Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkitted, probably by Sirefef-PL


  • This topic is locked This topic is locked
37 replies to this topic

#1 Dr Frankenstein

Dr Frankenstein

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 27 June 2012 - 01:26 PM

Hi, I am running Windows 7 with most updates applied (except the latest few security hotfixes, which I installed today).

It seems that I have been infected by a malicious ad displayed by a third-party on a site I trust. A rogue antivirus just popped up and, as usual, I located the process in Process Explorer, killed it, deleted the file, and looked for any suspicious processes, services, browser plugins, etc.

Once I was done with that, some symptoms remained:
  • I would still occasionally get redirected to malicious or phishing sites when clicking on a result in Google searches.
  • Advertisements would randomly open in my browser, every two hours or so.
  • At one point, Firefox showed the following message: "Something is trying to trick Firefox into accepting an insecure update. Please contract your network provider and seek help."
  • HTTPS traffic would be slow or unreliable, as if it was going through a poorly implemented proxy or MitM trick. Some requests to facebook and other sites would sometimes abort before a response was received (connection reset).
  • Google Chrome prevented me from logging into my Google account because the SSL cert for accounts.google.com looked fishy to it. The message (translated from French) was something similar to "The security certificate of this site was signed with a weak signature algorithm."; in short, something that Google is known not to use.

I have stopped any online banking or logging into well-known sites until I get that fixed, since there definitely seems to be something listening on the line.

A freshly updated MBAM found and deleted C:\Windows\system32\findup16.dll . A similar file (findup1664.dll) reappeared the next day.

Flash Player would crash frequently, and disabling the plugin in Firefox seemed to stop the advertisements from appearing spontaneously, which leads me to suspect that it has been patched with malicious code.

DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_26
Run by Carl Tessier at 1:43:05 on 2012-06-27
Microsoft Windows 7 Édition Intégrale   6.1.7600.0.1252.2.1033.18.4091.1169 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\psxss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SUA\usr\sbin\init
C:\Windows\SUA\usr\sbin\syslogd
C:\Windows\SUA\usr\sbin\inetd
C:\Windows\SUA\usr\local\sbin\sshd
C:\Windows\System32\spoolsv.exe
C:\Windows\SUA\usr\sbin\cron
C:\Windows\SUA\usr\sbin\updater
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASNA\ASNA Services\AsnaSvcHost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\ASNA\DataGate Server\8.1\dgServer.exe
C:\Program Files (x86)\IBM\SQLLIB\BIN\db2mgmtsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQL2008\MSSQL\Binn\sqlservr.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.5\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSRS10.SQL2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\ShadowExplorer\sesvc.exe
C:\Windows\System32\tcpsvcs.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQL2008\MSSQL\Binn\fdlauncher.exe
C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQL2008\MSSQL\Binn\fdhost.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files (x86)\palmOne\Hotsync.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Zend\ZendServer\bin\zendcontroller.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Windows\SysWOW64\inetsrv\w3wp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\mIRC\mirc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2686827-x64.exe
h:\dc493bc6c505dcfbf707bc4230\Setup.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\system32\conhost.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = local;*.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DebugBar BHO: {69fc0024-10eb-480a-bbf2-3bf4e78e17b1} - C:\Program Files (x86)\Core Services\DebugBar\DebugInfoBar.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO: HttpWatch Basic: {f1f69322-008f-4895-b2bf-ad194219825a} - C:\Program Files (x86)\HttpWatch\httpwatchsc.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: DebugBar: {3e1201f4-1707-409f-bb45-a5f192381da0} - C:\Program Files (x86)\Core Services\DebugBar\DebugToolBar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Yahoo! Barre d'outils: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
EB: HttpWatch Basic: {2b4c4770-27fd-4a09-b17d-33ca580965fb} - C:\Program Files (x86)\HttpWatch\httpwatch.dll
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [AdobeBridge] 
uRun: [FeedDemon] "C:\Program Files (x86)\FeedDemon\FeedDemon.exe" /startminimized
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Facebook Update] "C:\Users\Carl Tessier\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>] 
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Client Access Service] C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [LogitechCommunicationsManager] "C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "C:\Program Files (x86)\Labtec\WebCam10\WebCam10.exe" /hide
mRun: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
StartupFolder: C:\Users\CARLTE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Carl Tessier\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\CARLTE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Carl Tessier\AppData\Local\Facebook\Messenger\2.1.4554.0\FacebookMessenger.exe
StartupFolder: C:\Users\CARLTE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HOTSYN~1.LNK - C:\Program Files (x86)\palmOne\Hotsync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ZENDCO~1.LNK - C:\Program Files (x86)\Zend\ZendServer\bin\zendcontroller.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Ajouter la cible du lien à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: S'abonner avec RSS Bandit - C:\Users\Carl Tessier\AppData\Roaming\RssBandit\iecontext_subscribebandit.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {D103E85B-5D67-42c1-8C83-F01079DBAB26} - {2B4C4770-27FD-4A09-B17D-33CA580965FB} - C:\Program Files (x86)\HttpWatch\httpwatch.dll
LSP: mswsock.dll
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: cascades.com\norampac.trackit
Trusted Zone: gouv.qc.ca\www.mtqsignalisation.mtq
DPF: {576756A1-D97C-45D0-A945-0324019A131E} - hxxp://ti9-testsvr.norampac.com/tiweb70/downloads/BOSIActiveXGrid.cab
DPF: {6AF2E1A7-A16E-4503-A440-07CA49122CCE} - hxxp://ti9-testsvr.norampac.com/tiweb70/downloads/BOSIActiveXMemoControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{47738D2D-5792-416D-84E8-D96A2C801C31} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{47738D2D-5792-416D-84E8-D96A2C801C31} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{47738D2D-5792-416D-84E8-D96A2C801C31}\14D6472716B634F6E6E6563647 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{47738D2D-5792-416D-84E8-D96A2C801C31}\14D6472716B634F6E6E6563647 : DhcpNameServer = 10.71.40.1
TCP: Interfaces\{47738D2D-5792-416D-84E8-D96A2C801C31}\6574E4564777F627B6 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{47738D2D-5792-416D-84E8-D96A2C801C31}\6574E4564777F627B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{47738D2D-5792-416D-84E8-D96A2C801C31}\86F6D6561313 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{47738D2D-5792-416D-84E8-D96A2C801C31}\86F6D6561313 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{47738D2D-5792-416D-84E8-D96A2C801C31}\E4544574541425 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{47738D2D-5792-416D-84E8-D96A2C801C31}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DA340416-B7C1-4C26-BDFA-F5564298D5A0} : DhcpNameServer = 64.71.255.198 64.71.255.253
TCP: Interfaces\{EAF6822E-4E80-4F7D-9C8E-7AF3C867C069} : DhcpNameServer = 64.71.255.198 64.71.255.253
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
{02478D38-C3F9-4efb-9B51-7695ECA05670}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{69FC0024-10EB-480A-BBF2-3BF4E78E17B1}
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{AE7CD045-E861-484f-8273-0445EE161910}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{DDA57003-0068-4ed2-9D32-4D1EC707D94D}
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}
{F1F69322-008F-4895-B2BF-AD194219825A}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
{3E1201F4-1707-409F-BB45-A5F192381DA0}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{8dcb7100-df86-4384-8842-8fa844297b3f}
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File
EB-X64: {2B4C4770-27FD-4A09-B17D-33CA580965FB} - No File
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun-x64: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart
mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(par défaut)] 
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Client Access Service] C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [LogitechCommunicationsManager] "C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files (x86)\Labtec\WebCam10\WebCam10.exe" /hide
mRun-x64: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
IE-X64: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
IE-X64: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
Hosts: 67.43.56.28 cpalead.com cpalock.com www.cpalead.com www.cpalock.com adscendmedia.com www.adscendmedia.com
Hosts: 192.168.0.101 drfrankenstein.homedns.org
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Carl Tessier\AppData\Roaming\Mozilla\Firefox\Profiles\h8fonhha.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.socks - 66.167.100.59
FF - prefs.js: network.proxy.socks_port - 6649
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\Carl Tessier\AppData\Roaming\Mozilla\Firefox\Profiles\h8fonhha.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: C:\Users\Carl Tessier\AppData\Roaming\Mozilla\Firefox\Profiles\h8fonhha.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Users\Carl Tessier\AppData\Local\Facebook\Messenger\2.1.4554.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Carl Tessier\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: zend.ZDE_Path - C:\Program Files (x86)\Zend\Zend Studio - 7.0.2\ZendStudio.exe
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-7-5 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AsnaAssist;ASNA Assist;C:\Program Files (x86)\ASNA\ASNA Services\AsnaSvcHost.exe [2008-12-10 114688]
R2 AsnaRegistrar;ASNA Registrar;C:\Program Files (x86)\ASNA\ASNA Services\AsnaSvcHost.exe [2008-12-10 114688]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 DataGate Server;DataGate Server;C:\Program Files (x86)\ASNA\DataGate Server\8.1\dgServer.exe [2008-12-4 2080768]
R2 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1);C:\Program Files (x86)\IBM\SQLLIB\BIN\db2mgmtsvc.exe [2009-4-4 38688]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA008Ufd.sys --> C:\Windows\system32\DRIVERS\OA008Ufd.sys [?]
R3 OA008Vid;Creative Camera OA008 Function Driver;C:\Windows\system32\DRIVERS\OA008Vid.sys --> C:\Windows\system32\DRIVERS\OA008Vid.sys [?]
R3 PsxDrv;PsxDrv;C:\Windows\system32\drivers\psxdrv.sys --> C:\Windows\system32\drivers\psxdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 LVcKap64;Logitech AEC Driver;C:\Windows\system32\DRIVERS\LVcKap64.sys --> C:\Windows\system32\DRIVERS\LVcKap64.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]
.
=============== File Associations ===============
.
VBSFile=%WINDIR%\System32\CScript.exe //nologo "%1" %*
.txt=txt_auto_file
.
=============== Created Last 30 ================
.
2012-06-27 05:17:04	77312	----a-w-	C:\Windows\System32\packager.dll
2012-06-27 05:17:04	67072	----a-w-	C:\Windows\SysWow64\packager.dll
2012-06-27 04:51:37	--------	d-----w-	C:\lalaFix
2012-06-27 04:44:04	--------	d-----w-	C:\ComboFix
2012-06-27 01:33:08	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{929841BC-E1FA-4407-8275-3ED3039B6CB4}
2012-06-26 13:32:29	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{A1D08140-60D4-44EE-819A-BC0D9A4A37D3}
2012-06-26 13:32:06	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{3AC4B15A-55CA-4FC5-B699-EF16E4FCAEFD}
2012-06-25 19:05:26	--------	d-----w-	C:\Users\Carl Tessier\AppData\Roaming\Malwarebytes
2012-06-25 19:05:05	--------	d-----w-	C:\ProgramData\Malwarebytes
2012-06-25 19:05:04	24904	----a-w-	C:\Windows\System32\drivers\mbam.sys
2012-06-25 19:05:04	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-25 18:06:35	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{917DD91A-D8BD-4260-BFA6-B0CDAB4F0B49}
2012-06-24 12:09:35	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{DFC2A60E-B6B6-4545-9FF4-E3284E8839FB}
2012-06-23 20:49:56	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{6CF26B69-B0F6-4F45-A225-A7C916CFDE0C}
2012-06-23 20:49:40	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{3B6A86B5-DFC7-4FD0-BF2C-621BA578C493}
2012-06-23 02:56:56	--------	d-sh--w-	C:\Windows\SysWow64\%APPDATA%
2012-06-23 02:45:28	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{350ABF67-88BE-4A5C-A264-E90CF01E3FA5}
2012-06-23 02:43:33	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{9294C58D-79C8-4DA8-BA1F-3561304CF32D}
2012-06-21 15:45:54	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{D91DD74B-DD1E-4E28-B627-8E1C1BBA1CF9}
2012-06-21 15:45:43	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{B758BF1F-5399-4C95-8945-3A4FC7C82FE0}
2012-06-21 03:45:12	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{2B19A32D-E8B3-4F8D-811A-7C67FAC035A4}
2012-06-20 15:44:14	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{4C55E333-BF38-4108-8477-8507714B2FC9}
2012-06-20 15:43:58	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{74DD165A-3BDC-4C61-9981-53A97C722B8D}
2012-06-18 22:41:27	2622464	----a-w-	C:\Windows\System32\wucltux.dll
2012-06-18 22:40:38	99840	----a-w-	C:\Windows\System32\wudriver.dll
2012-06-18 22:39:59	36864	----a-w-	C:\Windows\System32\wuapp.exe
2012-06-18 22:39:59	186752	----a-w-	C:\Windows\System32\wuwebv.dll
2012-06-18 02:11:19	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{72A7C6CA-04E6-4AAA-B497-AFA543072F8F}
2012-06-16 16:36:09	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{35BBE299-E847-47B0-86A4-4262E30E6FEA}
2012-06-15 22:45:25	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\Macromedia
2012-06-15 22:40:52	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{857C3BFF-EF30-4446-B8CC-E3733F4C515B}
2012-06-14 23:33:34	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{897BFA0C-1D60-49EB-AB44-1A35D1B7DE50}
2012-06-14 23:33:12	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{F0FC1167-D8DE-4877-8BFA-4DA81D26215F}
2012-06-13 22:37:54	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{3BA4AD1A-C7F1-4E5F-8734-04BC0BF90B78}
2012-06-13 22:37:35	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{13E745A5-1079-4C20-BEEC-3FF071E627FB}
2012-06-12 22:33:51	--------	d-----w-	C:\Program Files (x86)\Common Files\Software Update Utility
2012-06-12 22:33:18	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{375F18E2-7960-4C74-B4B5-50FC39375572}
2012-06-12 22:33:00	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{042958F3-2260-4CDF-AF98-48DF09564A05}
2012-06-12 01:04:33	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{DCCD9711-9DBE-424E-A0A5-1262C6473A19}
2012-06-12 01:04:05	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{1187F8ED-8331-4FF5-9037-31FE851E22BE}
2012-06-10 16:33:18	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{1541BCFE-ECAA-4121-BF3E-B4E806654A2C}
2012-06-10 16:33:02	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{7AC41222-4776-4091-840E-3F385244BFB9}
2012-06-10 04:32:49	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{4FA6D7BD-1DBC-4B7C-8B26-8299F11397C5}
2012-06-09 16:31:58	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{EB9B6B80-8402-4DFA-8934-59D3593C9EF8}
2012-06-09 16:31:35	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{61103219-96F7-4BF6-B394-E9185CCD5B4C}
2012-06-08 23:18:35	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{889051FF-DEEE-4FD5-BF6B-CC1E5DEE7B72}
2012-06-08 23:18:14	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{A70220C4-AD51-4C9A-8556-23461C2558EB}
2012-06-07 23:16:33	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{C80423E0-ED7E-4115-8CE1-A0B56E6697C2}
2012-06-07 23:16:18	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{71FE7A76-70AB-4B96-9128-51DE1C6802EE}
2012-06-07 01:00:17	--------	d-----w-	C:\Users\Carl Tessier\AppData\Roaming\GitHub
2012-06-07 01:00:13	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\GitHub
2012-06-07 00:33:04	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{A0D271DC-CB11-4217-A2A8-A0D9E0EDC871}
2012-06-07 00:32:45	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{0D5BB6CE-6AD7-4B3B-AEA7-D0AC1EC1B34C}
2012-06-05 23:03:47	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{D2FA1145-AEDE-4C88-B7C7-E9D6F477861D}
2012-06-05 23:03:29	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{DEDF4CA7-F7FC-4C01-8872-A59D43FA045A}
2012-06-05 00:01:19	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{624E74DD-0A13-4391-986E-E771E7DF2758}
2012-06-05 00:01:01	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{84CA4136-3D2C-4377-A52E-7D6E9227324A}
2012-06-04 02:57:57	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{AE406AFB-28C1-40EF-B22C-B3767B8E0A91}
2012-06-04 02:57:41	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{225D6C55-482D-424F-BB64-794959B0ED2B}
2012-06-02 15:23:50	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{16212FB0-F262-454D-8512-BE0F6F2DF411}
2012-06-02 15:23:34	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{DC49F02A-AA11-4526-8382-46790EACC93E}
2012-06-02 01:23:32	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{7C1FB752-4DA8-40E3-82FF-C1431EAEED9E}
2012-06-02 01:23:15	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{BA125CF0-B24B-4E4F-8139-DD9D15D42846}
2012-06-01 00:12:12	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{D8E02C5F-9A97-42CD-A187-1B8257E9F160}
2012-06-01 00:11:52	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{3AB03A63-4EE0-491C-852E-E3E18AACC0B8}
2012-05-30 23:06:43	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{E64471B1-766F-4E59-8BC2-0B716E9A156A}
2012-05-30 23:06:23	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{30B3AD52-6F93-4B86-B661-AEDE4083B04E}
2012-05-30 01:29:19	--------	d-----w-	C:\Windows\System32\carl-deleted
2012-05-30 01:18:45	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{5B847339-A9F5-11E1-8270-B8AC6F996F26}
2012-05-30 01:18:17	62464	---ha-w-	C:\Windows\System32\findup1664.dll
2012-05-29 23:23:48	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{F4B44C35-7BBE-420B-9598-ECAC3B48FB94}
2012-05-29 23:23:33	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{D90D7A92-7D06-439B-BC3B-989737B138C5}
2012-05-28 23:12:56	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{BBB4AC32-6482-4455-ACC9-84CA8240F793}
2012-05-28 23:12:35	--------	d-----w-	C:\Users\Carl Tessier\AppData\Local\{31181E3C-F258-4D43-84AF-430B7F0320A1}
.
==================== Find3M  ====================
.
2012-06-23 02:47:56	70344	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 02:47:56	426184	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-06 05:32:17	4474880	----a-w-	C:\Windows\SysWow64\QtCored4.dll
2012-05-06 05:32:17	2562560	----a-w-	C:\Windows\SysWow64\QtCore4.dll
.
============= FINISH:  1:49:05,43 ===============

In GMER, the "System", "Sections", "IAT/EAT", "Devices", "Modules", "Processes", "Threads" and "Libraries" checkboxes were greyed out and unchecked, even when run as an administrator.

Here is the log.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-27 14:11:31
Windows 6.1.7600  
Running: 3ulmpvfr.exe


---- Registry - GMER 1.0.15 ----

Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                                   771343423
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                                   285507792
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                                   1
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                     
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                  0x00 0x00 0x00 0x00 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                  0
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                               0xE0 0x16 0xC3 0x79 ...
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                 
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                      0x00 0x00 0x00 0x00 ...
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                      0
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                   0xE0 0x16 0xC3 0x79 ...
Reg   HKCU\Software\Microsoft\Windows Live\Companion\doktorfrankenstein@gmail.com@262dac7e5060bf1d9250a96becebc324\r\n                     0x0F 0x48 0xD6 0xF9 ...

