 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:15:46.0012 2092 HDAudBus - ok
20:15:46.0277 2092 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
20:15:46.0293 2092 HECIx64 - ok
20:15:46.0480 2092 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:15:46.0480 2092 HidBatt - ok
20:15:46.0667 2092 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:15:46.0667 2092 HidBth - ok
20:15:46.0777 2092 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:15:46.0777 2092 HidIr - ok
20:15:47.0104 2092 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:15:47.0104 2092 HidUsb - ok
20:15:47.0260 2092 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
20:15:47.0260 2092 hpdskflt - ok
20:15:47.0432 2092 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:15:47.0432 2092 HpSAMD - ok
20:15:48.0290 2092 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:15:48.0305 2092 HTTP - ok
20:15:48.0415 2092 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:15:48.0415 2092 hwpolicy - ok
20:15:48.0571 2092 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:15:48.0571 2092 i8042prt - ok
20:15:48.0695 2092 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
20:15:48.0695 2092 iaStor - ok
20:15:49.0226 2092 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:15:49.0241 2092 iaStorV - ok
20:15:51.0191 2092 igfx (1be8d9ca4f2363b8e8015621878e0043) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:15:51.0410 2092 igfx - ok
20:15:51.0535 2092 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:15:51.0815 2092 iirsp - ok
20:15:53.0032 2092 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
20:15:53.0032 2092 Impcd - ok
20:15:54.0311 2092 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
20:15:54.0327 2092 IntcDAud - ok
20:15:55.0091 2092 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:15:55.0466 2092 intelide - ok
20:15:56.0277 2092 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:15:57.0135 2092 intelppm - ok
20:15:57.0307 2092 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:15:58.0383 2092 IpFilterDriver - ok
20:15:59.0116 2092 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:15:59.0319 2092 IPMIDRV - ok
20:16:01.0238 2092 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:16:01.0347 2092 IPNAT - ok
20:16:04.0576 2092 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:16:04.0685 2092 IRENUM - ok
20:16:07.0697 2092 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:16:08.0274 2092 isapnp - ok
20:16:14.0639 2092 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:16:14.0998 2092 iScsiPrt - ok
20:16:20.0240 2092 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:16:20.0240 2092 kbdclass - ok
20:16:24.0795 2092 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:16:26.0012 2092 kbdhid - ok
20:16:33.0188 2092 KL1 (8d7120743a0973ceab548b475c9d4289) C:\Windows\system32\DRIVERS\kl1.sys
20:16:33.0328 2092 KL1 - ok
20:16:34.0919 2092 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\Windows\system32\DRIVERS\kl2.sys
20:16:34.0919 2092 kl2 - ok
20:16:36.0292 2092 KLIF (c1786c2f8de0f62e076f7ef8dea4e87a) C:\Windows\system32\DRIVERS\klif.sys
20:16:36.0292 2092 KLIF - ok
20:16:37.0197 2092 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
20:16:37.0197 2092 KLIM6 - ok
20:16:38.0242 2092 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
20:16:38.0242 2092 klmouflt - ok
20:16:39.0100 2092 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:16:39.0194 2092 KSecDD - ok
20:16:40.0395 2092 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:16:40.0411 2092 KSecPkg - ok
20:16:41.0300 2092 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:16:41.0409 2092 ksthunk - ok
20:16:42.0704 2092 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:16:42.0797 2092 lltdio - ok
20:16:43.0921 2092 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:16:44.0014 2092 LSI_FC - ok
20:16:44.0903 2092 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:16:45.0013 2092 LSI_SAS - ok
20:16:46.0073 2092 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:16:46.0167 2092 LSI_SAS2 - ok
20:16:47.0275 2092 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:16:47.0368 2092 LSI_SCSI - ok
20:16:48.0351 2092 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:16:48.0445 2092 luafv - ok
20:16:49.0349 2092 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:16:49.0443 2092 megasas - ok
20:16:50.0551 2092 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:16:50.0566 2092 MegaSR - ok
20:16:51.0565 2092 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:16:51.0658 2092 Modem - ok
20:16:53.0000 2092 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:16:53.0000 2092 monitor - ok
20:16:55.0933 2092 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:16:55.0933 2092 mouclass - ok
20:16:59.0053 2092 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:16:59.0333 2092 mouhid - ok
20:17:02.0360 2092 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:17:02.0438 2092 mountmgr - ok
20:17:04.0107 2092 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:17:04.0216 2092 mpio - ok
20:17:05.0573 2092 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:17:05.0667 2092 mpsdrv - ok
20:17:07.0336 2092 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:17:07.0445 2092 MRxDAV - ok