---- Files - GMER 1.0.15 ----

File  C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\click[1].htm  0 bytes
File  C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0MFWH8MJ.txt                                      1394 bytes
File  C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\OIM6ACM4.txt                                      212 bytes
File  C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6EM4361K.txt                                      4977 bytes
File  C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\4LGAZ0JC.txt                                      436 bytes
File  C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\P99C964I.txt                                      3790 bytes

---- EOF - GMER 1.0.15 ----

Sysinternals' RootkitRevealer crashes while scanning.
aswMBR crashes before finishing, after finding two files infected with Sirefef-PL [Rtk] in .NET's GAC.
TDSSkiller yields a clean report.

Something's telling me that the rootkit is attempting to protect itself.

What would be the next steps for eradicating this?

Regards,
Carl.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 AM

Posted 28 June 2012 - 12:18 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Dr Frankenstein

Dr Frankenstein
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 28 June 2012 - 11:38 PM

Hi Gringo and thanks for your reply.

I will stop using code boxes for now.
Regarding the attachment, I had attached it as requested in the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" topic found at http://www.bleepingcomputer.com/forums/topic34773.html . In retrospect, I have to admit that I'm not sure why I zipped it. :/ I must have thought I had been instructed to do so, but it obviously isn't the case.

Anyway, let's start with checkup.txt. Ugly, but whatever.
Results of screen317's Security Check version 0.99.42
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
ControlSpy
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 26
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: =
````````````````````End of Log``````````````````````

I'll take care of these things tomorrow. Firefox could not update itself during the infection as mentioned in the original post.

Combofix had a little trouble running. 10 minutes after the NSIS part ended, nothing would show up. I fired up Process Explorer to find that its process was suspended, as if it had hit a breakpoint. I resumed it and it started scanning. Also, pev.3XE (I think) crashed during stage 4.

However, it did run, and here's the log.
ComboFix 12-06-28.03 - Carl Tessier 2012-06-28 23:31:52.1.2 - x64
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.2.1033.18.4091.2272 [GMT -4:00]
Lancé depuis: c:\users\Carl Tessier\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\explorer
c:\program files (x86)\explorer\AddressParser\AddressParserConfiguration.xml
c:\program files (x86)\explorer\AddressParser\parser_andorra.xml
c:\program files (x86)\explorer\AddressParser\parser_austria.xml
c:\program files (x86)\explorer\AddressParser\parser_belgium.xml
c:\program files (x86)\explorer\AddressParser\parser_canada.xml
c:\program files (x86)\explorer\AddressParser\parser_denmark.xml
c:\program files (x86)\explorer\AddressParser\parser_france.xml
c:\program files (x86)\explorer\AddressParser\parser_germany.xml
c:\program files (x86)\explorer\AddressParser\parser_ireland.xml
c:\program files (x86)\explorer\AddressParser\parser_italy.xml
c:\program files (x86)\explorer\AddressParser\parser_liechtenstein.xml
c:\program files (x86)\explorer\AddressParser\parser_luxembourg.xml
c:\program files (x86)\explorer\AddressParser\parser_monaco.xml
c:\program files (x86)\explorer\AddressParser\parser_netherlands.xml
c:\program files (x86)\explorer\AddressParser\parser_norway.xml
c:\program files (x86)\explorer\AddressParser\parser_portugal.xml
c:\program files (x86)\explorer\AddressParser\parser_spain.xml
c:\program files (x86)\explorer\AddressParser\parser_sweden.xml
c:\program files (x86)\explorer\AddressParser\parser_switzerland.xml
c:\program files (x86)\explorer\AddressParser\parser_uk.xml
c:\program files (x86)\explorer\AddressParser\parser_usa.xml
c:\program files (x86)\explorer\basemaps\basemaps.de.xml
c:\program files (x86)\explorer\basemaps\basemaps.es.xml
c:\program files (x86)\explorer\basemaps\basemaps.fr.xml
c:\program files (x86)\explorer\basemaps\basemaps.ja-jp.xml
c:\program files (x86)\explorer\basemaps\basemaps.xml
c:\program files (x86)\explorer\basemaps\basemaps.zh-CN.xml
c:\program files (x86)\explorer\basemaps\Server\basemap0.nmf
c:\program files (x86)\explorer\basemaps\Server\basemap0.png
c:\program files (x86)\explorer\basemaps\Server\basemap1.nmf
c:\program files (x86)\explorer\basemaps\Server\basemap1.png
c:\program files (x86)\explorer\basemaps\Server\basemap10.nmf
c:\program files (x86)\explorer\basemaps\Server\basemap10.png
c:\program files (x86)\explorer\basemaps\Server\basemap11.nmf
c:\program files (x86)\explorer\basemaps\Server\basemap11.png
c:\program files (x86)\explorer\basemaps\Server\basemap2.nmf
c:\program files (x86)\explorer\basemaps\Server\basemap2.png
c:\program files (x86)\explorer\basemaps\Server\basemap3.nmf
c:\program files (x86)\explorer\basemaps\Server\basemap3.png
c:\program files (x86)\explorer\basemaps\Server\basemap4.nmf
c:\program files (x86)\explorer\basemaps\Server\basemap4.png
c:\program files (x86)\explorer\basemaps\Server\basemap5.nmf
c:\program files (x86)\explorer\basemaps\Server\basemap5.png
c:\program files (x86)\explorer\basemaps\Server\basemap6.nmf
c:\program files (x86)\explorer\basemaps\Server\basemap6.png
c:\program files (x86)\explorer\basemaps\Server\basemap7.nmf
c:\program files (x86)\explorer\basemaps\Server\basemap7.png
c:\program files (x86)\explorer\basemaps\Server\basemap8.nmf
c:\program files (x86)\explorer\basemaps\Server\basemap8.png
c:\program files (x86)\explorer\basemaps\Server\basemap9.nmf
c:\program files (x86)\explorer\basemaps\Server\basemap9.png
c:\program files (x86)\explorer\basemaps\Server\basemaps.de.xml
c:\program files (x86)\explorer\basemaps\Server\basemaps.es.xml
c:\program files (x86)\explorer\basemaps\Server\basemaps.fr.xml
c:\program files (x86)\explorer\basemaps\Server\basemaps.ja-jp.xml
c:\program files (x86)\explorer\basemaps\Server\basemaps.xml
c:\program files (x86)\explorer\basemaps\Server\basemaps.zh-CN.xml
c:\program files (x86)\explorer\bin\3dAnalystUtil.dll
c:\program files (x86)\explorer\bin\3DSymbols.dll
c:\program files (x86)\explorer\bin\3DSymbolsLib.dll
c:\program files (x86)\explorer\bin\AfCore.dll
c:\program files (x86)\explorer\bin\AfUtil.dll
c:\program files (x86)\explorer\bin\AGSClient.dll
c:\program files (x86)\explorer\bin\aibase.dll
c:\program files (x86)\explorer\bin\aifeat.dll
c:\program files (x86)\explorer\bin\AISClient.dll
c:\program files (x86)\explorer\bin\AISGlobalLib.dll
c:\program files (x86)\explorer\bin\aishape.dll
c:\program files (x86)\explorer\bin\Animation.dll
c:\program files (x86)\explorer\bin\AnnoLayer.dll
c:\program files (x86)\explorer\bin\Annotation.dll
c:\program files (x86)\explorer\bin\AnnotationLib.dll
c:\program files (x86)\explorer\bin\AoInitializer.dll
c:\program files (x86)\explorer\bin\AppInitializerLib.dll
c:\program files (x86)\explorer\bin\ApplicationConfigurationManager.exe
c:\program files (x86)\explorer\bin\ArcGISExplorer.ISCConfig
c:\program files (x86)\explorer\bin\atl71.dll
c:\program files (x86)\explorer\bin\BasemapLayer.dll
c:\program files (x86)\explorer\bin\BasicRasterPicture.dll
c:\program files (x86)\explorer\bin\BGLAPI.dll
c:\program files (x86)\explorer\bin\BGLAPILib.dll
c:\program files (x86)\explorer\bin\BGLFontEngine.dll
c:\program files (x86)\explorer\bin\BGLGeomChestLib.dll
c:\program files (x86)\explorer\bin\BGLGeometricEffects.dll
c:\program files (x86)\explorer\bin\BGLImageCoders.dll
c:\program files (x86)\explorer\bin\BGLRasterizerLib.dll
c:\program files (x86)\explorer\bin\BGLRasterizerSW.dll
c:\program files (x86)\explorer\bin\BGLSymbols.dll
c:\program files (x86)\explorer\bin\BGLSymbolsLib.dll
c:\program files (x86)\explorer\bin\BGLToGDIHelper.dll
c:\program files (x86)\explorer\bin\bin.zreg
c:\program files (x86)\explorer\bin\CacheRasterDB.dll
c:\program files (x86)\explorer\bin\CadastralFabric.dll
c:\program files (x86)\explorer\bin\CadastralFabricLayer.dll
c:\program files (x86)\explorer\bin\CadEngine.dll
c:\program files (x86)\explorer\bin\CadFDB.dll
c:\program files (x86)\explorer\bin\CadLayer.dll
c:\program files (x86)\explorer\bin\CadWorkspaceFactory.dll
c:\program files (x86)\explorer\bin\Camera.dll
c:\program files (x86)\explorer\bin\CartoControlsLib.dll
c:\program files (x86)\explorer\bin\CartoConverter.dll
c:\program files (x86)\explorer\bin\CartoXLib.dll
c:\program files (x86)\explorer\bin\CIM.dll
c:\program files (x86)\explorer\bin\CIMLib.dll
c:\program files (x86)\explorer\bin\Color.dll
c:\program files (x86)\explorer\bin\ComplexSymbols.dll
c:\program files (x86)\explorer\bin\CompressedDataFile.dll
c:\program files (x86)\explorer\bin\Configuration\CATID\esri.catid.ecfg
c:\program files (x86)\explorer\bin\Configuration\CLSID\esri.clsid.ecfg
c:\program files (x86)\explorer\bin\DADFLib.dll
c:\program files (x86)\explorer\bin\DaeFile.dll
c:\program files (x86)\explorer\bin\DataConverterLib.dll
c:\program files (x86)\explorer\bin\dbghelp.dll
c:\program files (x86)\explorer\bin\de\ApplicationConfigurationManager.resources.dll
c:\program files (x86)\explorer\bin\de\DADFRes.dll
c:\program files (x86)\explorer\bin\de\ESRI.ArcGISExplorer.Application.resources.dll
c:\program files (x86)\explorer\bin\de\ESRI.ArcGISExplorer.MapCenter.resources.dll
c:\program files (x86)\explorer\bin\de\ESRI.ArcGISExplorer.resources.dll
c:\program files (x86)\explorer\bin\de\ResToolkitPro.dll
c:\program files (x86)\explorer\bin\DECoreLib.dll
c:\program files (x86)\explorer\bin\DFORRT.DLL
c:\program files (x86)\explorer\bin\Display.dll
c:\program files (x86)\explorer\bin\DisplayFeedback.dll
c:\program files (x86)\explorer\bin\DisplayGraph.dll
c:\program files (x86)\explorer\bin\DisplayLib.dll
c:\program files (x86)\explorer\bin\DistributedGeodbLib.dll
c:\program files (x86)\explorer\bin\DynamicDisplay.dll
c:\program files (x86)\explorer\bin\e3.config.xml
c:\program files (x86)\explorer\bin\E3.exe
c:\program files (x86)\explorer\bin\E3.exe.config
c:\program files (x86)\explorer\bin\E3Control.dll
c:\program files (x86)\explorer\bin\E3EmailHelper.exe
c:\program files (x86)\explorer\bin\EngineGraphics.dll
c:\program files (x86)\explorer\bin\EnginePackager.dll
c:\program files (x86)\explorer\bin\es\ApplicationConfigurationManager.resources.dll
c:\program files (x86)\explorer\bin\es\DADFRes.dll
c:\program files (x86)\explorer\bin\es\ESRI.ArcGISExplorer.Application.resources.dll
c:\program files (x86)\explorer\bin\es\ESRI.ArcGISExplorer.MapCenter.resources.dll
c:\program files (x86)\explorer\bin\es\ESRI.ArcGISExplorer.resources.dll
c:\program files (x86)\explorer\bin\es\ResToolkitPro.dll
c:\program files (x86)\explorer\bin\ESRI.ArcGIS.Utilities.Compression.dll
c:\program files (x86)\explorer\bin\ESRI.ArcGISExplorer.Application.dll
c:\program files (x86)\explorer\bin\ESRI.ArcGISExplorer.dll
c:\program files (x86)\explorer\bin\ESRI.ArcGISExplorer.MapCenter.dll
c:\program files (x86)\explorer\bin\ESRI.DADF.Core.dll
c:\program files (x86)\explorer\bin\ESRI.DADF.dll
c:\program files (x86)\explorer\bin\esrizip.exe
c:\program files (x86)\explorer\bin\Export.dll
c:\program files (x86)\explorer\bin\ExtTopoEngine.dll
c:\program files (x86)\explorer\bin\FdaCore.dll
c:\program files (x86)\explorer\bin\FdaCoreLib.dll
c:\program files (x86)\explorer\bin\FdaRel.dll
c:\program files (x86)\explorer\bin\FeatureDataConverter.dll
c:\program files (x86)\explorer\bin\FeatureDataElements.dll
c:\program files (x86)\explorer\bin\FeatureLayer.dll
c:\program files (x86)\explorer\bin\FeatureLayerLib.dll
c:\program files (x86)\explorer\bin\FgdbRasterDB.dll
c:\program files (x86)\explorer\bin\FgdbUtilLib.dll
c:\program files (x86)\explorer\bin\FileDataElements.dll
c:\program files (x86)\explorer\bin\FileDBCoreLib.dll
c:\program files (x86)\explorer\bin\FileGDB.dll
c:\program files (x86)\explorer\bin\FileGDBWorkspaceFactory.dll
c:\program files (x86)\explorer\bin\fr\ApplicationConfigurationManager.resources.dll
c:\program files (x86)\explorer\bin\fr\DADFRes.dll
c:\program files (x86)\explorer\bin\fr\ESRI.ArcGISExplorer.Application.resources.dll
c:\program files (x86)\explorer\bin\fr\ESRI.ArcGISExplorer.MapCenter.resources.dll
c:\program files (x86)\explorer\bin\fr\ESRI.ArcGISExplorer.resources.dll
c:\program files (x86)\explorer\bin\fr\ResToolkitPro.dll
c:\program files (x86)\explorer\bin\FunctionRasterDB.dll
c:\program files (x86)\explorer\bin\gdal16.dll
c:\program files (x86)\explorer\bin\GdalRasterDB.dll
c:\program files (x86)\explorer\bin\GdbCatalog.dll
c:\program files (x86)\explorer\bin\GdbCore.dll
c:\program files (x86)\explorer\bin\GdbCoreLib.dll
c:\program files (x86)\explorer\bin\GdbNet.dll
c:\program files (x86)\explorer\bin\GdbTopo.dll
c:\program files (x86)\explorer\bin\GeoDataExtraction.dll
c:\program files (x86)\explorer\bin\GeoDataServer.dll
c:\program files (x86)\explorer\bin\GeoDataTransfer.dll
c:\program files (x86)\explorer\bin\Geometry.dll
c:\program files (x86)\explorer\bin\GeoprocessingLib.dll
c:\program files (x86)\explorer\bin\GeoProcessor.dll
c:\program files (x86)\explorer\bin\GeoRSSPlugin.dll
c:\program files (x86)\explorer\bin\glew32.dll
c:\program files (x86)\explorer\bin\Globe.dll
c:\program files (x86)\explorer\bin\GlobeCamera.dll
c:\program files (x86)\explorer\bin\GlobeClient.dll
c:\program files (x86)\explorer\bin\GlobeCoreLib.dll
c:\program files (x86)\explorer\bin\GlobeDisplay.dll
c:\program files (x86)\explorer\bin\GlobeLayers.dll
c:\program files (x86)\explorer\bin\GlobeServer.dll
c:\program files (x86)\explorer\bin\GlobeServerLayer.dll
c:\program files (x86)\explorer\bin\GlobeViewerCoreLib.dll
c:\program files (x86)\explorer\bin\GPClient.dll
c:\program files (x86)\explorer\bin\GpObjects.dll
c:\program files (x86)\explorer\bin\GpPythonCore.dll
c:\program files (x86)\explorer\bin\GPRasterFunctions.dll
c:\program files (x86)\explorer\bin\GraphicElements.dll
c:\program files (x86)\explorer\bin\hd420m.dll
c:\program files (x86)\explorer\bin\hdf5dll.dll
c:\program files (x86)\explorer\bin\hm420m.dll
c:\program files (x86)\explorer\bin\icudt40.dll
c:\program files (x86)\explorer\bin\icuin40.dll
c:\program files (x86)\explorer\bin\icuio40.dll
c:\program files (x86)\explorer\bin\icule40.dll
c:\program files (x86)\explorer\bin\icuuc40.dll
c:\program files (x86)\explorer\bin\ImageAccessLib.dll
c:\program files (x86)\explorer\bin\ImageClient.dll
c:\program files (x86)\explorer\bin\ImageServer.dll
c:\program files (x86)\explorer\bin\ImageServerLayer.dll
c:\program files (x86)\explorer\bin\IMSConnector.dll
c:\program files (x86)\explorer\bin\ImsFDB.dll
c:\program files (x86)\explorer\bin\IMSLayer.dll
c:\program files (x86)\explorer\bin\IMSLayerLib.dll
c:\program files (x86)\explorer\bin\IMSServiceLib.dll
c:\program files (x86)\explorer\bin\ImsWorkspaceFactory.dll
c:\program files (x86)\explorer\bin\InMemoryWorkspaceFactory.dll
c:\program files (x86)\explorer\bin\InputDevice3Dx.dll
c:\program files (x86)\explorer\bin\ja-JP\ApplicationConfigurationManager.resources.dll
c:\program files (x86)\explorer\bin\ja-JP\DADFRes.dll
c:\program files (x86)\explorer\bin\ja-JP\ESRI.ArcGISExplorer.Application.resources.dll
c:\program files (x86)\explorer\bin\ja-JP\ESRI.ArcGISExplorer.MapCenter.resources.dll
c:\program files (x86)\explorer\bin\ja-JP\ESRI.ArcGISExplorer.resources.dll
c:\program files (x86)\explorer\bin\ja-JP\ResToolkitPro.dll
c:\program files (x86)\explorer\bin\kdu61.dll
c:\program files (x86)\explorer\bin\KmlLayer.dll
c:\program files (x86)\explorer\bin\LabelPlacement.dll
c:\program files (x86)\explorer\bin\Layer.dll
c:\program files (x86)\explorer\bin\LayerLib.dll
c:\program files (x86)\explorer\bin\lcms117lib.dll
c:\program files (x86)\explorer\bin\libcollada14dom21.dll
c:\program files (x86)\explorer\bin\libcurl.dll
c:\program files (x86)\explorer\bin\lti_dsdk_dll.dll
c:\program files (x86)\explorer\bin\Map.dll
c:\program files (x86)\explorer\bin\MapClient.dll
c:\program files (x86)\explorer\bin\MapDB.dll
c:\program files (x86)\explorer\bin\MapElements.dll
c:\program files (x86)\explorer\bin\MaplexEngineLib.dll
c:\program files (x86)\explorer\bin\MapLib.dll
c:\program files (x86)\explorer\bin\MappingCore.dll
c:\program files (x86)\explorer\bin\MappingCoreLib.dll
c:\program files (x86)\explorer\bin\MappingServicesLib.dll
c:\program files (x86)\explorer\bin\MapServer.dll
c:\program files (x86)\explorer\bin\MapServerLayer.dll
c:\program files (x86)\explorer\bin\Marker3DFile.dll
c:\program files (x86)\explorer\bin\MessageSupport.dll
c:\program files (x86)\explorer\bin\Microsoft.VC90.ATL\atl90.dll
c:\program files (x86)\explorer\bin\Microsoft.VC90.ATL\Microsoft.VC90.ATL.manifest
c:\program files (x86)\explorer\bin\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files (x86)\explorer\bin\Microsoft.VC90.CRT\msvcm90.dll
c:\program files (x86)\explorer\bin\Microsoft.VC90.CRT\msvcp90.dll
c:\program files (x86)\explorer\bin\Microsoft.VC90.CRT\msvcr90.dll
c:\program files (x86)\explorer\bin\Microsoft.VC90.MFC\mfc90.dll
c:\program files (x86)\explorer\bin\Microsoft.VC90.MFC\mfc90u.dll
c:\program files (x86)\explorer\bin\Microsoft.VC90.MFC\mfcm90.dll
c:\program files (x86)\explorer\bin\Microsoft.VC90.MFC\mfcm90u.dll
c:\program files (x86)\explorer\bin\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest
c:\program files (x86)\explorer\bin\Microsoft.VC90.MFCLOC\MFC90CHS.dll
c:\program files (x86)\explorer\bin\Microsoft.VC90.MFCLOC\MFC90CHT.dll
c:\program files (x86)\explorer\bin\Microsoft.VC90.MFCLOC\MFC90DEU.dll
c:\program files (x86)\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ENU.dll
c:\program files (x86)\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ESN.dll
c:\program files (x86)\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ESP.dll
c:\program files (x86)\explorer\bin\Microsoft.VC90.MFCLOC\MFC90FRA.dll
c:\program files (x86)\explorer\bin\Microsoft.VC90.MFCLOC\MFC90ITA.dll
c:\program files (x86)\explorer\bin\Microsoft.VC90.MFCLOC\MFC90JPN.dll
c:\program files (x86)\explorer\bin\Microsoft.VC90.MFCLOC\MFC90KOR.dll
c:\program files (x86)\explorer\bin\Microsoft.VC90.MFCLOC\Microsoft.VC90.MFCLOC.manifest
c:\program files (x86)\explorer\bin\Microsoft.VC90.OPENMP\Microsoft.VC90.OpenMP.manifest
c:\program files (x86)\explorer\bin\Microsoft.VC90.OPENMP\vcomp90.dll
c:\program files (x86)\explorer\bin\MosaicDB.dll
c:\program files (x86)\explorer\bin\msvcp71.dll
c:\program files (x86)\explorer\bin\msvcr71.dll
c:\program files (x86)\explorer\bin\Navigation.dll
c:\program files (x86)\explorer\bin\NetEngine80.dll
c:\program files (x86)\explorer\bin\Network.dll
c:\program files (x86)\explorer\bin\NetworkAnalystSolvers.dll
c:\program files (x86)\explorer\bin\NetworkDataset.dll
c:\program files (x86)\explorer\bin\OGCClient.dll
c:\program files (x86)\explorer\bin\OutputLib.dll
c:\program files (x86)\explorer\bin\PageLayout.dll
c:\program files (x86)\explorer\bin\pe.dll
c:\program files (x86)\explorer\bin\PlugInDataSource.dll
c:\program files (x86)\explorer\bin\PlugInWorkspaceFactory.dll
c:\program files (x86)\explorer\bin\PrintOut.dll
c:\program files (x86)\explorer\bin\RasterAnalysisUtilLib.dll
c:\program files (x86)\explorer\bin\RasterCatalog.dll
c:\program files (x86)\explorer\bin\RasterCoreLib.dll
c:\program files (x86)\explorer\bin\RasterDB.dll
c:\program files (x86)\explorer\bin\RasterEngine.dll
c:\program files (x86)\explorer\bin\RasterFormats.dat
c:\program files (x86)\explorer\bin\RasterGraphicElements.dll
c:\program files (x86)\explorer\bin\RasterIO.dll
c:\program files (x86)\explorer\bin\RasterLayer.dll
c:\program files (x86)\explorer\bin\RasterRenderer.dll
c:\program files (x86)\explorer\bin\RasterWorkspaceFactory.dll
c:\program files (x86)\explorer\bin\Renderers.dll
c:\program files (x86)\explorer\bin\RepresentationDB.dll
c:\program files (x86)\explorer\bin\RepresentationEffects.dll
c:\program files (x86)\explorer\bin\RepresentationLayer.dll
c:\program files (x86)\explorer\bin\RepresentationLib.dll
c:\program files (x86)\explorer\bin\RepresentationSymbols.dll
c:\program files (x86)\explorer\bin\SceneFilters.dll
c:\program files (x86)\explorer\bin\SceneGraph.dll
c:\program files (x86)\explorer\bin\sdcdbx.dll
c:\program files (x86)\explorer\bin\SDCPlugIn.dll
c:\program files (x86)\explorer\bin\sde.dll
c:\program files (x86)\explorer\bin\SdeFDB.dll
c:\program files (x86)\explorer\bin\SdeRasterDB.dll
c:\program files (x86)\explorer\bin\sdesetup.dll
c:\program files (x86)\explorer\bin\SdeWorkspaceFactory.dll
c:\program files (x86)\explorer\bin\ServerStyleGallery.dll
c:\program files (x86)\explorer\bin\sg.dll
c:\program files (x86)\explorer\bin\ShapefileFDB.dll
c:\program files (x86)\explorer\bin\ShapefileWorkspaceFactory.dll
c:\program files (x86)\explorer\bin\SimpleDataConverter.dll
c:\program files (x86)\explorer\bin\StyleGalleryClasses.dll
c:\program files (x86)\explorer\bin\SystemUIUtil.dll
c:\program files (x86)\explorer\bin\Terrain.dll
c:\program files (x86)\explorer\bin\TerrainLayer.dll
c:\program files (x86)\explorer\bin\TextureCookerService.exe
c:\program files (x86)\explorer\bin\TinDb.dll
c:\program files (x86)\explorer\bin\TinEngine.dll
c:\program files (x86)\explorer\bin\TinLayer.dll
c:\program files (x86)\explorer\bin\TinRenderer.dll
c:\program files (x86)\explorer\bin\TinWorkspaceFactory.dll
c:\program files (x86)\explorer\bin\ViewerCoreLib.dll
c:\program files (x86)\explorer\bin\VpfFDB.dll
c:\program files (x86)\explorer\bin\VpfWorkspaceFactory.dll
c:\program files (x86)\explorer\bin\WebServices.dll
c:\program files (x86)\explorer\bin\WMSLayer.dll
c:\program files (x86)\explorer\bin\xerces-c_2_7.dll
c:\program files (x86)\explorer\bin\XmlSupport.dat
c:\program files (x86)\explorer\bin\XMLSupport.dll
c:\program files (x86)\explorer\bin\zh-CN\applicationconfigurationmanager.resources.dll
c:\program files (x86)\explorer\bin\zh-CN\DADFRes.dll
c:\program files (x86)\explorer\bin\zh-CN\ESRI.ArcGISExplorer.Application.resources.dll
c:\program files (x86)\explorer\bin\zh-CN\ESRI.ArcGISExplorer.MapCenter.resources.dll
c:\program files (x86)\explorer\bin\zh-CN\ESRI.ArcGISExplorer.resources.dll
c:\program files (x86)\explorer\bin\zh-CN\ResToolkitPro.dll
c:\program files (x86)\explorer\bin\zlib1.dll
c:\program files (x86)\explorer\bin\zlibwapi.dll
c:\program files (x86)\explorer\ColorProfiles\esriGray22.icc
c:\program files (x86)\explorer\ColorProfiles\Lab2Lab.icm
c:\program files (x86)\explorer\ColorProfiles\sRGB_IEC61966-2-1_noBPC.icc
c:\program files (x86)\explorer\ColorProfiles\USWebCoatedSWOP.icc
c:\program files (x86)\explorer\ColorProfiles\Xyz2Xyz.icm
c:\program files (x86)\explorer\com\com.zreg
c:\program files (x86)\explorer\com\esriE3.olb
c:\program files (x86)\explorer\license\ExplorerEnglishLicense.pdf
c:\program files (x86)\explorer\license\ExplorerFrenchLicense.pdf
c:\program files (x86)\explorer\license\ExplorerGermanLicense.pdf
c:\program files (x86)\explorer\license\ExplorerJapaneseLicense.pdf
c:\program files (x86)\explorer\license\ExplorerSimplChineseLicense.pdf
c:\program files (x86)\explorer\license\ExplorerSpanishLicense.pdf
c:\program files (x86)\explorer\PackageTemplates\ArcGISExplorer.stylesheet
c:\program files (x86)\explorer\PackageTemplates\Package931.template
c:\program files (x86)\explorer\pedata\gdaldata\coordinate_axis.csv
c:\program files (x86)\explorer\pedata\gdaldata\cubewerx_extra.wkt
c:\program files (x86)\explorer\pedata\gdaldata\ecw_cs.dat
c:\program files (x86)\explorer\pedata\gdaldata\ellipsoid.csv
c:\program files (x86)\explorer\pedata\gdaldata\epsg.wkt
c:\program files (x86)\explorer\pedata\gdaldata\esri_extra.wkt
c:\program files (x86)\explorer\pedata\gdaldata\gcs.csv
c:\program files (x86)\explorer\pedata\gdaldata\gdal_datum.csv
c:\program files (x86)\explorer\pedata\gdaldata\gdalicon.png
c:\program files (x86)\explorer\pedata\gdaldata\pcs.csv
c:\program files (x86)\explorer\pedata\gdaldata\prime_meridian.csv
c:\program files (x86)\explorer\pedata\gdaldata\projop_wparm.csv
c:\program files (x86)\explorer\pedata\gdaldata\s57attributes.csv
c:\program files (x86)\explorer\pedata\gdaldata\s57expectedinput.csv
c:\program files (x86)\explorer\pedata\gdaldata\s57objectclasses.csv
c:\program files (x86)\explorer\pedata\gdaldata\seed_2d.dgn
c:\program files (x86)\explorer\pedata\gdaldata\seed_3d.dgn
c:\program files (x86)\explorer\pedata\gdaldata\stateplane.csv
c:\program files (x86)\explorer\pedata\gdaldata\unit_of_measure.csv
c:\program files (x86)\explorer\plugins\explorerCore.ecfg
c:\program files (x86)\explorer\schemas\ExplorerAddIn.xsd
c:\program files (x86)\explorer\schemas\ExplorerGeometry.xsd
c:\program files (x86)\explorer\schemas\NmfDocument.xsd
c:\program files (x86)\explorer\Styles\default.css
c:\program files (x86)\explorer\Styles\Directions\CheckeredFlag16.png
c:\program files (x86)\explorer\Styles\Directions\GreenFlag16.png
c:\program files (x86)\explorer\Styles\Directions\Print16.png
c:\program files (x86)\explorer\Styles\ExplorerColors.de.xml
c:\program files (x86)\explorer\Styles\ExplorerColors.es.xml
c:\program files (x86)\explorer\Styles\ExplorerColors.fr.xml
c:\program files (x86)\explorer\Styles\ExplorerColors.ja-JP.xml
c:\program files (x86)\explorer\Styles\ExplorerColors.xml
c:\program files (x86)\explorer\Styles\ExplorerColors.zh-CN.xml
c:\program files (x86)\explorer\Styles\ExplorerSymbols.de.xml
c:\program files (x86)\explorer\Styles\ExplorerSymbols.es.xml
c:\program files (x86)\explorer\Styles\ExplorerSymbols.fr.xml
c:\program files (x86)\explorer\Styles\ExplorerSymbols.ja-JP.xml
c:\program files (x86)\explorer\Styles\ExplorerSymbols.xml
c:\program files (x86)\explorer\Styles\ExplorerSymbols.zh-CN.xml
c:\program files (x86)\explorer\Styles\kml.css
c:\program files (x86)\explorer\Styles\KMLIcons\american-flag.png
c:\program files (x86)\explorer\Styles\KMLIcons\arrow.png
c:\program files (x86)\explorer\Styles\KMLIcons\asian-flag.png
c:\program files (x86)\explorer\Styles\KMLIcons\auto-service.png
c:\program files (x86)\explorer\Styles\KMLIcons\auto.png
c:\program files (x86)\explorer\Styles\KMLIcons\bang.png
c:\program files (x86)\explorer\Styles\KMLIcons\bars.png
c:\program files (x86)\explorer\Styles\KMLIcons\building.png
c:\program files (x86)\explorer\Styles\KMLIcons\coffee_house_16.png
c:\program files (x86)\explorer\Styles\KMLIcons\crosshair.png
c:\program files (x86)\explorer\Styles\KMLIcons\dining.png
c:\program files (x86)\explorer\Styles\KMLIcons\dining_16.png
c:\program files (x86)\explorer\Styles\KMLIcons\dot.png
c:\program files (x86)\explorer\Styles\KMLIcons\fast-food.png
c:\program files (x86)\explorer\Styles\KMLIcons\four-dollars.png
c:\program files (x86)\explorer\Styles\KMLIcons\french-flag.png
c:\program files (x86)\explorer\Styles\KMLIcons\hand.png
c:\program files (x86)\explorer\Styles\KMLIcons\high_res_places.png
c:\program files (x86)\explorer\Styles\KMLIcons\highway_16.png
c:\program files (x86)\explorer\Styles\KMLIcons\italian-flag.png
c:\program files (x86)\explorer\Styles\KMLIcons\large_traffic_count_16.png
c:\program files (x86)\explorer\Styles\KMLIcons\mexican-flag.png
c:\program files (x86)\explorer\Styles\KMLIcons\misc_dining.png
c:\program files (x86)\explorer\Styles\KMLIcons\note.png
c:\program files (x86)\explorer\Styles\KMLIcons\one-dollar.png
c:\program files (x86)\explorer\Styles\KMLIcons\palette-2.png
c:\program files (x86)\explorer\Styles\KMLIcons\palette-3.png
c:\program files (x86)\explorer\Styles\KMLIcons\palette-4.png
c:\program files (x86)\explorer\Styles\KMLIcons\palette-5.png
c:\program files (x86)\explorer\Styles\KMLIcons\parks.png
c:\program files (x86)\explorer\Styles\KMLIcons\recreation.png
c:\program files (x86)\explorer\Styles\KMLIcons\school_16.png
c:\program files (x86)\explorer\Styles\KMLIcons\search.png
c:\program files (x86)\explorer\Styles\KMLIcons\streamed_layer.png
c:\program files (x86)\explorer\Styles\KMLIcons\streamed_layers.png
c:\program files (x86)\explorer\Styles\KMLIcons\terrain_16.png
c:\program files (x86)\explorer\Styles\KMLIcons\three-dollars.png
c:\program files (x86)\explorer\Styles\KMLIcons\transportation.png
c:\program files (x86)\explorer\Styles\KMLIcons\two-dollars.png
c:\program files (x86)\explorer\Styles\KMLIcons\webcam_16.png
c:\program files (x86)\explorer\Styles\SlideTitleStyles.de.xml
c:\program files (x86)\explorer\Styles\SlideTitleStyles.es.xml
c:\program files (x86)\explorer\Styles\SlideTitleStyles.fr.xml
c:\program files (x86)\explorer\Styles\SlideTitleStyles.ja-JP.xml
c:\program files (x86)\explorer\Styles\SlideTitleStyles.xml
c:\program files (x86)\explorer\Styles\SlideTitleStyles.zh-CN.xml
c:\program files (x86)\explorer\Styles\StyleSheet.xsl
c:\program files (x86)\explorer\Styles\SymbolImages\Civic\ATM.png
c:\program files (x86)\explorer\Styles\SymbolImages\Civic\Bank.png
c:\program files (x86)\explorer\Styles\SymbolImages\Civic\Bell.png
c:\program files (x86)\explorer\Styles\SymbolImages\Civic\Cemetery.png
c:\program files (x86)\explorer\Styles\SymbolImages\Civic\City.png
c:\program files (x86)\explorer\Styles\SymbolImages\Civic\Clue.png
c:\program files (x86)\explorer\Styles\SymbolImages\Civic\Crowd.png
c:\program files (x86)\explorer\Styles\SymbolImages\Civic\GhostTown.png
c:\program files (x86)\explorer\Styles\SymbolImages\Civic\Horn.png
c:\program files (x86)\explorer\Styles\SymbolImages\Civic\Housing.png
c:\program files (x86)\explorer\Styles\SymbolImages\Civic\MailPost.png
c:\program files (x86)\explorer\Styles\SymbolImages\Civic\Office.png
c:\program files (x86)\explorer\Styles\SymbolImages\Civic\Radioactive.png
c:\program files (x86)\explorer\Styles\SymbolImages\Civic\School.png
c:\program files (x86)\explorer\Styles\SymbolImages\Civic\StarsStripes.png
c:\program files (x86)\explorer\Styles\SymbolImages\Flag\CheckeredFlag.png
c:\program files (x86)\explorer\Styles\SymbolImages\Flag\GreenFlag.png
c:\program files (x86)\explorer\Styles\SymbolImages\Flag\RedFlag.png
c:\program files (x86)\explorer\Styles\SymbolImages\Flag\WhiteFlag.png
c:\program files (x86)\explorer\Styles\SymbolImages\Flag\YellowFlag.png
c:\program files (x86)\explorer\Styles\SymbolImages\Health\AidStation.png
c:\program files (x86)\explorer\Styles\SymbolImages\Health\Ambulance.png
c:\program files (x86)\explorer\Styles\SymbolImages\Health\Doctor.png
c:\program files (x86)\explorer\Styles\SymbolImages\Health\Health.png
c:\program files (x86)\explorer\Styles\SymbolImages\Health\Hospital.png
c:\program files (x86)\explorer\Styles\SymbolImages\Health\Pharmacy.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\AmberBeacon.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\BlackBeacon.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\BlueBeacon.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\BoatsKeepOut.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\ControlledArea.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\Danger.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\DiverDown.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\GreenBeacon.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\GreenDiamondDaymark.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\GreenRedBeacon.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\GreenSquareDaymark.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\GreenWhiteBeacon.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\OrangeBeacon.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\PersonOverboard.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\RadioBeacon.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\RedBeacon.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\RedDiamondDaymark.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\RedGreenBeacon.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\RedSquareDaymark.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\RedTriangleDaymark.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\RedWhiteBeacon.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\SkullandCrossbones.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\UnderwaterOperations.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\VioletBeacon.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\WhiteBeacon.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\WhiteDiamondDaymark.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\WhiteGreenBeacon.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\WhiteRedBeacon.png
c:\program files (x86)\explorer\Styles\SymbolImages\Marine\Wreck.png
c:\program files (x86)\explorer\Styles\SymbolImages\Placemark\ArrowYellow.png
c:\program files (x86)\explorer\Styles\SymbolImages\Placemark\Capital1.png
c:\program files (x86)\explorer\Styles\SymbolImages\Placemark\Capital2.png
c:\program files (x86)\explorer\Styles\SymbolImages\Placemark\CircleX.png
c:\program files (x86)\explorer\Styles\SymbolImages\Placemark\CrossHair.png
c:\program files (x86)\explorer\Styles\SymbolImages\Placemark\Populated1.png
c:\program files (x86)\explorer\Styles\SymbolImages\Placemark\Populated2.png
c:\program files (x86)\explorer\Styles\SymbolImages\Placemark\Populated3.png
c:\program files (x86)\explorer\Styles\SymbolImages\Placemark\Populated4.png
c:\program files (x86)\explorer\Styles\SymbolImages\Placemark\Populated5.png
c:\program files (x86)\explorer\Styles\SymbolImages\Placemark\Populated6.png
c:\program files (x86)\explorer\Styles\SymbolImages\Placemark\Populated7.png
c:\program files (x86)\explorer\Styles\SymbolImages\Placemark\Star.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\AmusementPark.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\Bar.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\Camera.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\CameraWeb.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\CellPhone.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\Coffee.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\Dam.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\DepartmentStore.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\Dining.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\DrinkingWater.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\FastFood.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\FitnessCenter.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\Forest.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\Globe.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\Information.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\InformationQuestion.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\LandLine.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\Light.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\LiveShow.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\Mine.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\MovieTheater.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\Museum.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\News.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\Note.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\OilWell.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\Pizza.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\Pub.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\Question.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\RealEstate.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\Reservoir.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\Restroom.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\Shopping.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\Shower.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\Stadium.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\TowerShort.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\TowerTall.png
c:\program files (x86)\explorer\Styles\SymbolImages\Points of Interest\Zoo.png
c:\program files (x86)\explorer\Styles\SymbolImages\Public Safety\Burglary.png
c:\program files (x86)\explorer\Styles\SymbolImages\Public Safety\FireFighter.png
c:\program files (x86)\explorer\Styles\SymbolImages\Public Safety\FireStation.png
c:\program files (x86)\explorer\Styles\SymbolImages\Public Safety\FireTruck.png
c:\program files (x86)\explorer\Styles\SymbolImages\Public Safety\Homicide.png
c:\program files (x86)\explorer\Styles\SymbolImages\Public Safety\Police.png
c:\program files (x86)\explorer\Styles\SymbolImages\Public Safety\PoliceCar.png
c:\program files (x86)\explorer\Styles\SymbolImages\Public Safety\PoliceOfficer.png
c:\program files (x86)\explorer\Styles\SymbolImages\Public Safety\PoliceStation.png
c:\program files (x86)\explorer\Styles\SymbolImages\Public Safety\Theft.png
c:\program files (x86)\explorer\Styles\SymbolImages\Pushpin\BlackPushpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Pushpin\BluePushpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Pushpin\BrownPushpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Pushpin\GrayPushpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Pushpin\GreenPushpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Pushpin\LightBluePushpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Pushpin\OrangePushpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Pushpin\PinkPushpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Pushpin\PurplePushpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Pushpin\RedPushpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Pushpin\SpringGreenPushpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Pushpin\WhitePushpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Pushpin\YellowPushpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Recreation\Beach.png
c:\program files (x86)\explorer\Styles\SymbolImages\Recreation\BoatLaunch.png
c:\program files (x86)\explorer\Styles\SymbolImages\Recreation\Bowling.png
c:\program files (x86)\explorer\Styles\SymbolImages\Recreation\Camping.png
c:\program files (x86)\explorer\Styles\SymbolImages\Recreation\Deer.png
c:\program files (x86)\explorer\Styles\SymbolImages\Recreation\Fishing.png
c:\program files (x86)\explorer\Styles\SymbolImages\Recreation\Geocache.png