20:17:08.0756 2092 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:17:08.0896 2092 mrxsmb - ok
20:17:10.0519 2092 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:17:10.0534 2092 mrxsmb10 - ok
20:17:11.0455 2092 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:17:11.0564 2092 mrxsmb20 - ok
20:17:12.0952 2092 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:17:12.0952 2092 msahci - ok
20:17:14.0372 2092 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:17:14.0481 2092 msdsm - ok
20:17:15.0604 2092 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:17:15.0823 2092 Msfs - ok
20:17:17.0164 2092 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:17:17.0258 2092 mshidkmdf - ok
20:17:18.0287 2092 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:17:18.0287 2092 msisadrv - ok
20:17:19.0879 2092 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:17:19.0988 2092 MSKSSRV - ok
20:17:21.0423 2092 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:17:21.0688 2092 MSPCLOCK - ok
20:17:23.0576 2092 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:17:23.0685 2092 MSPQM - ok
20:17:25.0495 2092 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:17:25.0619 2092 MsRPC - ok
20:17:26.0945 2092 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:17:26.0961 2092 mssmbios - ok
20:17:28.0677 2092 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:17:28.0786 2092 MSTEE - ok
20:17:30.0471 2092 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:17:30.0611 2092 MTConfig - ok
20:17:33.0653 2092 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:17:52.0046 2092 Mup - ok
20:17:53.0372 2092 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:17:53.0387 2092 NativeWifiP - ok
20:17:53.0575 2092 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:17:53.0606 2092 NDIS - ok
20:17:54.0511 2092 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:17:54.0776 2092 NdisCap - ok
20:17:59.0830 2092 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:18:00.0111 2092 NdisTapi - ok
20:18:03.0590 2092 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:18:03.0824 2092 Ndisuio - ok
20:18:07.0646 2092 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:18:07.0802 2092 NdisWan - ok
20:18:10.0672 2092 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:18:10.0953 2092 NDProxy - ok
20:18:14.0884 2092 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:18:15.0321 2092 NetBIOS - ok
20:18:19.0252 2092 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:18:19.0393 2092 NetBT - ok
20:18:39.0517 2092 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
20:18:39.0954 2092 NETw5s64 - ok
20:18:47.0020 2092 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
20:18:48.0346 2092 netw5v64 - ok
20:18:59.0360 2092 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys
20:18:59.0625 2092 NETwNs64 - ok
20:19:01.0731 2092 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:19:01.0950 2092 nfrd960 - ok
20:19:03.0915 2092 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:19:03.0993 2092 Npfs - ok
20:19:06.0146 2092 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:19:06.0349 2092 nsiproxy - ok
20:19:09.0126 2092 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:19:09.0188 2092 Ntfs - ok
20:19:11.0466 2092 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:19:11.0590 2092 Null - ok
20:19:13.0182 2092 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:19:13.0291 2092 nvraid - ok
20:19:14.0851 2092 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:19:14.0851 2092 nvstor - ok
20:19:15.0771 2092 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:19:15.0771 2092 nv_agp - ok
20:19:16.0879 2092 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:19:16.0957 2092 ohci1394 - ok
20:19:18.0345 2092 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:19:18.0470 2092 Parport - ok
20:19:19.0952 2092 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:19:20.0155 2092 partmgr - ok
20:19:21.0200 2092 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:19:21.0200 2092 pci - ok
20:19:21.0715 2092 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:19:21.0918 2092 pciide - ok
20:19:23.0290 2092 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:19:23.0290 2092 pcmcia - ok
20:19:24.0258 2092 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:19:24.0258 2092 pcw - ok
20:19:26.0317 2092 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:19:26.0442 2092 PEAUTH - ok
20:19:28.0126 2092 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:19:28.0251 2092 PptpMiniport - ok
20:19:29.0952 2092 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:19:30.0108 2092 Processor - ok
20:19:32.0042 2092 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:19:32.0167 2092 Psched - ok
20:19:34.0476 2092 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:19:34.0569 2092 ql2300 - ok
20:19:35.0349 2092 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:19:35.0349 2092 ql40xx - ok
20:19:36.0270 2092 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:19:36.0379 2092 QWAVEdrv - ok
20:19:38.0594 2092 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:19:38.0594 2092 RasAcd - ok
20:19:38.0812 2092 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:19:38.0812 2092 RasAgileVpn - ok
20:19:40.0560 2092 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:19:40.0840 2092 Rasl2tp - ok