c:\program files (x86)\explorer\Styles\SymbolImages\Recreation\GeocacheFound.png
c:\program files (x86)\explorer\Styles\SymbolImages\Recreation\Gliding.png
c:\program files (x86)\explorer\Styles\SymbolImages\Recreation\Golf.png
c:\program files (x86)\explorer\Styles\SymbolImages\Recreation\Hiking.png
c:\program files (x86)\explorer\Styles\SymbolImages\Recreation\Mountain.png
c:\program files (x86)\explorer\Styles\SymbolImages\Recreation\Park.png
c:\program files (x86)\explorer\Styles\SymbolImages\Recreation\RestArea.png
c:\program files (x86)\explorer\Styles\SymbolImages\Recreation\RVPark.png
c:\program files (x86)\explorer\Styles\SymbolImages\Recreation\SkyDiving.png
c:\program files (x86)\explorer\Styles\SymbolImages\Recreation\Sports.png
c:\program files (x86)\explorer\Styles\SymbolImages\Recreation\Swimming.png
c:\program files (x86)\explorer\Styles\SymbolImages\Recreation\TrackBack.png
c:\program files (x86)\explorer\Styles\SymbolImages\Recreation\WaterSkiing.png
c:\program files (x86)\explorer\Styles\SymbolImages\Sphere\BlueSphere.png
c:\program files (x86)\explorer\Styles\SymbolImages\Sphere\GreenSphere.png
c:\program files (x86)\explorer\Styles\SymbolImages\Sphere\OrangeSphere.png
c:\program files (x86)\explorer\Styles\SymbolImages\Sphere\PurpleSphere.png
c:\program files (x86)\explorer\Styles\SymbolImages\Sphere\RedSphere.png
c:\program files (x86)\explorer\Styles\SymbolImages\Sphere\YellowSphere.png
c:\program files (x86)\explorer\Styles\SymbolImages\Square\BlackWaypoint.png
c:\program files (x86)\explorer\Styles\SymbolImages\Square\BlueWaypoint.png
c:\program files (x86)\explorer\Styles\SymbolImages\Square\WhiteWaypoint.png
c:\program files (x86)\explorer\Styles\SymbolImages\Stickpin\BlackStickpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Stickpin\BlueStickpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Stickpin\BrownStickpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Stickpin\GrayStickpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Stickpin\GreenStickpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Stickpin\LightBlueStickpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Stickpin\OrangeStickpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Stickpin\PinkStickpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Stickpin\PurpleStickpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Stickpin\RedStickpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Stickpin\SpringGreenStickpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Stickpin\WhiteStickpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Stickpin\YellowStickpin.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transparent\Transparent.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\Airplane.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\AirStrip.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\Breakdown.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\Bus.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\CarGreenBack.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\CarGreenFront.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\CarRedBack.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\CarRedFront.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\CarRental.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\CarRepair.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\CarYellowBack.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\CarYellowFront.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\ConvenienceStore.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\Crossing.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\Fuel.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\HelicopterGreen.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\HelicopterRed.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\HelicopterYellow.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\Landingpad.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\Lodging.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\MileMarker.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\MountainPass.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\Overpass.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\Parking.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\PrivateField.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\RoadClosure.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\RoadWork.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\Sailing.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\Scales.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\Seaplane.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\Tank.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\Toll.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\TrafficAccident.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\Tunnel.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\Ultralight.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\WarningRed.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\WarningYellow.png
c:\program files (x86)\explorer\Styles\SymbolImages\Transportation\YellowSemiTractor.png
c:\program files (x86)\explorer\Styles\SymbolImages\Weather\Cloudy.png
c:\program files (x86)\explorer\Styles\SymbolImages\Weather\HeatAdvisory.png
c:\program files (x86)\explorer\Styles\SymbolImages\Weather\Lightning.png
c:\program files (x86)\explorer\Styles\SymbolImages\Weather\PartlySunny.png
c:\program files (x86)\explorer\Styles\SymbolImages\Weather\Rain.png
c:\program files (x86)\explorer\Styles\SymbolImages\Weather\Snow.png
c:\program files (x86)\explorer\Styles\SymbolImages\Weather\Sunny.png
c:\program files (x86)\explorer\Styles\Template.ncfg
c:\program files (x86)\explorer\TilingSchemes\ArcGIS_Online_Bing_Maps_Google_Maps.xml
c:\program files (x86)\explorer\TilingSchemes\GoogleMapsVersions.xml
c:\program files (x86)\explorer\TilingSchemes\Yahoo.xml
c:\users\Carl Tessier\AppData\Local\{0bc26a33-65fe-93e0-8e88-9d220af6ad54}
c:\users\Carl Tessier\AppData\Local\{0bc26a33-65fe-93e0-8e88-9d220af6ad54}\@
c:\users\Carl Tessier\AppData\Local\{0bc26a33-65fe-93e0-8e88-9d220af6ad54}\n
c:\users\Carl Tessier\AppData\Local\assembly\tmp
c:\users\Carl Tessier\AppData\Local\assembly\tmp\N1BIIT75\__AssemblyInfo__.ini
c:\users\Carl Tessier\AppData\Local\assembly\tmp\N1BIIT75\AddinExpress.WD.2005.DLL
c:\users\Carl Tessier\AppData\Local\Temp\aprob.dll
c:\users\CARLTE~1\AppData\Local\Temp\aprob.dll
c:\windows\7Loader.TAG
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{0bc26a33-65fe-93e0-8e88-9d220af6ad54}
c:\windows\Installer\{0bc26a33-65fe-93e0-8e88-9d220af6ad54}\@
c:\windows\Installer\{0bc26a33-65fe-93e0-8e88-9d220af6ad54}\L\00000004.@
c:\windows\Installer\{0bc26a33-65fe-93e0-8e88-9d220af6ad54}\L\201d3dde
c:\windows\Installer\{0bc26a33-65fe-93e0-8e88-9d220af6ad54}\L\55490ac4
c:\windows\Installer\{0bc26a33-65fe-93e0-8e88-9d220af6ad54}\U\00000004.@
c:\windows\Installer\{0bc26a33-65fe-93e0-8e88-9d220af6ad54}\U\00000008.@
c:\windows\Installer\{0bc26a33-65fe-93e0-8e88-9d220af6ad54}\U\000000cb.@
c:\windows\Installer\{0bc26a33-65fe-93e0-8e88-9d220af6ad54}\U\80000000.@
c:\windows\Installer\{0bc26a33-65fe-93e0-8e88-9d220af6ad54}\U\80000032.@
c:\windows\Installer\{0bc26a33-65fe-93e0-8e88-9d220af6ad54}\U\80000064.@
c:\windows\iun6002.exe
c:\windows\My.ini
c:\windows\system32\drivers\etc\lmhosts
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
F:\autorun.inf
.
c:\windows\system32\services.exe . . . est infecté!!
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_{79007602-0CDB-4405-9DBF-1257BB3226EE}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-05-28 au 2012-06-29 ))))))))))))))))))))))))))))))))))))
.
.
2012-06-29 03:52 . 2012-06-29 03:52 -------- d-----w- c:\users\TrackitWeb\AppData\Local\temp
2012-06-29 03:52 . 2012-06-29 03:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-29 03:52 . 2012-06-29 03:52 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2012-06-27 05:17 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-06-27 05:17 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-06-25 19:05 . 2012-06-25 19:05 -------- d-----w- c:\users\Carl Tessier\AppData\Roaming\Malwarebytes
2012-06-25 19:05 . 2012-06-25 19:05 -------- d-----w- c:\programdata\Malwarebytes
2012-06-25 19:05 . 2012-06-25 19:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-25 19:05 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-23 02:56 . 2012-06-23 02:56 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-18 22:41 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-18 22:41 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-18 22:41 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-18 22:41 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-18 22:40 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-18 22:40 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-18 22:40 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-18 22:39 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-18 22:39 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-15 22:45 . 2012-06-15 22:45 -------- d-----w- c:\users\Carl Tessier\AppData\Local\Macromedia
2012-06-12 22:33 . 2012-06-12 22:33 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
2012-06-07 01:00 . 2012-06-07 01:00 -------- d-----w- c:\users\Carl Tessier\AppData\Roaming\GitHub
2012-06-07 01:00 . 2012-06-07 01:08 -------- d-----w- c:\users\Carl Tessier\AppData\Local\GitHub
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 02:47 . 2012-04-05 22:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 02:47 . 2011-05-16 22:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-09 04:38 . 2009-05-30 22:42 165232 ---ha-w- c:\users\Carl Tessier\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2012-06-09 01:39 . 2009-10-22 15:23 2485760 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-05-30 01:18 . 2012-05-30 01:18 62464 ---ha-w- c:\windows\system32\findup1664.dll
2012-05-06 05:32 . 2012-05-07 02:19 4474880 ----a-w- c:\windows\SysWow64\QtCored4.dll
2012-05-06 05:32 . 2012-05-07 02:19 2562560 ----a-w- c:\windows\SysWow64\QtCore4.dll
2012-05-06 05:31 . 2012-05-07 02:19 596480 ----a-w- c:\windows\SysWow64\QtXmld4.dll
2012-05-06 05:31 . 2012-05-07 02:19 5961728 ----a-w- c:\windows\SysWow64\QtXmlPatternsd4.dll
2012-05-06 05:31 . 2012-05-07 02:19 355840 ----a-w- c:\windows\SysWow64\QtXml4.dll
2012-05-06 05:31 . 2012-05-07 02:19 2634752 ----a-w- c:\windows\SysWow64\QtXmlPatterns4.dll
2012-05-06 05:31 . 2012-05-07 02:19 23985664 ----a-w- c:\windows\SysWow64\QtWebKitd4.dll
2012-05-06 05:31 . 2012-05-07 02:19 525824 ----a-w- c:\windows\SysWow64\QtSvgd4.dll
2012-05-06 05:31 . 2012-05-07 02:19 341504 ----a-w- c:\windows\SysWow64\QtSqld4.dll
2012-05-06 05:31 . 2012-05-07 02:19 283136 ----a-w- c:\windows\SysWow64\QtSvg4.dll
2012-05-06 05:31 . 2012-05-07 02:19 201728 ----a-w- c:\windows\SysWow64\QtSql4.dll
2012-05-06 05:31 . 2012-05-07 02:19 195584 ----a-w- c:\windows\SysWow64\QtTestd4.dll
2012-05-06 05:31 . 2012-05-07 02:19 13110784 ----a-w- c:\windows\SysWow64\QtWebKit4.dll
2012-05-06 05:31 . 2012-05-07 02:19 109056 ----a-w- c:\windows\SysWow64\QtTest4.dll
2012-05-06 05:31 . 2012-05-07 02:19 1042432 ----a-w- c:\windows\SysWow64\QtScriptToolsd4.dll
2012-05-06 05:31 . 2012-05-07 02:19 6948864 ----a-w- c:\windows\SysWow64\QtScriptd4.dll
2012-05-06 05:31 . 2012-05-07 02:19 583168 ----a-w- c:\windows\SysWow64\QtScriptTools4.dll
2012-05-06 05:31 . 2012-05-07 02:19 1341440 ----a-w- c:\windows\SysWow64\QtScript4.dll
2012-05-06 05:31 . 2012-05-07 02:19 840192 ----a-w- c:\windows\SysWow64\QtHelpd4.dll
2012-05-06 05:31 . 2012-05-07 02:19 778752 ----a-w- c:\windows\SysWow64\QtOpenGL4.dll
2012-05-06 05:31 . 2012-05-07 02:19 433152 ----a-w- c:\windows\SysWow64\QtHelp4.dll
2012-05-06 05:31 . 2012-05-07 02:19 230912 ----a-w- c:\windows\SysWow64\QtMultimediad4.dll
2012-05-06 05:31 . 2012-05-07 02:19 1760256 ----a-w- c:\windows\SysWow64\QtNetworkd4.dll
2012-05-06 05:31 . 2012-05-07 02:19 1428992 ----a-w- c:\windows\SysWow64\QtOpenGLd4.dll
2012-05-06 05:31 . 2012-05-07 02:19 114176 ----a-w- c:\windows\SysWow64\QtMultimedia4.dll
2012-05-06 05:31 . 2012-05-07 02:19 1037312 ----a-w- c:\windows\SysWow64\QtNetwork4.dll
2012-05-06 05:31 . 2012-05-07 02:19 14874112 ----a-w- c:\windows\SysWow64\QtGuid4.dll
2012-05-06 05:31 . 2012-05-07 02:19 8569856 ----a-w- c:\windows\SysWow64\QtGui4.dll
2012-05-06 05:31 . 2012-05-07 02:19 7275520 ----a-w- c:\windows\SysWow64\QtDesignerd4.dll
2012-05-06 05:31 . 2012-05-07 02:19 3890176 ----a-w- c:\windows\SysWow64\QtDesignerComponentsd4.dll
2012-05-06 05:31 . 2012-05-07 02:19 1926144 ----a-w- c:\windows\SysWow64\QtDesignerComponents4.dll
2012-05-06 05:31 . 2012-05-07 02:19 4900864 ----a-w- c:\windows\SysWow64\QtDeclaratived4.dll
2012-05-06 05:31 . 2012-05-07 02:19 4704768 ----a-w- c:\windows\SysWow64\QtDesigner4.dll
2012-05-06 05:31 . 2012-05-07 02:19 2576384 ----a-w- c:\windows\SysWow64\QtDeclarative4.dll
2012-05-06 05:31 . 2012-05-07 02:19 872448 ----a-w- c:\windows\SysWow64\QtCLucene4.dll
2012-05-06 05:31 . 2012-05-07 02:19 2257920 ----a-w- c:\windows\SysWow64\QtCLucened4.dll
2012-05-06 05:31 . 2012-05-07 02:19 3857408 ----a-w- c:\windows\SysWow64\Qt3Supportd4.dll
2012-05-06 05:31 . 2012-05-07 02:19 2395136 ----a-w- c:\windows\SysWow64\Qt3Support4.dll
2012-05-06 05:31 . 2009-06-02 11:03 517632 ----a-w- c:\windows\SysWow64\phonond4.dll
2012-05-06 05:31 . 2009-06-02 04:49 270848 ----a-w- c:\windows\SysWow64\phonon4.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . 50BEA589F7D7958BDD2528A8F69D05CC . 329216 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Carl Tessier\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Carl Tessier\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Carl Tessier\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Carl Tessier\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-23 6591800]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2012-05-30 4331392]
"FeedDemon"="c:\program files (x86)\FeedDemon\FeedDemon.exe" [2010-12-16 7503360]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-09-18 1242448]
"Facebook Update"="c:\users\Carl Tessier\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-11 137536]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-11-11 442536]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-07-29 128296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Client Access Service"="c:\program files (x86)\IBM\Client Access\cwbsvstr.exe" [2007-12-11 14848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-08-22 103536]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"LogitechCommunicationsManager"="c:\program files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"LogitechQuickCamRibbon"="c:\program files (x86)\Labtec\WebCam10\WebCam10.exe" [2007-03-06 1060376]
"MessengerPlusForSkypeService"="c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-03-21 119296]
.
c:\users\Carl Tessier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Carl Tessier\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Facebook Messenger.lnk - c:\users\Carl Tessier\AppData\Local\Facebook\Messenger\2.1.4554.0\FacebookMessenger.exe [2012-6-20 209920]
OneNote 2010 - Capture d’écran et lancement.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
HotSync Manager.lnk - c:\program files (x86)\palmOne\Hotsync.exe [2004-6-9 471040]
Zend Controller.lnk - c:\program files (x86)\Zend\ZendServer\bin\zendcontroller.exe [2010-11-30 249336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1c9ee03c2a0f134;Service Google Update (gupdate1c9ee03c2a0f134);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-15 133104]
R2 MSSQL$TRACKIT;SQL Server (TRACKIT);c:\program files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [x]
R2 MSSQL$TRACKIT_1;SQL Server (TRACKIT_1);c:\program files (x86)\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe [x]
R2 MSSQL$TRACKIT_2;SQL Server (TRACKIT_2);c:\program files (x86)\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-08-22 11837440]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-12-10 1038088]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-15 133104]
R3 LVcKap64;Logitech AEC Driver;c:\windows\system32\DRIVERS\LVcKap64.sys [2007-03-06 1029024]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PORTMON;PORTMON;c:\program files (x86)\Sysinternals\PORTMSYS.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2011-07-15 46384]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-08-12 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144]
R4 SQLAgent$SQL2008;SQL Server Agent (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10.SQL2008\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-02-06 54480]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-12-19 130864]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 AsnaAssist;ASNA Assist;c:\program files (x86)\ASNA\ASNA Services\AsnaSvcHost.exe [2008-12-10 114688]
S2 AsnaRegistrar;ASNA Registrar;c:\program files (x86)\ASNA\ASNA Services\AsnaSvcHost.exe [2008-12-10 114688]
S2 DataGate Server;DataGate Server;c:\program files (x86)\ASNA\DataGate Server\8.1\dgServer.exe [2008-12-04 2080768]
S2 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1);c:\program files (x86)\IBM\SQLLIB\BIN\db2mgmtsvc.exe [2009-04-04 38688]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 MsgPlusService;Messenger Plus! Service;c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-03-21 119296]
S2 MSSQL$SQL2008;SQL Server (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10.SQL2008\MSSQL\Binn\sqlservr.exe [2011-09-23 58345832]
S2 MSSQL$TRACKIT_3;SQL Server (TRACKIT_3);c:\program files (x86)\Microsoft SQL Server\MSSQL.5\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 ReportServer$SQL2008;SQL Server Reporting Services (SQL2008);c:\program files\Microsoft SQL Server\MSRS10.SQL2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-09-23 2084712]
S2 sesvc;ShadowExplorer Service;c:\program files (x86)\ShadowExplorer\sesvc.exe [2011-01-03 9216]
S2 TeamViewer4;TeamViewer 4;c:\program files (x86)\TeamViewer\Version4\TeamViewer_Service.exe [2009-10-07 185640]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-22 846448]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2008-10-28 160704]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [2007-03-06 58400]
S3 MSSQLFDLauncher$SQL2008;SQL Full-text Filter Daemon Launcher (SQL2008);c:\program files\Microsoft SQL Server\MSSQL10.SQL2008\MSSQL\Binn\fdlauncher.exe [2008-07-10 34840]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\DRIVERS\OA008Ufd.sys [2009-03-06 159840]
S3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\DRIVERS\OA008Vid.sys [2009-05-06 313696]
S3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [2009-07-13 10240]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-12-19 165680]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contenu du dossier 'Tâches planifiées'
.
2012-06-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3585025520-255359423-1373225610-1000Core.job
- c:\users\Carl Tessier\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-05 23:42]
.