20:19:41.0340 2092 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:19:41.0340 2092 RasPppoe - ok
20:19:43.0477 2092 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:19:43.0570 2092 RasSstp - ok
20:19:44.0210 2092 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:19:44.0460 2092 rdbss - ok
20:19:47.0408 2092 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:19:47.0736 2092 rdpbus - ok
20:19:52.0182 2092 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:19:52.0322 2092 RDPCDD - ok
20:19:56.0066 2092 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:19:56.0238 2092 RDPENCDD - ok
20:19:59.0607 2092 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:19:59.0888 2092 RDPREFMP - ok
20:20:04.0178 2092 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:20:04.0646 2092 RDPWD - ok
20:20:07.0236 2092 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:20:07.0392 2092 rdyboost - ok
20:20:10.0699 2092 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:20:10.0839 2092 rspndr - ok
20:20:13.0959 2092 RTL8167 (6074829c74c5c72ab65ad2cee9c1bb47) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:20:13.0959 2092 RTL8167 - ok
20:20:16.0736 2092 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:20:17.0017 2092 sbp2port - ok
20:20:18.0998 2092 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:20:19.0201 2092 scfilter - ok
20:20:22.0009 2092 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
20:20:22.0165 2092 sdbus - ok
20:20:23.0709 2092 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:20:23.0709 2092 secdrv - ok
20:20:26.0221 2092 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:20:26.0439 2092 Serenum - ok
20:20:28.0561 2092 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:20:28.0561 2092 Serial - ok
20:20:31.0182 2092 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:20:31.0307 2092 sermouse - ok
20:20:34.0489 2092 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:20:34.0754 2092 sffdisk - ok
20:20:37.0625 2092 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:20:37.0718 2092 sffp_mmc - ok
20:20:52.0086 2092 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:20:52.0195 2092 sffp_sd - ok
20:20:53.0537 2092 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:20:53.0537 2092 sfloppy - ok
20:20:53.0833 2092 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
20:20:53.0833 2092 Sftfs - ok
20:20:56.0547 2092 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:20:56.0547 2092 Sftplay - ok
20:20:58.0404 2092 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:20:58.0404 2092 Sftredir - ok
20:20:59.0277 2092 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
20:20:59.0277 2092 Sftvol - ok
20:21:00.0947 2092 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:21:02.0335 2092 SiSRaid2 - ok
20:21:02.0522 2092 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:21:02.0522 2092 SiSRaid4 - ok
20:21:03.0177 2092 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:21:03.0318 2092 Smb - ok
20:21:05.0081 2092 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:21:05.0081 2092 spldr - ok
20:21:07.0920 2092 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:21:08.0060 2092 srv - ok
20:21:08.0918 2092 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:21:09.0012 2092 srv2 - ok
20:21:10.0400 2092 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:21:10.0400 2092 SrvHsfHDA - ok
20:21:10.0821 2092 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:21:10.0853 2092 SrvHsfV92 - ok
20:21:12.0849 2092 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:21:12.0990 2092 SrvHsfWinac - ok
20:21:14.0909 2092 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:21:15.0018 2092 srvnet - ok
20:21:16.0281 2092 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:21:16.0281 2092 stexstor - ok
20:21:16.0515 2092 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\Windows\system32\DRIVERS\stwrt64.sys
20:21:16.0531 2092 STHDA - ok
20:21:17.0639 2092 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
20:21:17.0763 2092 StillCam - ok
20:21:19.0620 2092 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:21:19.0620 2092 swenum - ok
20:21:23.0910 2092 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
20:21:23.0925 2092 SynTP - ok
20:21:25.0111 2092 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:21:25.0189 2092 Tcpip - ok
20:21:26.0780 2092 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:21:26.0811 2092 TCPIP6 - ok
20:21:27.0591 2092 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:21:27.0591 2092 tcpipreg - ok
20:21:27.0966 2092 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:21:27.0966 2092 TDPIPE - ok
20:21:28.0200 2092 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:21:28.0200 2092 TDTCP - ok
20:21:28.0403 2092 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:21:28.0403 2092 tdx - ok
20:21:28.0559 2092 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:21:28.0886 2092 TermDD - ok
20:21:29.0058 2092 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:21:29.0058 2092 tssecsrv - ok
20:21:29.0323 2092 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:21:29.0323 2092 TsUsbFlt - ok
20:21:29.0573 2092 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:21:29.0573 2092 tunnel - ok
20:21:29.0760 2092 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:21:29.0775 2092 uagp35 - ok