2012-06-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3585025520-255359423-1373225610-1000UA.job
- c:\users\Carl Tessier\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-05 23:42]
.
2012-06-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-15 01:36]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-15 21:53]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-15 21:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Carl Tessier\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Carl Tessier\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Carl Tessier\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Carl Tessier\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 97032 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCCCATS"="c:\windows\system32\spool\DRIVERS\x64\3\DLCCtime.dll" [2006-02-24 28672]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2008-09-26 2041112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]
"combofix"="c:\combofix\CF26280.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local;*.local
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: S'abonner avec RSS Bandit - c:\users\Carl Tessier\AppData\Roaming\RssBandit\iecontext_subscribebandit.htm
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
LSP: mswsock.dll
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: cascades.com\norampac.trackit
Trusted Zone: gouv.qc.ca\www.mtqsignalisation.mtq
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{47738D2D-5792-416D-84E8-D96A2C801C31}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{47738D2D-5792-416D-84E8-D96A2C801C31}\14D6472716B634F6E6E6563647: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{47738D2D-5792-416D-84E8-D96A2C801C31}\6574E4564777F627B6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{47738D2D-5792-416D-84E8-D96A2C801C31}\86F6D6561313: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{47738D2D-5792-416D-84E8-D96A2C801C31}\E4544574541425: NameServer = 8.8.8.8,8.8.4.4
DPF: {576756A1-D97C-45D0-A945-0324019A131E} - hxxp://ti9-testsvr.norampac.com/tiweb70/downloads/BOSIActiveXGrid.cab
DPF: {6AF2E1A7-A16E-4503-A440-07CA49122CCE} - hxxp://ti9-testsvr.norampac.com/tiweb70/downloads/BOSIActiveXMemoControl.cab
FF - ProfilePath - c:\users\Carl Tessier\AppData\Roaming\Mozilla\Firefox\Profiles\h8fonhha.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.socks - 66.167.100.59
FF - prefs.js: network.proxy.socks_port - 6649
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: zend.ZDE_Path - c:\program files (x86)\Zend\Zend Studio - 7.0.2\ZendStudio.exe
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Daemon for Mouse Suite - c:\program files\Lenovo\Lenovo Mouse Suite\ICO.EXE
HKLM-Run-adsdl - c:\users\CARLTE~1\AppData\Local\Temp\adsdl.dll
HKLM-Run-aprob - c:\users\CARLTE~1\AppData\Local\Temp\aprob.dll
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-3585025520-255359423-1373225610-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*¨*i%c%]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3585025520-255359423-1373225610-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*¨*i%c%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3585025520-255359423-1373225610-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c% Ò*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3585025520-255359423-1373225610-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c% Ò*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3585025520-255359423-1373225610-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i%ì*Ñ*]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3585025520-255359423-1373225610-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i%ì*Ñ*\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ASNA\Shared\Security Provider*Wrong guess again!]
"<No Name>"="{19A41F22-0413-4A77-826C-6A2CB6B47708}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\SUA\usr\sbin\init
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Borland\InterBase\bin\ibguard.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Borland\InterBase\bin\ibserver.exe
c:\program files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe
c:\windows\SysWOW64\inetsrv\w3wp.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe
c:\program files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
.
**************************************************************************
.
Heure de fin: 2012-06-29 00:19:49 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-06-29 04:19
.
Avant-CF: 65 195 401 216 octets libres
Après-CF: 66 785 902 592 octets libres
.
- - End Of File - - 413978AFE3B4AA92A14AF2B4F6F7C3A5

Just FYI, in my case, "C:\Program Files (x86)\explorer" was legit; it was ArcGIS Explorer, a GIS mapping application. I do understand why it looked suspicious though.

There does not seem to be anything wrong with HTTPS anymore. Chrome does accept Google's certificate now, which would indicate that no one is in the middle of the conversation.

If any symptom reappears, I'll let you know.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 AM

Posted 29 June 2012 - 08:25 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 AM

Posted 01 July 2012 - 11:34 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Dr Frankenstein

Dr Frankenstein
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 03 July 2012 - 09:34 PM

Sorry about the hiatus. I was on a short vacation. I'm back now.

TDSSkiller has a clean report.
21:46:05.0155 7408 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
21:46:05.0430 7408 ============================================================
21:46:05.0430 7408 Current date / time: 2012/07/03 21:46:05.0430
21:46:05.0430 7408 SystemInfo:
21:46:05.0430 7408
21:46:05.0430 7408 OS Version: 6.1.7600 ServicePack: 0.0
21:46:05.0430 7408 Product type: Workstation
21:46:05.0430 7408 ComputerName: CARL-LAPTOP
21:46:05.0431 7408 UserName: Carl Tessier
21:46:05.0431 7408 Windows directory: C:\Windows
21:46:05.0431 7408 System windows directory: C:\Windows
21:46:05.0431 7408 Running under WOW64
21:46:05.0431 7408 Processor architecture: Intel x64
21:46:05.0431 7408 Number of processors: 2
21:46:05.0431 7408 Page size: 0x1000
21:46:05.0431 7408 Boot type: Normal boot
21:46:05.0431 7408 ============================================================
21:46:06.0769 7408 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:46:06.0778 7408 ============================================================
21:46:06.0779 7408 \Device\Harddisk0\DR0:
21:46:06.0779 7408 MBR partitions:
21:46:06.0779 7408 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
21:46:06.0779 7408 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x1B4657AB
21:46:06.0779 7408 ============================================================
21:46:06.0799 7408 C: <-> \Device\Harddisk0\DR0\Partition1
21:46:06.0827 7408 D: <-> \Device\Harddisk0\DR0\Partition0
21:46:06.0828 7408 ============================================================
21:46:06.0828 7408 Initialize success
21:46:06.0828 7408 ============================================================
21:46:10.0291 5512 ============================================================
21:46:10.0291 5512 Scan started
21:46:10.0291 5512 Mode: Manual;
21:46:10.0291 5512 ============================================================
21:46:13.0775 5512 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:46:13.0791 5512 1394ohci - ok
21:46:13.0832 5512 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:46:13.0838 5512 ACPI - ok
21:46:13.0859 5512 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:46:13.0860 5512 AcpiPmi - ok
21:46:13.0900 5512 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
21:46:13.0902 5512 adfs - ok
21:46:13.0992 5512 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:46:14.0007 5512 adp94xx - ok
21:46:14.0039 5512 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:46:14.0053 5512 adpahci - ok
21:46:14.0086 5512 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:46:14.0096 5512 adpu320 - ok
21:46:14.0142 5512 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:46:14.0144 5512 AeLookupSvc - ok
21:46:14.0415 5512 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
21:46:14.0417 5512 AESTFilters - ok
21:46:14.0525 5512 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
21:46:14.0557 5512 AFD - ok
21:46:14.0588 5512 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:46:14.0590 5512 agp440 - ok
21:46:14.0621 5512 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:46:14.0623 5512 ALG - ok
21:46:14.0646 5512 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:46:14.0648 5512 aliide - ok
21:46:14.0717 5512 AMD External Events Utility (d696f317bd465a602566f8e1dcce15f7) C:\Windows\system32\atiesrxx.exe
21:46:14.0738 5512 AMD External Events Utility - ok
21:46:14.0757 5512 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:46:14.0759 5512 amdide - ok
21:46:14.0788 5512 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:46:14.0791 5512 AmdK8 - ok
21:46:14.0806 5512 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:46:14.0808 5512 AmdPPM - ok
21:46:14.0857 5512 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:46:14.0860 5512 amdsata - ok
21:46:14.0908 5512 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:46:14.0939 5512 amdsbs - ok
21:46:14.0958 5512 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:46:14.0959 5512 amdxata - ok
21:46:15.0060 5512 AppHostSvc (03fbb7c5ea4ef153f10282614b9771cb) C:\Windows\system32\inetsrv\apphostsvc.dll
21:46:15.0062 5512 AppHostSvc - ok
21:46:15.0091 5512 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:46:15.0093 5512 AppID - ok
21:46:15.0113 5512 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:46:15.0116 5512 AppIDSvc - ok
21:46:15.0145 5512 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
21:46:15.0147 5512 Appinfo - ok
21:46:15.0325 5512 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:46:15.0328 5512 Apple Mobile Device - ok
21:46:15.0422 5512 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
21:46:15.0453 5512 AppMgmt - ok
21:46:15.0475 5512 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:46:15.0477 5512 arc - ok
21:46:15.0504 5512 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:46:15.0507 5512 arcsas - ok
21:46:15.0640 5512 AsnaAssist (c987c43ceb71d70398590e8c588dc2af) C:\Program Files (x86)\ASNA\ASNA Services\AsnaSvcHost.exe
21:46:15.0642 5512 AsnaAssist - ok
21:46:15.0648 5512 AsnaRegistrar (c987c43ceb71d70398590e8c588dc2af) C:\Program Files (x86)\ASNA\ASNA Services\AsnaSvcHost.exe
21:46:15.0650 5512 AsnaRegistrar - ok
21:46:16.0010 5512 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:46:16.0033 5512 aspnet_state - ok
21:46:16.0063 5512 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:46:16.0064 5512 AsyncMac - ok
21:46:16.0108 5512 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:46:16.0109 5512 atapi - ok
21:46:16.0516 5512 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
21:46:16.0637 5512 atikmdag - ok
21:46:16.0860 5512 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:46:16.0874 5512 AudioEndpointBuilder - ok
21:46:16.0887 5512 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:46:16.0895 5512 AudioSrv - ok
21:46:16.0921 5512 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
21:46:16.0932 5512 AxInstSV - ok
21:46:17.0060 5512 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:46:17.0073 5512 b06bdrv - ok
21:46:17.0149 5512 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:46:17.0159 5512 b57nd60a - ok
21:46:17.0195 5512 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:46:17.0198 5512 BDESVC - ok
21:46:17.0210 5512 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:46:17.0211 5512 Beep - ok
21:46:17.0301 5512 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
21:46:17.0318 5512 BFE - ok
21:46:17.0426 5512 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
21:46:17.0481 5512 BITS - ok
21:46:17.0509 5512 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:46:17.0511 5512 blbdrive - ok
21:46:17.0644 5512 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:46:17.0654 5512 Bonjour Service - ok
21:46:17.0704 5512 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:46:17.0707 5512 bowser - ok
21:46:17.0721 5512 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:46:17.0722 5512 BrFiltLo - ok
21:46:17.0738 5512 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:46:17.0739 5512 BrFiltUp - ok
21:46:17.0763 5512 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:46:17.0766 5512 BridgeMP - ok
21:46:17.0832 5512 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
21:46:17.0841 5512 Browser - ok
21:46:17.0881 5512 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:46:17.0890 5512 Brserid - ok
21:46:17.0907 5512 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:46:17.0910 5512 BrSerWdm - ok
21:46:17.0927 5512 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:46:17.0928 5512 BrUsbMdm - ok
21:46:17.0947 5512 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:46:17.0949 5512 BrUsbSer - ok
21:46:17.0970 5512 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:46:17.0973 5512 BTHMODEM - ok
21:46:18.0002 5512 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:46:18.0004 5512 bthserv - ok
21:46:18.0024 5512 catchme - ok
21:46:18.0076 5512 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:46:18.0078 5512 cdfs - ok
21:46:18.0108 5512 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:46:18.0117 5512 cdrom - ok
21:46:18.0141 5512 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:46:18.0143 5512 CertPropSvc - ok
21:46:18.0172 5512 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:46:18.0174 5512 circlass - ok
21:46:18.0217 5512 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:46:18.0232 5512 CLFS - ok
21:46:18.0322 5512 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:46:18.0358 5512 clr_optimization_v2.0.50727_32 - ok
21:46:18.0475 5512 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:46:18.0477 5512 clr_optimization_v2.0.50727_64 - ok
21:46:18.0644 5512 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:46:18.0745 5512 clr_optimization_v4.0.30319_32 - ok
21:46:18.0832 5512 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:46:18.0842 5512 clr_optimization_v4.0.30319_64 - ok
21:46:18.0929 5512 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:46:18.0930 5512 CmBatt - ok
21:46:18.0952 5512 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:46:18.0954 5512 cmdide - ok
21:46:18.0999 5512 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
21:46:19.0008 5512 CNG - ok
21:46:19.0033 5512 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:46:19.0034 5512 Compbatt - ok
21:46:19.0061 5512 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:46:19.0063 5512 CompositeBus - ok
21:46:19.0081 5512 COMSysApp - ok
21:46:19.0111 5512 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:46:19.0113 5512 crcdisk - ok
21:46:19.0184 5512 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
21:46:19.0191 5512 CryptSvc - ok
21:46:19.0266 5512 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
21:46:19.0276 5512 CSC - ok
21:46:19.0339 5512 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
21:46:19.0350 5512 CscService - ok
21:46:19.0410 5512 CtClsFlt (11f13042577705093612c6a123caf12f) C:\Windows\system32\DRIVERS\CtClsFlt.sys
21:46:19.0421 5512 CtClsFlt - ok
21:46:19.0488 5512 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
21:46:19.0491 5512 ctxusbm - ok
21:46:19.0557 5512 Cwbrxd (a3e72b3618fed67bf5ef4d48cb8707ce) C:\Windows\cwbrxd.exe
21:46:19.0560 5512 Cwbrxd - ok
21:46:19.0824 5512 DataGate Server (f657d0c4166a080f75e627c1ed5cb905) C:\Program Files (x86)\ASNA\DataGate Server\8.1\dgServer.exe
21:46:19.0865 5512 DataGate Server - ok
21:46:19.0975 5512 DB2MGMTSVC_DB2COPY1 (f72142ba575b15e901f551be9302a6ec) C:\Program Files (x86)\IBM\SQLLIB\BIN\db2mgmtsvc.exe
21:46:19.0976 5512 DB2MGMTSVC_DB2COPY1 - ok
21:46:20.0187 5512 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:46:20.0197 5512 DcomLaunch - ok
21:46:20.0276 5512 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:46:20.0287 5512 defragsvc - ok
21:46:20.0380 5512 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:46:20.0385 5512 DfsC - ok
21:46:20.0475 5512 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
21:46:20.0484 5512 Dhcp - ok
21:46:20.0526 5512 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:46:20.0528 5512 discache - ok
21:46:20.0566 5512 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:46:20.0569 5512 Disk - ok
21:46:20.0626 5512 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
21:46:20.0649 5512 Dnscache - ok
21:46:20.0779 5512 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
21:46:20.0789 5512 DockLoginService - ok
21:46:20.0821 5512 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
21:46:20.0835 5512 dot3svc - ok
21:46:20.0861 5512 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
21:46:20.0871 5512 DPS - ok
21:46:20.0914 5512 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:46:20.0916 5512 drmkaud - ok
21:46:21.0037 5512 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:46:21.0054 5512 DXGKrnl - ok
21:46:21.0101 5512 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:46:21.0104 5512 EapHost - ok
21:46:21.0363 5512 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:46:21.0427 5512 ebdrv - ok
21:46:21.0591 5512 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
21:46:21.0594 5512 EFS - ok
21:46:21.0723 5512 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
21:46:21.0740 5512 ehRecvr - ok
21:46:21.0787 5512 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:46:21.0798 5512 ehSched - ok
21:46:21.0904 5512 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:46:21.0906 5512 ElbyCDIO - ok
21:46:21.0976 5512 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:46:21.0987 5512 elxstor - ok
21:46:22.0009 5512 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:46:22.0011 5512 ErrDev - ok
21:46:22.0087 5512 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:46:22.0099 5512 EventSystem - ok
21:46:22.0128 5512 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:46:22.0135 5512 exfat - ok
21:46:22.0172 5512 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:46:22.0187 5512 fastfat - ok
21:46:22.0273 5512 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
21:46:22.0292 5512 Fax - ok
21:46:22.0313 5512 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:46:22.0315 5512 fdc - ok
21:46:22.0337 5512 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:46:22.0339 5512 fdPHost - ok
21:46:22.0351 5512 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:46:22.0354 5512 FDResPub - ok
21:46:22.0371 5512 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:46:22.0374 5512 FileInfo - ok
21:46:22.0395 5512 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:46:22.0398 5512 Filetrace - ok
21:46:22.0547 5512 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:46:22.0559 5512 FLEXnet Licensing Service - ok
21:46:22.0734 5512 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
21:46:22.0761 5512 FLEXnet Licensing Service 64 - ok
21:46:22.0929 5512 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:46:22.0931 5512 flpydisk - ok
21:46:22.0965 5512 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:46:22.0980 5512 FltMgr - ok
21:46:23.0106 5512 FontCache (97223981a9214f1b4997e9075abb6bf5) C:\Windows\system32\FntCache.dll
21:46:23.0135 5512 FontCache - ok
21:46:23.0285 5512 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:46:23.0288 5512 FontCache3.0.0.0 - ok
21:46:23.0317 5512 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:46:23.0319 5512 FsDepends - ok
21:46:23.0333 5512 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:46:23.0334 5512 Fs_Rec - ok
21:46:23.0400 5512 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:46:23.0405 5512 fvevol - ok
21:46:23.0436 5512 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:46:23.0438 5512 gagp30kx - ok
21:46:23.0488 5512 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:46:23.0490 5512 GEARAspiWDM - ok
21:46:23.0647 5512 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
21:46:23.0722 5512 GoToAssist - ok
21:46:23.0838 5512 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
21:46:23.0858 5512 gpsvc - ok
21:46:23.0989 5512 gupdate1c9ee03c2a0f134 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:46:24.0000 5512 gupdate1c9ee03c2a0f134 - ok
21:46:24.0022 5512 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:46:24.0023 5512 gupdatem - ok
21:46:24.0077 5512 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:46:24.0090 5512 gusvc - ok
21:46:24.0163 5512 hcmon (5bf776abedea06b0779c82e9d54b58d7) C:\Windows\system32\drivers\hcmon.sys
21:46:24.0164 5512 hcmon - ok
21:46:24.0194 5512 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:46:24.0196 5512 hcw85cir - ok
21:46:24.0274 5512 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:46:24.0284 5512 HdAudAddService - ok
21:46:24.0315 5512 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:46:24.0317 5512 HDAudBus - ok
21:46:24.0352 5512 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:46:24.0354 5512 HidBatt - ok
21:46:24.0372 5512 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:46:24.0375 5512 HidBth - ok
21:46:24.0417 5512 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:46:24.0419 5512 HidIr - ok
21:46:24.0448 5512 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:46:24.0450 5512 hidserv - ok
21:46:24.0485 5512 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:46:24.0486 5512 HidUsb - ok
21:46:24.0530 5512 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
21:46:24.0541 5512 hkmsvc - ok
21:46:24.0580 5512 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
21:46:24.0592 5512 HomeGroupListener - ok
21:46:24.0653 5512 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
21:46:24.0668 5512 HomeGroupProvider - ok
21:46:24.0705 5512 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:46:24.0707 5512 HpSAMD - ok
21:46:24.0790 5512 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:46:24.0801 5512 HTTP - ok
21:46:24.0814 5512 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:46:24.0815 5512 hwpolicy - ok
21:46:24.0852 5512 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:46:24.0854 5512 i8042prt - ok
21:46:24.0920 5512 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
21:46:24.0935 5512 iaStorV - ok
21:46:25.0048 5512 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:46:25.0052 5512 IDriverT - ok
21:46:25.0270 5512 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:46:25.0294 5512 idsvc - ok
21:46:25.0439 5512 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:46:25.0441 5512 iirsp - ok
21:46:25.0506 5512 IISADMIN (e38700363287b9fd3c53d47ff2fb9f2d) C:\Windows\system32\inetsrv\inetinfo.exe
21:46:25.0508 5512 IISADMIN - ok
21:46:25.0631 5512 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
21:46:25.0646 5512 IKEEXT - ok
21:46:25.0681 5512 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:46:25.0683 5512 intelide - ok
21:46:25.0722 5512 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:46:25.0724 5512 intelppm - ok
21:46:25.0820 5512 InterBaseGuardian (692bcdceab912922a6bb015f45abe862) C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe
21:46:25.0821 5512 InterBaseGuardian - ok
21:46:26.0095 5512 InterBaseServer (1df5db8996ec9d5ffce0a60135c33f8f) C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe
21:46:26.0130 5512 InterBaseServer - ok
21:46:26.0243 5512 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:46:26.0254 5512 IPBusEnum - ok
21:46:26.0329 5512 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:46:26.0331 5512 IpFilterDriver - ok
21:46:26.0417 5512 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
21:46:26.0427 5512 iphlpsvc - ok
21:46:26.0456 5512 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:46:26.0458 5512 IPMIDRV - ok
21:46:26.0499 5512 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:46:26.0509 5512 IPNAT - ok
21:46:26.0651 5512 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
21:46:26.0664 5512 iPod Service - ok
21:46:26.0701 5512 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:46:26.0703 5512 IRENUM - ok
21:46:26.0723 5512 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:46:26.0724 5512 isapnp - ok
21:46:26.0771 5512 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:46:26.0805 5512 iScsiPrt - ok
21:46:26.0877 5512 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\Windows\system32\DRIVERS\k57nd60a.sys
21:46:26.0892 5512 k57nd60a - ok
21:46:26.0905 5512 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:46:26.0908 5512 kbdclass - ok
21:46:26.0939 5512 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:46:26.0941 5512 kbdhid - ok
21:46:26.0982 5512 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:46:26.0985 5512 KeyIso - ok
21:46:27.0001 5512 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
21:46:27.0004 5512 KSecDD - ok
21:46:27.0059 5512 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
21:46:27.0070 5512 KSecPkg - ok
21:46:27.0082 5512 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:46:27.0084 5512 ksthunk - ok
21:46:27.0157 5512 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:46:27.0169 5512 KtmRm - ok
21:46:27.0227 5512 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
21:46:27.0240 5512 LanmanServer - ok
21:46:27.0289 5512 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
21:46:27.0300 5512 LanmanWorkstation - ok
21:46:27.0332 5512 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:46:27.0334 5512 lltdio - ok
21:46:27.0400 5512 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:46:27.0411 5512 lltdsvc - ok
21:46:27.0435 5512 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:46:27.0438 5512 lmhosts - ok
21:46:27.0480 5512 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:46:27.0490 5512 LSI_FC - ok
21:46:27.0504 5512 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:46:27.0507 5512 LSI_SAS - ok
21:46:27.0533 5512 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:46:27.0536 5512 LSI_SAS2 - ok
21:46:27.0563 5512 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:46:27.0566 5512 LSI_SCSI - ok
21:46:27.0606 5512 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:46:27.0609 5512 luafv - ok
21:46:27.0730 5512 LVcKap64 (5d43cc3ecd4f2e733460a6e4af576128) C:\Windows\system32\DRIVERS\LVcKap64.sys
21:46:27.0746 5512 LVcKap64 - ok
21:46:27.0952 5512 LVMVDrv (2404a511b682bfd8790e663a3e432473) C:\Windows\system32\DRIVERS\LVMVDrv.sys
21:46:28.0005 5512 LVMVDrv - ok
21:46:28.0120 5512 LVSrvLauncher (25f430702e3923f9dfb6b9a4d1dd9c29) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
21:46:28.0127 5512 LVSrvLauncher - ok
21:46:28.0351 5512 LVUSBS64 (6f9b043fd18c17d7e719382608817c72) C:\Windows\system32\DRIVERS\LVUSBS64.sys
21:46:28.0354 5512 LVUSBS64 - ok
21:46:28.0424 5512 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
21:46:28.0459 5512 mcdbus - ok
21:46:28.0496 5512 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
21:46:28.0500 5512 Mcx2Svc - ok
21:46:28.0649 5512 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
21:46:28.0655 5512 MDM - ok
21:46:28.0695 5512 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:46:28.0697 5512 megasas - ok
21:46:28.0733 5512 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:46:28.0742 5512 MegaSR - ok
21:46:28.0870 5512 Microsoft SharePoint Workspace Audit Service - ok
21:46:28.0909 5512 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:46:28.0922 5512 MMCSS - ok
21:46:28.0949 5512 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:46:28.0951 5512 Modem - ok
21:46:28.0980 5512 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:46:28.0981 5512 monitor - ok
21:46:28.0995 5512 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:46:28.0997 5512 mouclass - ok
21:46:29.0013 5512 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:46:29.0015 5512 mouhid - ok
21:46:29.0035 5512 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:46:29.0037 5512 mountmgr - ok
21:46:29.0116 5512 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:46:29.0125 5512 MozillaMaintenance - ok
21:46:29.0161 5512 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:46:29.0169 5512 mpio - ok
21:46:29.0201 5512 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:46:29.0203 5512 mpsdrv - ok
21:46:29.0303 5512 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
21:46:29.0319 5512 MpsSvc - ok
21:46:29.0350 5512 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:46:29.0358 5512 MRxDAV - ok
21:46:29.0415 5512 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:46:29.0424 5512 mrxsmb - ok
21:46:29.0489 5512 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:46:29.0500 5512 mrxsmb10 - ok
21:46:29.0520 5512 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:46:29.0531 5512 mrxsmb20 - ok
21:46:29.0572 5512 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:46:29.0574 5512 msahci - ok
21:46:29.0603 5512 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:46:29.0613 5512 msdsm - ok
21:46:29.0641 5512 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:46:29.0651 5512 MSDTC - ok
21:46:29.0683 5512 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:46:29.0685 5512 Msfs - ok
21:46:29.0821 5512 MsgPlusService (e7826e9f372d4b57c3a56872a24385d9) C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
21:46:29.0831 5512 MsgPlusService - ok
21:46:29.0842 5512 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:46:29.0843 5512 mshidkmdf - ok
21:46:29.0855 5512 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:46:29.0856 5512 msisadrv - ok
21:46:29.0909 5512 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:46:29.0919 5512 MSiSCSI - ok
21:46:29.0925 5512 msiserver - ok
21:46:29.0962 5512 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:46:29.0964 5512 MSKSSRV - ok
21:46:30.0021 5512 msloop (103b3bbe23ab774b009d182276ec6786) C:\Windows\system32\DRIVERS\loop.sys
21:46:30.0023 5512 msloop - ok
21:46:30.0055 5512 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:46:30.0056 5512 MSPCLOCK - ok
21:46:30.0068 5512 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:46:30.0070 5512 MSPQM - ok
21:46:30.0113 5512 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:46:30.0127 5512 MsRPC - ok
21:46:30.0153 5512 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:46:30.0154 5512 mssmbios - ok
21:46:30.0295 5512 MSSQL$SQL2008 - ok
21:46:30.0396 5512 MSSQL$SQLEXPRESS - ok
21:46:30.0402 5512 MSSQL$TRACKIT - ok
21:46:30.0438 5512 MSSQL$TRACKIT_1 - ok
21:46:30.0445 5512 MSSQL$TRACKIT_2 - ok
21:46:30.0515 5512 MSSQL$TRACKIT_3 - ok
21:46:30.0555 5512 MSSQLFDLauncher$SQL2008 (6286605fe7c87ddc628e3ce41a15ffa6) c:\Program Files\Microsoft SQL Server\MSSQL10.SQL2008\MSSQL\Binn\fdlauncher.exe
21:46:30.0557 5512 MSSQLFDLauncher$SQL2008 - ok
21:46:30.0631 5512 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:46:30.0634 5512 MSSQLServerADHelper - ok
21:46:30.0737 5512 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
21:46:30.0739 5512 MSSQLServerADHelper100 - ok
21:46:30.0764 5512 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:46:30.0765 5512 MSTEE - ok
21:46:31.0193 5512 msvsmon90 (cb4a082af58d1a0969f931816d5cfb05) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
21:46:31.0266 5512 msvsmon90 - ok
21:46:31.0463 5512 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:46:31.0465 5512 MTConfig - ok
21:46:31.0495 5512 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:46:31.0497 5512 Mup - ok
21:46:31.0572 5512 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
21:46:31.0587 5512 napagent - ok
21:46:31.0631 5512 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:46:31.0646 5512 NativeWifiP - ok
21:46:31.0758 5512 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:46:31.0772 5512 NDIS - ok
21:46:31.0805 5512 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:46:31.0807 5512 NdisCap - ok
21:46:31.0837 5512 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:46:31.0838 5512 NdisTapi - ok
21:46:31.0872 5512 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:46:31.0874 5512 Ndisuio - ok
21:46:31.0901 5512 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:46:31.0911 5512 NdisWan - ok
21:46:31.0926 5512 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:46:31.0928 5512 NDProxy - ok
21:46:31.0972 5512 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
21:46:31.0973 5512 Netaapl - ok
21:46:32.0000 5512 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:46:32.0002 5512 NetBIOS - ok
21:46:32.0035 5512 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:46:32.0046 5512 NetBT - ok
21:46:32.0092 5512 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:46:32.0094 5512 Netlogon - ok
21:46:32.0171 5512 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:46:32.0185 5512 Netman - ok
21:46:32.0360 5512 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:46:32.0412 5512 NetMsmqActivator - ok
21:46:32.0418 5512 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:46:32.0420 5512 NetPipeActivator - ok
21:46:32.0476 5512 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:46:32.0497 5512 netprofm - ok
21:46:32.0504 5512 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:46:32.0507 5512 NetTcpActivator - ok
21:46:32.0513 5512 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:46:32.0515 5512 NetTcpPortSharing - ok
21:46:33.0017 5512 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
21:46:33.0101 5512 netw5v64 - ok
21:46:33.0274 5512 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:46:33.0276 5512 nfrd960 - ok
21:46:33.0323 5512 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
21:46:33.0332 5512 NlaSvc - ok
21:46:33.0386 5512 NPF (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\drivers\npf.sys
21:46:33.0388 5512 NPF - ok
21:46:33.0403 5512 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:46:33.0405 5512 Npfs - ok
21:46:33.0420 5512 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:46:33.0423 5512 nsi - ok
21:46:33.0438 5512 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:46:33.0439 5512 nsiproxy - ok
21:46:33.0609 5512 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:46:33.0639 5512 Ntfs - ok
21:46:33.0707 5512 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:46:33.0708 5512 Null - ok
21:46:33.0761 5512 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
21:46:33.0769 5512 nvraid - ok
21:46:33.0820 5512 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
21:46:33.0828 5512 nvstor - ok
21:46:33.0858 5512 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:46:33.0861 5512 nv_agp - ok
21:46:33.0911 5512 OA008Ufd (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA008Ufd.sys
21:46:33.0919 5512 OA008Ufd - ok
21:46:33.0989 5512 OA008Vid (126885007e8f601861165fc77c93f1be) C:\Windows\system32\DRIVERS\OA008Vid.sys
21:46:34.0004 5512 OA008Vid - ok
21:46:34.0162 5512 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:46:34.0178 5512 odserv - ok
21:46:34.0197 5512 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:46:34.0199 5512 ohci1394 - ok
21:46:34.0248 5512 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:46:34.0256 5512 ose - ok
21:46:34.0762 5512 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:46:34.0836 5512 osppsvc - ok
21:46:35.0036 5512 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:46:35.0054 5512 p2pimsvc - ok
21:46:35.0131 5512 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:46:35.0146 5512 p2psvc - ok
21:46:35.0217 5512 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:46:35.0220 5512 Parport - ok
21:46:35.0246 5512 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:46:35.0248 5512 partmgr - ok
21:46:35.0278 5512 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:46:35.0292 5512 PcaSvc - ok
21:46:35.0319 5512 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:46:35.0322 5512 pci - ok
21:46:35.0348 5512 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:46:35.0350 5512 pciide - ok
21:46:35.0380 5512 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:46:35.0395 5512 pcmcia - ok
21:46:35.0424 5512 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:46:35.0426 5512 pcw - ok
21:46:35.0488 5512 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:46:35.0499 5512 PEAUTH - ok
21:46:35.0638 5512 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
21:46:35.0667 5512 PeerDistSvc - ok
21:46:35.0795 5512 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:46:35.0799 5512 PerfHost - ok
21:46:35.0976 5512 PID_0928 (dd797b8b2b295afbdcd9f35cf62b5dcc) C:\Windows\system32\DRIVERS\LV561V64.SYS
21:46:35.0998 5512 PID_0928 - ok
21:46:36.0130 5512 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
21:46:36.0161 5512 pla - ok
21:46:36.0245 5512 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
21:46:36.0256 5512 PlugPlay - ok
21:46:36.0270 5512 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:46:36.0274 5512 PNRPAutoReg - ok
21:46:36.0345 5512 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:46:36.0350 5512 PNRPsvc - ok
21:46:36.0423 5512 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
21:46:36.0454 5512 PolicyAgent - ok
21:46:36.0549 5512 PORTMON - ok
21:46:36.0628 5512 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:46:36.0634 5512 Power - ok
21:46:36.0756 5512 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:46:36.0759 5512 PptpMiniport - ok
21:46:36.0810 5512 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:46:36.0813 5512 Processor - ok
21:46:36.0849 5512 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
21:46:36.0888 5512 ProfSvc - ok
21:46:36.0943 5512 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:46:36.0946 5512 ProtectedStorage - ok
21:46:37.0006 5512 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:46:37.0008 5512 Psched - ok
21:46:37.0062 5512 PsxDrv (fda6efb7014e8c4524cb6b5b885e8a95) C:\Windows\system32\drivers\psxdrv.sys
21:46:37.0063 5512 PsxDrv - ok
21:46:37.0115 5512 PxHlpa64 (901dba98359966a62a6548596988e931) C:\Windows\system32\Drivers\PxHlpa64.sys
21:46:37.0117 5512 PxHlpa64 - ok
21:46:37.0263 5512 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:46:37.0316 5512 ql2300 - ok