20:21:29.0963 2092 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:21:29.0978 2092 udfs - ok
20:21:30.0867 2092 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:21:30.0867 2092 uliagpkx - ok
20:21:31.0226 2092 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:21:31.0226 2092 umbus - ok
20:21:32.0209 2092 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:21:32.0287 2092 UmPass - ok
20:21:33.0644 2092 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
20:21:33.0753 2092 USBAAPL64 - ok
20:21:35.0766 2092 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:21:35.0844 2092 usbccgp - ok
20:21:37.0825 2092 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:21:37.0825 2092 usbcir - ok
20:21:38.0246 2092 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:21:38.0246 2092 usbehci - ok
20:21:39.0167 2092 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:21:39.0432 2092 usbhub - ok
20:21:40.0305 2092 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:21:40.0305 2092 usbohci - ok
20:21:40.0836 2092 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:21:40.0836 2092 usbprint - ok
20:21:41.0569 2092 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:21:41.0569 2092 usbscan - ok
20:21:42.0193 2092 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:21:42.0287 2092 USBSTOR - ok
20:21:42.0739 2092 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:21:42.0739 2092 usbuhci - ok
20:21:43.0441 2092 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:21:43.0441 2092 usbvideo - ok
20:21:44.0221 2092 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:21:44.0221 2092 vdrvroot - ok
20:21:45.0719 2092 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:21:45.0812 2092 vga - ok
20:21:46.0998 2092 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:21:47.0091 2092 VgaSave - ok
20:21:48.0261 2092 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:21:48.0433 2092 vhdmp - ok
20:21:50.0570 2092 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:21:50.0570 2092 viaide - ok
20:21:52.0193 2092 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:21:52.0286 2092 volmgr - ok
20:21:53.0269 2092 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:21:53.0269 2092 volmgrx - ok
20:21:54.0080 2092 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:21:54.0236 2092 volsnap - ok
20:21:55.0157 2092 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:21:55.0250 2092 vsmraid - ok
20:21:56.0327 2092 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:21:56.0327 2092 vwifibus - ok
20:21:57.0169 2092 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:21:57.0169 2092 vwififlt - ok
20:21:58.0261 2092 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:21:58.0339 2092 vwifimp - ok
20:21:59.0306 2092 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:21:59.0306 2092 WacomPen - ok
20:21:59.0571 2092 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:21:59.0665 2092 WANARP - ok
20:22:00.0133 2092 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:22:00.0133 2092 Wanarpv6 - ok
20:22:00.0523 2092 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:22:00.0617 2092 Wd - ok
20:22:01.0818 2092 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:22:01.0849 2092 Wdf01000 - ok
20:22:03.0643 2092 wdkmd (5b34e5938b9e76798977725e3f7847c4) C:\Windows\system32\DRIVERS\WDKMD.sys
20:22:03.0643 2092 wdkmd - ok
20:22:06.0217 2092 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:22:06.0217 2092 WfpLwf - ok
20:22:07.0278 2092 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:22:07.0278 2092 WIMMount - ok
20:22:08.0105 2092 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
20:22:08.0183 2092 WinUSB - ok
20:22:09.0088 2092 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:22:09.0103 2092 WmiAcpi - ok
20:22:09.0431 2092 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:22:09.0431 2092 ws2ifsl - ok
20:22:09.0836 2092 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:22:09.0836 2092 WudfPf - ok
20:22:10.0913 2092 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:22:10.0913 2092 WUDFRd - ok
20:22:12.0130 2092 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
20:22:12.0176 2092 yukonw7 - ok
20:22:12.0457 2092 MBR (0x1B8) (8ec55b012612828c25ab1cfa50058c4c) \Device\Harddisk0\DR0
20:22:12.0551 2092 \Device\Harddisk0\DR0 - ok
20:22:12.0800 2092 Boot (0x1200) (bf42c093425ff46ebee1a2127e1f6024) \Device\Harddisk0\DR0\Partition0
20:22:12.0800 2092 \Device\Harddisk0\DR0\Partition0 - ok
20:22:12.0816 2092 Boot (0x1200) (92403252246310769a6fb3181699ca9d) \Device\Harddisk0\DR0\Partition1
20:22:12.0816 2092 \Device\Harddisk0\DR0\Partition1 - ok
20:22:12.0878 2092 Boot (0x1200) (cadc355913c490e2a24b8dc498b0b64a) \Device\Harddisk0\DR0\Partition2
20:22:13.0128 2092 \Device\Harddisk0\DR0\Partition2 - ok
20:22:13.0284 2092 Boot (0x1200) (e2d3585dd4126d1fd4f5a906bb264217) \Device\Harddisk0\DR0\Partition3
20:22:13.0393 2092 \Device\Harddisk0\DR0\Partition3 - ok
20:22:13.0393 2092 ============================================================
20:22:13.0393 2092 Scan finished
20:22:13.0393 2092 ============================================================
20:22:13.0409 5352 Detected object count: 0
20:22:13.0409 5352 Actual detected object count: 0
20:22:45.0300 4996 Deinitialize success