21:46:37.0449 5512 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:46:37.0452 5512 ql40xx - ok
21:46:37.0486 5512 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:46:37.0502 5512 QWAVE - ok
21:46:37.0515 5512 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:46:37.0516 5512 QWAVEdrv - ok
21:46:37.0540 5512 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:46:37.0541 5512 RasAcd - ok
21:46:37.0602 5512 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:46:37.0604 5512 RasAgileVpn - ok
21:46:37.0627 5512 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:46:37.0639 5512 RasAuto - ok
21:46:37.0656 5512 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:46:37.0659 5512 Rasl2tp - ok
21:46:37.0701 5512 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
21:46:37.0717 5512 RasMan - ok
21:46:37.0748 5512 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:46:37.0790 5512 RasPppoe - ok
21:46:37.0850 5512 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:46:37.0852 5512 RasSstp - ok
21:46:37.0891 5512 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:46:37.0899 5512 rdbss - ok
21:46:37.0909 5512 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:46:37.0910 5512 rdpbus - ok
21:46:37.0922 5512 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:46:37.0924 5512 RDPCDD - ok
21:46:37.0979 5512 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
21:46:37.0994 5512 RDPDR - ok
21:46:38.0032 5512 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:46:38.0032 5512 RDPENCDD - ok
21:46:38.0053 5512 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:46:38.0056 5512 RDPREFMP - ok
21:46:38.0085 5512 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
21:46:38.0095 5512 RDPWD - ok
21:46:38.0127 5512 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:46:38.0136 5512 rdyboost - ok
21:46:38.0197 5512 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:46:38.0211 5512 RemoteAccess - ok
21:46:38.0237 5512 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:46:38.0248 5512 RemoteRegistry - ok
21:46:38.0599 5512 ReportServer$SQL2008 (7af4ac869410aafe24eb9637932b6a17) c:\Program Files\Microsoft SQL Server\MSRS10.SQL2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe
21:46:38.0639 5512 ReportServer$SQL2008 - ok
21:46:38.0853 5512 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
21:46:38.0856 5512 rimmptsk - ok
21:46:38.0898 5512 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
21:46:38.0900 5512 rimsptsk - ok
21:46:38.0941 5512 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
21:46:38.0943 5512 rismxdp - ok
21:46:39.0056 5512 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files (x86)\WinPcap\rpcapd.exe
21:46:39.0066 5512 rpcapd - ok
21:46:39.0106 5512 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:46:39.0111 5512 RpcEptMapper - ok
21:46:39.0149 5512 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:46:39.0152 5512 RpcLocator - ok
21:46:39.0199 5512 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:46:39.0208 5512 RpcSs - ok
21:46:39.0279 5512 RsFx0105 (c9fe05a63c500abe3afa5786504c4d36) C:\Windows\system32\DRIVERS\RsFx0105.sys
21:46:39.0290 5512 RsFx0105 - ok
21:46:39.0352 5512 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:46:39.0355 5512 rspndr - ok
21:46:39.0391 5512 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
21:46:39.0393 5512 s3cap - ok
21:46:39.0414 5512 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:46:39.0417 5512 SamSs - ok
21:46:39.0444 5512 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:46:39.0447 5512 sbp2port - ok
21:46:39.0483 5512 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:46:39.0500 5512 SCardSvr - ok
21:46:39.0519 5512 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:46:39.0522 5512 scfilter - ok
21:46:39.0649 5512 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
21:46:39.0680 5512 Schedule - ok
21:46:39.0810 5512 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:46:39.0812 5512 SCPolicySvc - ok
21:46:39.0871 5512 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
21:46:39.0882 5512 sdbus - ok
21:46:39.0911 5512 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
21:46:39.0928 5512 SDRSVC - ok
21:46:40.0077 5512 SeaPort (271077b91d7ad1b616f8afdfe8e3f981) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:46:40.0087 5512 SeaPort - ok
21:46:40.0117 5512 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:46:40.0119 5512 secdrv - ok
21:46:40.0132 5512 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
21:46:40.0136 5512 seclogon - ok
21:46:40.0155 5512 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:46:40.0159 5512 SENS - ok
21:46:40.0172 5512 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:46:40.0176 5512 SensrSvc - ok
21:46:40.0200 5512 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:46:40.0202 5512 Serenum - ok
21:46:40.0229 5512 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:46:40.0241 5512 Serial - ok
21:46:40.0281 5512 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:46:40.0283 5512 sermouse - ok
21:46:40.0350 5512 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
21:46:40.0361 5512 SessionEnv - ok
21:46:40.0470 5512 sesvc (4c99e251d89c95dcaaa26f9243747c99) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
21:46:40.0470 5512 sesvc - ok
21:46:40.0509 5512 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:46:40.0510 5512 sffdisk - ok
21:46:40.0559 5512 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:46:40.0561 5512 sffp_mmc - ok
21:46:40.0602 5512 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:46:40.0603 5512 sffp_sd - ok
21:46:40.0632 5512 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:46:40.0634 5512 sfloppy - ok
21:46:40.0729 5512 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:46:40.0758 5512 SharedAccess - ok
21:46:40.0827 5512 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
21:46:40.0840 5512 ShellHWDetection - ok
21:46:40.0879 5512 simptcp (e9e830d540ededed650f906628468548) C:\Windows\System32\tcpsvcs.exe
21:46:40.0883 5512 simptcp - ok
21:46:40.0917 5512 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:46:40.0919 5512 SiSRaid2 - ok
21:46:40.0944 5512 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:46:40.0947 5512 SiSRaid4 - ok
21:46:41.0028 5512 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:46:41.0031 5512 SkypeUpdate - ok
21:46:41.0063 5512 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:46:41.0065 5512 Smb - ok
21:46:41.0132 5512 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:46:41.0137 5512 SNMPTRAP - ok
21:46:41.0154 5512 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:46:41.0156 5512 spldr - ok
21:46:41.0238 5512 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
21:46:41.0290 5512 Spooler - ok
21:46:41.0556 5512 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
21:46:41.0623 5512 sppsvc - ok
21:46:41.0745 5512 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:46:41.0750 5512 sppuinotify - ok
21:46:41.0883 5512 sptd (a6cff1af7664627a296b6a0a96cf876e) C:\Windows\System32\Drivers\sptd.sys
21:46:41.0884 5512 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: a6cff1af7664627a296b6a0a96cf876e
21:46:41.0894 5512 sptd ( LockedFile.Multi.Generic ) - warning
21:46:41.0895 5512 sptd - detected LockedFile.Multi.Generic (1)
21:46:42.0065 5512 SQLAgent$SQL2008 (45e65fb17a4cd5facbd3ca16c8334c82) c:\Program Files\Microsoft SQL Server\MSSQL10.SQL2008\MSSQL\Binn\SQLAGENT.EXE
21:46:42.0083 5512 SQLAgent$SQL2008 - ok
21:46:42.0244 5512 SQLBrowser (10d936dced9eacd1a1b3fcdda6d7a4eb) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:46:42.0256 5512 SQLBrowser - ok
21:46:42.0321 5512 SQLWriter (f92e5f93be572b512da3c016b675ede0) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:46:42.0337 5512 SQLWriter - ok
21:46:42.0442 5512 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:46:42.0460 5512 srv - ok
21:46:42.0497 5512 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:46:42.0517 5512 srv2 - ok
21:46:42.0568 5512 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:46:42.0579 5512 srvnet - ok
21:46:42.0612 5512 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:46:42.0622 5512 SSDPSRV - ok
21:46:42.0643 5512 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:46:42.0648 5512 SstpSvc - ok
21:46:42.0778 5512 STacSV (da7702025dfd169b909c4da3126762cc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
21:46:42.0791 5512 STacSV - ok
21:46:42.0893 5512 Steam Client Service - ok
21:46:42.0921 5512 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:46:42.0923 5512 stexstor - ok
21:46:43.0000 5512 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys
21:46:43.0016 5512 STHDA - ok
21:46:43.0090 5512 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
21:46:43.0110 5512 stisvc - ok
21:46:43.0176 5512 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
21:46:43.0179 5512 stllssvr - ok
21:46:43.0219 5512 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
21:46:43.0221 5512 storflt - ok
21:46:43.0260 5512 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
21:46:43.0262 5512 storvsc - ok
21:46:43.0290 5512 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:46:43.0291 5512 swenum - ok
21:46:43.0337 5512 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:46:43.0355 5512 swprv - ok
21:46:43.0432 5512 SynTP (639b57dc871be4b86283027faf1f4e30) C:\Windows\system32\DRIVERS\SynTP.sys
21:46:43.0441 5512 SynTP - ok
21:46:43.0595 5512 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
21:46:43.0632 5512 SysMain - ok
21:46:43.0771 5512 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
21:46:43.0784 5512 TabletInputService - ok
21:46:43.0826 5512 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
21:46:43.0843 5512 TapiSrv - ok
21:46:43.0887 5512 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:46:43.0893 5512 TBS - ok
21:46:44.0100 5512 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
21:46:44.0139 5512 Tcpip - ok
21:46:44.0281 5512 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
21:46:44.0301 5512 TCPIP6 - ok
21:46:44.0413 5512 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:46:44.0415 5512 tcpipreg - ok
21:46:44.0460 5512 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:46:44.0462 5512 TDPIPE - ok
21:46:44.0479 5512 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:46:44.0480 5512 TDTCP - ok
21:46:44.0494 5512 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:46:44.0497 5512 tdx - ok
21:46:44.0664 5512 TeamViewer4 (392e619012f752d071910917e9307cc9) C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
21:46:44.0670 5512 TeamViewer4 - ok
21:46:44.0747 5512 TeamViewer5 (d827a50cec8a16180eec4f1951b7a842) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
21:46:44.0756 5512 TeamViewer5 - ok
21:46:45.0058 5512 TeamViewer6 (8a9828975a857e477efef5a61ba45ac0) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
21:46:45.0087 5512 TeamViewer6 - ok
21:46:45.0144 5512 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:46:45.0147 5512 TermDD - ok
21:46:45.0243 5512 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
21:46:45.0261 5512 TermService - ok
21:46:45.0311 5512 Themes (9201be2bab8a9ff8e20d8439ae3bb04d) C:\Windows\system32\themeservice.dll
21:46:45.0315 5512 Themes - ok
21:46:45.0378 5512 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:46:45.0382 5512 THREADORDER - ok
21:46:45.0443 5512 TlntSvr (519cb7d7f697f4ba47de05845c20f158) C:\Windows\System32\tlntsvr.exe
21:46:45.0456 5512 TlntSvr - ok
21:46:45.0479 5512 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:46:45.0493 5512 TrkWks - ok
21:46:45.0593 5512 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
21:46:45.0599 5512 TrustedInstaller - ok
21:46:45.0624 5512 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:46:45.0626 5512 tssecsrv - ok
21:46:45.0665 5512 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:46:45.0668 5512 tunnel - ok
21:46:45.0692 5512 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:46:45.0695 5512 uagp35 - ok
21:46:45.0739 5512 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:46:45.0745 5512 udfs - ok
21:46:45.0773 5512 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:46:45.0777 5512 UI0Detect - ok
21:46:45.0808 5512 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:46:45.0810 5512 uliagpkx - ok
21:46:45.0846 5512 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:46:45.0848 5512 umbus - ok
21:46:45.0873 5512 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:46:45.0876 5512 UmPass - ok
21:46:45.0929 5512 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
21:46:45.0942 5512 UmRdpService - ok
21:46:45.0978 5512 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:46:45.0996 5512 upnphost - ok
21:46:46.0069 5512 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:46:46.0072 5512 USBAAPL64 - ok
21:46:46.0103 5512 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
21:46:46.0114 5512 usbccgp - ok
21:46:46.0151 5512 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:46:46.0153 5512 usbcir - ok
21:46:46.0191 5512 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
21:46:46.0193 5512 usbehci - ok
21:46:46.0230 5512 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
21:46:46.0238 5512 usbhub - ok
21:46:46.0265 5512 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
21:46:46.0266 5512 usbohci - ok
21:46:46.0305 5512 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:46:46.0309 5512 usbprint - ok
21:46:46.0361 5512 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:46:46.0363 5512 usbscan - ok
21:46:46.0413 5512 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:46:46.0415 5512 USBSTOR - ok
21:46:46.0450 5512 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:46:46.0452 5512 usbuhci - ok
21:46:46.0470 5512 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:46:46.0475 5512 UxSms - ok
21:46:46.0519 5512 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:46:46.0522 5512 VaultSvc - ok
21:46:46.0597 5512 VBoxDrv (c30f3d43ceb6f79ade9b805387e5f63c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
21:46:46.0605 5512 VBoxDrv - ok
21:46:46.0651 5512 VBoxNetAdp (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
21:46:46.0659 5512 VBoxNetAdp - ok
21:46:46.0690 5512 VBoxNetFlt (7b657669c53a0e6583f07ebaa303d9ea) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
21:46:46.0699 5512 VBoxNetFlt - ok
21:46:46.0744 5512 VBoxUSB (5bc401f4a0271402fbe4bfba3e38e2d6) C:\Windows\system32\Drivers\VBoxUSB.sys
21:46:46.0746 5512 VBoxUSB - ok
21:46:46.0826 5512 VBoxUSBMon (cf3ee68cd9723e9f21e3198a0f690400) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
21:46:46.0836 5512 VBoxUSBMon - ok
21:46:46.0882 5512 VClone (c5e70c4e64666db9d69c9f2fdae22428) C:\Windows\system32\DRIVERS\VClone.sys
21:46:46.0884 5512 VClone - ok
21:46:46.0911 5512 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:46:46.0913 5512 vdrvroot - ok
21:46:47.0016 5512 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
21:46:47.0032 5512 vds - ok
21:46:47.0096 5512 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:46:47.0098 5512 vga - ok
21:46:47.0120 5512 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:46:47.0122 5512 VgaSave - ok
21:46:47.0155 5512 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:46:47.0166 5512 vhdmp - ok
21:46:47.0184 5512 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:46:47.0186 5512 viaide - ok
21:46:47.0270 5512 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
21:46:47.0271 5512 Viewpoint Manager Service - ok
21:46:47.0424 5512 VMAuthdService (0fc29adb3f634ed3e535a76395b470b5) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
21:46:47.0427 5512 VMAuthdService - ok
21:46:47.0478 5512 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
21:46:47.0491 5512 vmbus - ok
21:46:47.0516 5512 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
21:46:47.0518 5512 VMBusHID - ok
21:46:47.0590 5512 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys
21:46:47.0593 5512 vmci - ok
21:46:47.0655 5512 vmm (091e009ef749c9d65cf9adfad316d251) C:\Windows\system32\Drivers\vmm.sys
21:46:47.0660 5512 vmm - ok
21:46:47.0711 5512 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\Windows\system32\DRIVERS\vmnetadapter.sys
21:46:47.0713 5512 VMnetAdapter - ok
21:46:47.0766 5512 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\Windows\system32\DRIVERS\vmnetbridge.sys
21:46:47.0768 5512 VMnetBridge - ok
21:46:47.0776 5512 VMnetDHCP - ok
21:46:47.0806 5512 VMnetuserif (227982e986c02b710630d7fc570caa77) C:\Windows\system32\drivers\vmnetuserif.sys
21:46:47.0808 5512 VMnetuserif - ok
21:46:47.0857 5512 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys
21:46:47.0859 5512 vmusb - ok
21:46:48.0008 5512 VMUSBArbService (b5bb4513c3206d1d4f8a0f276ae424fa) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
21:46:48.0023 5512 VMUSBArbService - ok
21:46:48.0036 5512 VMware NAT Service - ok
21:46:48.0902 5512 VMwareHostd (0b82c21c79bc67ecf416f1e1655e5f65) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
21:46:49.0140 5512 VMwareHostd - ok
21:46:49.0388 5512 vmx86 (86aa5eae57e2eaef3b6f5c16b27e0ec4) C:\Windows\system32\drivers\vmx86.sys
21:46:49.0390 5512 vmx86 - ok
21:46:49.0440 5512 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:46:49.0442 5512 volmgr - ok
21:46:49.0485 5512 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:46:49.0491 5512 volmgrx - ok
21:46:49.0528 5512 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:46:49.0538 5512 volsnap - ok
21:46:49.0596 5512 VPCNetS2 (bc2ea40b98b5e866d9a4f98afb66b682) C:\Windows\system32\DRIVERS\VMNetSrv.sys
21:46:49.0598 5512 VPCNetS2 - ok
21:46:49.0637 5512 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:46:49.0645 5512 vsmraid - ok
21:46:49.0841 5512 VSPerfDrv100 (ca64a8838b4674d14bdf88aba2f253ea) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
21:46:49.0846 5512 VSPerfDrv100 - ok
21:46:50.0168 5512 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
21:46:50.0202 5512 VSS - ok
21:46:50.0260 5512 vstor2 - ok
21:46:50.0415 5512 vstor2-mntapi10-shared (6107e33a30c0b923f31c872e1980d2d1) C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys
21:46:50.0418 5512 vstor2-mntapi10-shared - ok
21:46:50.0540 5512 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:46:50.0542 5512 vwifibus - ok
21:46:50.0584 5512 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:46:50.0603 5512 W32Time - ok
21:46:50.0734 5512 W3SVC (06d2b9bc146bb0f45f45ff7a296d50c4) C:\Windows\system32\inetsrv\iisw3adm.dll
21:46:50.0750 5512 W3SVC - ok
21:46:50.0778 5512 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:46:50.0780 5512 WacomPen - ok
21:46:50.0819 5512 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:46:50.0822 5512 WANARP - ok
21:46:50.0834 5512 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:46:50.0836 5512 Wanarpv6 - ok
21:46:50.0874 5512 WAS (06d2b9bc146bb0f45f45ff7a296d50c4) C:\Windows\system32\inetsrv\iisw3adm.dll
21:46:50.0878 5512 WAS - ok
21:46:51.0005 5512 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
21:46:51.0041 5512 wbengine - ok