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:43 PM

Posted 06 March 2012 - 09:30 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 kayjan04

kayjan04
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:43 AM

Posted 07 March 2012 - 10:40 AM

I'll have ComboFix's log to you very shortly. I'm running it now on the laptop.

From what little you have noticed from previous logs, can you share with me what you think is wrong with the laptop?

#8 kayjan04

kayjan04
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:43 AM

Posted 07 March 2012 - 11:21 AM

Ok, I'm getting really nervous now.

I followed the directions above; received the error about the illegal operation; rebooted; and now it reads: No bootable devise --- insert boot disk and press any key.

(Sigh) Now what? Are things getting worse?

#9 kayjan04

kayjan04
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:43 AM

Posted 07 March 2012 - 12:17 PM

I let the computer rest for awhile and started up. (Sigh of relief)

Ok, here's the log:

ComboFix 12-03-04.02 - Betty 03/07/2012 10:35:12.2.4 - x64
Running from: c:\users\Betty\Desktop\ComboFix.exe
Command switches used :: c:\users\Betty\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 )))))))))))))))))))))))))))))))
.
.
2012-03-07 15:49 . 2012-03-07 15:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-07 03:23 . 2012-03-07 03:23 -------- d-----w- c:\windows\SysWow64\%Report%
2012-03-07 01:16 . 2012-02-20 06:05 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CA2F2C7-B061-4D63-B958-3655084985DE}\mpengine.dll
2012-02-29 00:30 . 2012-02-29 00:30 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-02-27 22:34 . 2012-02-27 22:34 -------- d-----w- c:\users\Betty\AppData\Roaming\iYogi
2012-02-27 22:32 . 2012-02-27 22:41 -------- d-----w- c:\programdata\iYogi
2012-02-27 22:31 . 2012-02-27 23:20 -------- d-----w- c:\program files (x86)\iYogi Support Dock
2012-02-27 22:30 . 2012-02-27 22:30 -------- d-----w- c:\users\Betty\AppData\Roaming\Malwarebytes
2012-02-27 22:30 . 2012-02-27 22:30 -------- d-----w- c:\programdata\Malwarebytes
2012-02-27 22:30 . 2012-02-27 22:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-27 22:30 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-20 02:16 . 2012-02-20 02:17 -------- d-----w- c:\users\Betty\AppData\Roaming\PrimoPDF
2012-02-20 02:15 . 2011-02-28 22:37 95008 ----a-w- c:\windows\system32\Primomonnt.dll
2012-02-20 02:15 . 2012-02-20 02:15 -------- d-----w- c:\program files (x86)\Nitro PDF
2012-02-18 03:34 . 2012-02-18 03:38 -------- d-----w- c:\users\Betty\AppData\Roaming\SmartDraw
2012-02-15 17:29 . 2012-02-15 17:29 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-02 00:38 . 2012-03-02 00:38 0 ----a-w- c:\windows\SysWow64\shoFA10.tmp
2012-02-27 21:58 . 2012-02-27 21:58 0 ----a-w- c:\windows\SysWow64\shoB996.tmp
2012-02-23 14:18 . 2011-04-05 14:02 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 17:01 . 2012-02-19 17:01 0 ----a-w- c:\windows\SysWow64\shoD401.tmp
2012-02-15 17:29 . 2011-06-07 21:30 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-10 21:08 . 2012-02-10 21:08 0 ----a-w- c:\windows\SysWow64\sho3928.tmp
2012-01-04 08:58 . 2012-02-17 02:04 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 05:27 . 2012-02-17 02:04 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-16 07:54 . 2012-02-17 02:04 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-12-16 07:52 . 2012-02-17 02:04 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2011-12-16 06:09 . 2012-02-17 02:04 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-05_02.57.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-07 15:49 . 2012-03-07 15:52 16384 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-05 02:53 . 2012-03-05 02:53 16384 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-07 15:49 . 2012-03-07 15:52 16384 c:\windows\temp\History\History.IE5\index.dat
- 2012-03-05 02:53 . 2012-03-05 02:53 16384 c:\windows\temp\History\History.IE5\index.dat
+ 2012-03-07 15:49 . 2012-03-07 15:52 16384 c:\windows\temp\Cookies\index.dat
- 2012-03-05 02:53 . 2012-03-05 02:53 16384 c:\windows\temp\Cookies\index.dat
- 2012-03-05 02:51 . 2012-03-05 02:51 13879 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-03-07 15:49 . 2012-03-07 15:49 13879 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-03-05 02:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-07 15:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-05 02:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-07 15:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-07 15:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-05 02:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-26 17:18 . 2012-03-07 15:55 48110 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-07 15:54 40348 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-25 03:48 . 2012-03-07 15:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-25 03:48 . 2012-03-05 02:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-25 03:48 . 2012-03-07 15:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-11-25 03:48 . 2012-03-05 02:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-05 02:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-07 15:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-27 08:11 . 2012-03-07 15:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-27 08:11 . 2012-03-05 02:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-27 08:11 . 2012-03-07 15:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-27 08:11 . 2012-03-05 02:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-22 04:57 . 2011-11-22 04:57 68880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
+ 2011-11-22 03:31 . 2011-11-22 03:31 57616 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-03-07 02:57 . 2012-03-07 02:57 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-02-18 06:03 . 2012-02-18 06:03 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-03-07 02:57 . 2012-03-07 02:57 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-02-18 06:03 . 2012-02-18 06:03 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-03-27 02:52 . 2012-03-07 15:54 9930 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3021642682-863315101-3179446883-1000_UserData.bin
+ 2012-03-07 15:51 . 2012-03-07 15:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-03 20:39 . 2012-03-05 02:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-07 15:51 . 2012-03-07 15:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-03 20:39 . 2012-03-05 02:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-03-07 15:55 612546 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-07 15:55 102668 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-03-02 00:42 455820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-07 03:21 455820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-22 04:57 . 2011-11-22 04:57 598784 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll
+ 2011-11-22 03:31 . 2011-11-22 03:31 518400 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-11-22 03:31 . 2011-11-22 03:31 957200 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-02-18 06:03 . 2012-02-18 06:03 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-02-18 06:03 . 2012-02-18 06:03 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-02-18 06:03 . 2012-02-18 06:03 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-03-07 02:57 . 2012-03-07 02:57 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-02-18 06:03 . 2012-02-18 06:03 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-03-07 02:57 . 2012-03-07 02:57 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-03-07 02:58 . 2012-03-07 02:58 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-02-18 06:03 . 2012-02-18 06:03 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-03-07 03:04 . 2012-03-07 03:04 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\c1127f26363bea39c40707b9ddb6bbb9\System.Security.ni.dll
+ 2012-03-07 03:03 . 2012-03-07 03:03 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\3ce3d5b8126cda36b3dbd3535f249890\System.Numerics.ni.dll
+ 2012-03-07 03:04 . 2012-03-07 03:04 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\cbb6e9a9b075d9f6fa303e3eef4c0ffd\System.Dynamic.ni.dll
+ 2012-03-07 03:04 . 2012-03-07 03:04 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll
+ 2012-03-07 03:04 . 2012-03-07 03:04 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\a92c1bd4d32fbbc54134fc40d2f97389\System.ComponentModel.Composition.ni.dll
+ 2012-03-07 03:04 . 2012-03-07 03:04 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\94d89db071d382d9ba0bc6381669b85f\PresentationFramework.Classic.ni.dll
+ 2012-03-07 03:04 . 2012-03-07 03:04 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8b8a5c194aacfb2102d4e26b75a84e03\PresentationFramework.Aero.ni.dll
+ 2012-03-07 03:04 . 2012-03-07 03:04 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\443c3fae1f6f0588a542ddc1c02c1be1\PresentationFramework.Royale.ni.dll
+ 2012-03-07 03:04 . 2012-03-07 03:04 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\273034086c19b92034c9f2896724ac33\PresentationFramework.Luna.ni.dll
+ 2010-11-25 04:25 . 2012-03-07 15:49 1522024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-27 02:49 . 2012-03-06 03:11 1140980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3021642682-863315101-3179446883-1000-8192.dat
+ 2011-11-22 03:31 . 2011-11-22 03:31 3512072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
+ 2011-11-22 04:57 . 2011-11-22 04:57 4970768 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
+ 2011-11-22 04:57 . 2011-11-22 04:57 1455376 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll
+ 2011-11-22 04:57 . 2011-11-22 04:57 1515792 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll
+ 2011-11-22 04:57 . 2011-11-22 04:57 9793280 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
+ 2011-11-22 03:31 . 2011-11-22 03:31 3512072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-11-22 03:31 . 2011-11-22 03:31 5201168 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-11-22 03:31 . 2011-11-22 03:31 1143568 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-11-22 03:31 . 2011-11-22 03:31 6727424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-02-18 06:04 . 2012-02-18 06:04 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-03-07 03:00 . 2012-03-07 03:00 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-03-07 02:57 . 2012-03-07 02:57 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-18 06:03 . 2012-02-18 06:03 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-18 06:03 . 2012-02-18 06:03 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-03-07 02:59 . 2012-03-07 02:59 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-03-07 02:57 . 2012-03-07 02:57 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-03-07 02:58 . 2012-03-07 02:58 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-02-18 06:03 . 2012-02-18 06:03 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-03-07 03:04 . 2012-03-07 03:04 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef8c44c3c8766f219f576faab54c8dc7\WindowsBase.ni.dll
+ 2012-03-07 03:04 . 2012-03-07 03:04 9091584 c:\windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
+ 2012-03-07 03:04 . 2012-03-07 03:04 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
+ 2012-03-07 03:04 . 2012-03-07 03:04 1653248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\aa90407cafb9b4a0dc5e3fdff170fee9\System.Drawing.ni.dll
+ 2012-03-07 03:04 . 2012-03-07 03:04 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\4a1e0e4ec906686357466a5881de605e\System.Data.ni.dll
+ 2012-03-07 03:04 . 2012-03-07 03:04 2549760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\67ccf8c95fb30e4dcbe3f1eae1f72d00\System.Data.SqlXml.ni.dll
+ 2012-03-07 03:04 . 2012-03-07 03:04 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\f5cc7fbaadd22a9278512102cd30eb3a\System.Data.Linq.ni.dll
+ 2012-03-07 03:04 . 2012-03-07 03:04 7069696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
+ 2012-03-07 03:04 . 2012-03-07 03:04 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\a263b12a7f89cd41ef8ea216dcd1e854\Microsoft.CSharp.ni.dll
+ 2011-11-22 05:42 . 2011-11-22 05:42 33189888 c:\windows\Installer\25b706.msp
+ 2012-03-07 03:03 . 2012-03-07 03:03 11880448 c:\windows\assembly\NativeImages_v4.0.30319_64\System\a9e29e892ad68ac0b88f0480746a0d0b\System.ni.dll
+ 2012-03-07 03:02 . 2012-03-07 03:02 19355648 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\d9d8d4f8fc868d07be41d4ffb46d7364\mscorlib.ni.dll
+ 2012-03-07 03:04 . 2012-03-07 03:04 13138944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7390d789557549200e474b9bbeca3d1a\System.Windows.Forms.ni.dll
+ 2012-03-07 03:05 . 2012-03-07 03:05 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e48a8a41e50ee180c6ca9c50e4575f42\PresentationFramework.ni.dll
+ 2012-03-07 03:04 . 2012-03-07 03:04 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9dee5fd0cf53fc233a7fc20edf8e66ed\PresentationCore.ni.dll
+ 2012-03-07 03:03 . 2012-03-07 03:03 14413824 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]
"VitaKeyTSR"="c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe" [2010-06-09 380272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-11-03 365336]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"iYogi Support Dock"="c:\program files (x86)\iYogi Support Dock\iYogiSupportDock.exe" [2011-12-06 1639664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bomgar_Cleanup_ZD57548714"="rd" [X]
.
c:\users\Betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 SupportDockService.exe;Support Dock Service;c:\program files (x86)\iYogi Support Dock\Services\CommAgent\SupportDockService.exe [2011-11-18 76288]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-05-17 89600]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DMAgent;IntelŽ PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-06-07 408576]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-06-25 338168]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe [2010-06-09 697712]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-06-09 646000]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-06-14 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 IYSODiskOptimizer;IYSODiskOptimizer;c:\program files (x86)\iYogi Support Dock\pccare\IYSODefragSrv64.exe [2010-04-20 286720]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-04-15 2533400]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
S2 WiMAXAppSrv;IntelŽ PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-29 c:\windows\Tasks\HPCeeScheduleForBetty.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-26 324096]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-21 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-17 525312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 68.87.77.130 68.87.72.130 192.168.1.1
FF - ProfilePath - c:\users\Betty\AppData\Roaming\Mozilla\Firefox\Profiles\fkxlddag.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-07 11:12:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-07 16:11
ComboFix2.txt 2012-03-05 03:06
.
Pre-Run: 536,805,584,896 bytes free
Post-Run: 536,651,214,848 bytes free
.
- - End Of File - - 49F53F2B38AF4BE3225205A42BA766EF

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:43 PM

Posted 07 March 2012 - 12:18 PM

hELLO


tHAT DOES NOT SOUND GOOD AT ALL


For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 kayjan04

kayjan04
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:43 AM

Posted 07 March 2012 - 12:22 PM

Do you think that maybe my mom's laptop just needs another hard drive or does it appear to be a malware issue?

Since I got the computer to start, it isn't necessary to do the above steps, right?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:43 PM

Posted 07 March 2012 - 12:30 PM

Hello


I don't like the way somethings are sounding

1st backup anything you do not want to lose,pictures documents anything like that

run this (seatools for windows)and let me know what it says after - http://www.seagate.com/www/en-us/support/downloads/seatools



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 kayjan04

kayjan04
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:43 AM

Posted 07 March 2012 - 12:55 PM

Which test should I run? Per Seagate's Help menu, there are several basic tests.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:43 PM

Posted 07 March 2012 - 01:05 PM

run the quick and the full - backup the files first, if the harddrive is going any use of it may be its last
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 kayjan04

kayjan04
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:43 AM

Posted 07 March 2012 - 02:45 PM

I downloaded Microsoft .Net Framework 4 in order to install the SeaTools. When I tried to open SeaTools for Windows, an error message appears that reads:

Fatal Error: Device Discovery
Invalid namespace Void Start()

What does this mean?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users