21:46:51.0173 5512 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:46:51.0187 5512 WbioSrvc - ok
21:46:51.0259 5512 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
21:46:51.0273 5512 wcncsvc - ok
21:46:51.0297 5512 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:46:51.0301 5512 WcsPlugInService - ok
21:46:51.0368 5512 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:46:51.0370 5512 Wd - ok
21:46:51.0448 5512 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:46:51.0462 5512 Wdf01000 - ok
21:46:51.0484 5512 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:46:51.0496 5512 WdiServiceHost - ok
21:46:51.0502 5512 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:46:51.0506 5512 WdiSystemHost - ok
21:46:51.0570 5512 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
21:46:51.0581 5512 WebClient - ok
21:46:51.0610 5512 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:46:51.0623 5512 Wecsvc - ok
21:46:51.0647 5512 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:46:51.0659 5512 wercplsupport - ok
21:46:51.0688 5512 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:46:51.0694 5512 WerSvc - ok
21:46:51.0725 5512 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:46:51.0726 5512 WfpLwf - ok
21:46:51.0753 5512 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:46:51.0755 5512 WIMMount - ok
21:46:51.0830 5512 WinDefend - ok
21:46:51.0845 5512 WinHttpAutoProxySvc - ok
21:46:51.0948 5512 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:46:51.0960 5512 Winmgmt - ok
21:46:52.0160 5512 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
21:46:52.0198 5512 WinRM - ok
21:46:52.0409 5512 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
21:46:52.0411 5512 WinUsb - ok
21:46:52.0530 5512 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:46:52.0550 5512 Wlansvc - ok
21:46:52.0876 5512 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:46:52.0922 5512 wlidsvc - ok
21:46:53.0032 5512 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:46:53.0034 5512 WmiAcpi - ok
21:46:53.0138 5512 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:46:53.0152 5512 wmiApSrv - ok
21:46:53.0228 5512 WMPNetworkSvc - ok
21:46:53.0280 5512 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:46:53.0284 5512 WPCSvc - ok
21:46:53.0308 5512 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
21:46:53.0318 5512 WPDBusEnum - ok
21:46:53.0398 5512 WPFFontCache_v0400 - ok
21:46:53.0419 5512 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:46:53.0421 5512 ws2ifsl - ok
21:46:53.0485 5512 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
21:46:53.0496 5512 wscsvc - ok
21:46:53.0509 5512 WSearch - ok
21:46:53.0720 5512 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
21:46:53.0764 5512 wuauserv - ok
21:46:53.0945 5512 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:46:53.0948 5512 WudfPf - ok
21:46:53.0998 5512 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:46:54.0005 5512 WUDFRd - ok
21:46:54.0060 5512 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
21:46:54.0073 5512 wudfsvc - ok
21:46:54.0105 5512 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:46:54.0118 5512 WwanSvc - ok
21:46:54.0299 5512 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
21:46:54.0316 5512 YahooAUService - ok
21:46:54.0438 5512 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:46:54.0617 5512 \Device\Harddisk0\DR0 - ok
21:46:54.0630 5512 Boot (0x1200) (5a1510fe0984e86a71226b889ba69864) \Device\Harddisk0\DR0\Partition0
21:46:54.0632 5512 \Device\Harddisk0\DR0\Partition0 - ok
21:46:54.0637 5512 Boot (0x1200) (b5cdd4ea8944063875b52f7888ceef90) \Device\Harddisk0\DR0\Partition1
21:46:54.0639 5512 \Device\Harddisk0\DR0\Partition1 - ok
21:46:54.0641 5512 ============================================================
21:46:54.0641 5512 Scan finished
21:46:54.0641 5512 ============================================================
21:46:54.0663 2268 Detected object count: 1
21:46:54.0663 2268 Actual detected object count: 1
21:47:05.0912 2268 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:47:05.0912 2268 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

aswMBR crashes while scanning.
Here's a manual transcription of the last few lines in its window at the moment of crashing.
22:15:40.494 AVAST engine scan C:\Windows
22:15:46.718 AVAST engine scan C:\Windows\system32
22:16:25.921 File: C\Windows\system32\findup1664.dll **INFECTED** win32:Trojan-gen
22:55:03.919 File: C:\Windows\assembly\GAC_32\desktop.ini **INFECTED** win32:Sirefef-PL [Rtk]
??:??:??.??? File: C:\Windows\assembly\GAC_64\desktop.ini **INFECTED** win32:Sirefef-PL [Rtk]


I reproduced the last line from memory (hence the lack of a timestamp) because I got a BSoD (err: CRITICAL_STRUCTURE_CORRUPTION) as I was copying it. Here is the report from Windows; pardon the French.
Signature du problème :
Nom d’événement de problème: BlueScreen
Version du système: 6.1.7600.2.0.0.256.1
Identificateur de paramètres régionaux: 3084

Informations supplémentaires sur le problème :
BCCode: 109
BCP1: A3A039D89C3AF5D9
BCP2: B3B7465EEEB93047
BCP3: FFFFF80000B95080
BCP4: 0000000000000002
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1

Fichiers aidant à décrire le problème :
C:\Windows\Minidump\070312-29967-01.dmp
C:\Users\Carl Tessier\AppData\Local\Temp\WER-58687-0.sysdata.xml

Lire notre déclaration de confidentialité en ligne :
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x040c

Si la déclaration de confidentialité en ligne n’est pas disponible, lisez la version hors connexion :
C:\Windows\system32\fr-FR\erofflps.txt

I salvaged aswMBR's crash report from Windows' event log:
Nom de l’application défaillante aswMBR(1).exe, version : 0.9.9.1665, horodatage : 0x4f5f9c86
Nom du module défaillant : ntdll.dll, version : 6.1.7600.16695, horodatage : 0x4cc7ab86
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0002e3be
ID du processus défaillant : 0x1fbc
Heure de début de l’application défaillante : 0x01cd598709910e9b
Chemin d’accès de l’application défaillante : C:\Users\Carl Tessier\Downloads\aswMBR(1).exe
Chemin d’accès du module défaillant: C:\Windows\SysWOW64\ntdll.dll
ID de rapport : 75326091-c57b-11e1-8831-005056c00008

Regards,
Carl.

Edited by Dr Frankenstein, 03 July 2012 - 09:35 PM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 AM

Posted 03 July 2012 - 09:46 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Dr Frankenstein

Dr Frankenstein
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 04 July 2012 - 07:28 PM

Here's FRST's log.

Scan result of Farbar Recovery Scan Tool Version: 04-07-2012 01
Ran by SYSTEM at 04-07-2012 20:11:08
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1822504 2009-08-24] (Synaptics Incorporated)
HKLM\...\Run: [DLCCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLCCtime.dll,RunDLLEntry [28672 2006-02-24] ()
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-21] (IDT, Inc.)
HKLM\...\Run: [Daemon for Mouse Suite] C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE [x]
HKLM\...\Run: [adsdl] rundll32.exe "C:\Users\CARLTE~1\AppData\Local\Temp\adsdl.dll",SteamAPI_RestartAppIfNecessary [x]
HKLM\...\Run: [aprob] rundll32.exe "C:\Users\CARLTE~1\AppData\Local\Temp\aprob.dll",UVAtlasPack [x]
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2 [442536 2008-11-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [googletalk] "C:\Program Files (x86)\Google\Google Talk\googletalk.exe" /autostart [3739648 2007-01-01] (Google)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128296 2008-07-29] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-05-26] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [37232 2008-06-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Client Access Service] C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe [14848 2007-12-11] (IBM Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [801792 2012-02-27] (Yuna Software)
HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [103536 2011-08-22] (VMware, Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-11-12] (Apple Inc.)
HKLM-x32\...\Run: [LogitechCommunicationsManager] "C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [488984 2007-03-06] (Labtec Inc,)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] "C:\Program Files (x86)\Labtec\WebCam10\WebCam10.exe" /hide [1060376 2007-03-06] ()
HKLM-x32\...\Run: [MessengerPlusForSkypeService] "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [119296 2012-03-21] (Yuna Software)
HKU\Carl Tessier\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet [6591800 2012-02-22] (Yahoo! Inc.)
HKU\Carl Tessier\...\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US [4331392 2012-05-30] (AOL Inc.)
HKU\Carl Tessier\...\Run: [FeedDemon] "C:\Program Files (x86)\FeedDemon\FeedDemon.exe" /startminimized [7503360 2010-12-16] (NewsGator Technologies, Inc.)
HKU\Carl Tessier\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2011-09-18] (Valve Corporation)
HKU\Carl Tessier\...\Run: [Facebook Update] "C:\Users\Carl Tessier\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2012-04-11] (Facebook Inc.)
HKU\Carl Tessier\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.)
HKU\Carl Tessier\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{47738D2D-5792-416D-84E8-D96A2C801C31}: [NameServer]8.8.8.8,8.8.4.4
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
ShortcutTarget: HotSync Manager.lnk -> C:\Program Files (x86)\palmOne\Hotsync.exe (PalmSource, Inc)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Zend Controller.lnk
ShortcutTarget: Zend Controller.lnk -> C:\Program Files (x86)\Zend\ZendServer\bin\zendcontroller.exe ()
Startup: C:\Users\Carl Tessier\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Carl Tessier\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> (No File)
Startup: C:\Users\Carl Tessier\Start Menu\Programs\Startup\OneNote 2010 - Capture d’écran et lancement.lnk
ShortcutTarget: OneNote 2010 - Capture d’écran et lancement.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Classic .NET AppPool\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\TrackitWeb\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 AppHostSvc; C:\Windows\SysWow64\inetsrv\apphostsvc.dll [61440 2009-07-13] (Microsoft Corporation)
2 AsnaAssist; "C:\Program Files (x86)\ASNA\ASNA Services\AsnaSvcHost.exe" [114688 2008-12-10] (ASNA)
2 AsnaRegistrar; "C:\Program Files (x86)\ASNA\ASNA Services\AsnaSvcHost.exe" [114688 2008-12-10] (ASNA)
3 Cwbrxd; C:\Windows\cwbrxd.exe [94208 2007-12-11] (IBM Corporation)
2 DataGate Server; "C:\Program Files (x86)\ASNA\DataGate Server\8.1\dgServer.exe" [2080768 2008-12-04] (ASNA, Inc.)
2 DB2MGMTSVC_DB2COPY1; "C:\Program Files (x86)\IBM\SQLLIB\BIN\db2mgmtsvc.exe" [38688 2009-04-03] (International Business Machines Corporation)
2 gupdate1c9ee03c2a0f134; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [133104 2009-06-15] (Google Inc.)
2 InterBaseGuardian; C:\Program Files (x86)\Borland\InterBase\bin\ibguard.exe [32768 2001-11-28] (Borland Software Corporation)
3 InterBaseServer; C:\Program Files (x86)\Borland\InterBase\bin\ibserver.exe [1769472 2001-11-28] (Borland Software Corporation)
2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [173344 2007-03-06] (Labtec Inc.)
2 MsgPlusService; "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [119296 2012-03-21] (Yuna Software)
2 MSSQL$SQL2008; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQL2008\MSSQL\Binn\sqlservr.exe" -sSQL2008 [58345832 2011-09-22] (Microsoft Corporation)
2 MSSQL$SQLEXPRESS; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [29293408 2010-12-10] (Microsoft Corporation)
2 MSSQL$TRACKIT_3; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.5\MSSQL\Binn\sqlservr.exe" -sTRACKIT_3 [29293408 2010-12-10] (Microsoft Corporation)
4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [4737024 2008-07-29] (Microsoft Corporation)
4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
2 ReportServer$SQL2008; "C:\Program Files\Microsoft SQL Server\MSRS10.SQL2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe" [2084712 2011-09-22] (Microsoft Corporation)
2 sesvc; "C:\Program Files (x86)\ShadowExplorer\sesvc.exe" [9216 2011-01-02] (www.shadowexplorer.com)
2 simptcp; C:\Windows\SysWow64\tcpsvcs.exe [9216 2009-07-13] (Microsoft Corporation)
4 SQLAgent$SQL2008; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQL2008\MSSQL\Binn\SQLAGENT.EXE" -i SQL2008 [431464 2011-09-22] (Microsoft Corporation)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-21] (IDT, Inc.)
2 TeamViewer4; "C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe" -service [185640 2009-10-07] (TeamViewer GmbH)
2 TeamViewer5; "C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe" -service [172328 2010-02-11] (TeamViewer GmbH)
4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
2 Viewpoint Manager Service; "C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe" [24652 2007-01-04] (Viewpoint Corporation)
2 VMwareHostd; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe" -u "C:\ProgramData\VMware\hostd\config.xml" [31995 2011-09-18] ()
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [451072 2009-07-13] (Microsoft Corporation)
2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [396288 2009-07-13] (Microsoft Corporation)
3 WAS; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [396288 2009-07-13] (Microsoft Corporation)
2 MSSQL$TRACKIT; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sTRACKIT [x]
2 MSSQL$TRACKIT_1; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe" -sTRACKIT_1 [x]
2 MSSQL$TRACKIT_2; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe" -sTRACKIT_2 [x]
3 MSSQLFDLauncher$SQL2008; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQL2008\MSSQL\Binn\fdlauncher.exe" -s MSSQL10.SQL2008 [x]
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]
3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30128\WPF\WPFFontCache_v0400.exe [x]

========================== Drivers (Whitelisted) =============

1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [87600 2009-09-08] (Citrix Systems, Inc.)
3 LVcKap64; C:\Windows\System32\Drivers\LVcKap64.sys [1029024 2007-03-06] (Labtec Inc.)
3 LVMVDrv; C:\Windows\System32\Drivers\LVMVDrv.sys [2496928 2007-03-06] (Labtec Inc.)
3 LVUSBS64; C:\Windows\System32\Drivers\LVUSBS64.sys [58400 2007-03-06] (Labtec Inc.)
3 msloop; C:\Windows\System32\DRIVERS\loop.sys [7680 2009-07-13] (Microsoft Corporation)
3 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2009-10-20] (CACE Technologies, Inc.)
3 OA008Ufd; C:\Windows\System32\Drivers\OA008Ufd.sys [159840 2009-03-06] (Creative Technology Ltd.)
3 OA008Vid; C:\Windows\System32\Drivers\OA008Vid.sys [313696 2009-05-06] (Creative Technology Ltd.)
3 PID_0928; C:\Windows\System32\DRIVERS\LV561V64.SYS [468000 2007-03-06] (Labtec Inc.)
3 PsxDrv; C:\Windows\System32\Drivers\PsxDrv.sys [10240 2009-07-13] (Microsoft Corporation)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2011-10-31] (Duplex Secure Ltd.)
3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [46384 2011-07-15] (Oracle Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 PORTMON; \??\C:\Program Files (x86)\Sysinternals\PORTMSYS.SYS [x]
2 vstor2; \??\C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-03 18:18 - 2012-07-03 18:19 - 00275664 ____A C:\Windows\Minidump\070312-30903-01.dmp
2012-07-03 18:04 - 2012-07-03 18:04 - 00275664 ____A C:\Windows\Minidump\070312-29967-01.dmp
2012-07-03 17:47 - 2012-07-03 17:47 - 04731392 ____A (AVAST Software) C:\Users\Carl Tessier\Downloads\aswMBR(1).exe
2012-07-03 17:45 - 2012-07-03 17:45 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Carl Tessier\Downloads\tdsskiller.exe
2012-07-03 15:30 - 2012-07-03 15:30 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{59C95B7F-9699-4C77-BD49-AB530A414C90}
2012-07-03 15:30 - 2012-07-03 15:30 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{0411BD54-81A1-4926-A85A-19F03056078E}
2012-07-02 08:56 - 2012-07-02 08:56 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{E3345C15-03CE-433B-95F6-BE8D3B219948}
2012-07-02 07:45 - 2012-07-02 07:45 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{939EAEAB-E8B3-4707-9B23-DFABAC8C2597}
2012-07-01 17:00 - 2012-07-01 17:00 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{8559E56B-8B1C-4389-B8A3-849D5C6B3918}
2012-07-01 08:14 - 2012-07-01 08:14 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{4423B712-F809-4490-B7C0-217C88DD205F}
2012-06-30 06:28 - 2012-06-30 06:29 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{627C90A6-E4D6-44CB-AC7F-3C05ED7D4B38}
2012-06-30 06:28 - 2012-06-30 06:28 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{A116BE09-A39F-4296-94F0-04A6CEC55C8C}
2012-06-29 19:55 - 2012-06-29 20:09 - 01112625 ____A C:\Users\Carl Tessier\Desktop\road.skb
2012-06-29 18:24 - 2012-06-29 18:24 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{A1951EC8-72DF-4194-90EB-2721A2448FA5}
2012-06-29 18:24 - 2012-06-29 18:24 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{83EF9FA6-8571-4349-82E4-2010FAEC9D6D}
2012-06-28 20:19 - 2012-06-28 20:19 - 00085243 ____A C:\ComboFix.txt
2012-06-28 20:03 - 2012-07-03 18:21 - 00017228 ____A C:\Windows\SysWOW64\debug.log
2012-06-28 19:28 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-28 19:28 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-28 19:28 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-28 19:28 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-28 19:28 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-28 19:28 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-28 19:28 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-28 19:28 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-28 19:24 - 2012-06-28 19:49 - 00001768 ____A C:\Windows\debug.log
2012-06-28 19:14 - 2012-06-28 19:14 - 00001225 ____A C:\Users\Carl Tessier\Desktop\checkup.txt
2012-06-28 19:13 - 2012-06-28 19:13 - 04566027 ____R (Swearware) C:\Users\Carl Tessier\Downloads\ComboFix.exe
2012-06-28 18:36 - 2012-06-28 18:36 - 00881475 ____A C:\Users\Carl Tessier\Downloads\SecurityCheck.exe
2012-06-27 19:58 - 2012-06-27 19:58 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{06A1B8B0-2A56-4037-9935-4BA95F385F55}
2012-06-27 10:11 - 2012-06-27 10:11 - 00002953 ____A C:\Users\Carl Tessier\Desktop\gmer.log
2012-06-27 07:57 - 2012-06-27 07:57 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{6B9BF996-1F47-47E5-8670-DA94A08D5D6D}
2012-06-26 21:46 - 2012-06-26 21:46 - 00302592 ____A C:\Users\Carl Tessier\Downloads\3ulmpvfr.exe
2012-06-26 21:40 - 2012-06-26 21:40 - 00607260 ____R (Swearware) C:\Users\Carl Tessier\Downloads\dds.scr
2012-06-26 21:17 - 2011-11-19 07:07 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-06-26 21:17 - 2011-11-19 06:06 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-06-26 21:14 - 2012-06-26 21:14 - 04731392 ____A (AVAST Software) C:\Users\Carl Tessier\Downloads\aswMBR.exe
2012-06-26 20:41 - 2012-06-28 20:10 - 00000000 ____D C:\Windows\erdnt
2012-06-26 17:33 - 2012-06-26 17:33 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{929841BC-E1FA-4407-8275-3ED3039B6CB4}
2012-06-26 12:07 - 2012-07-01 07:58 - 01114762 ____A C:\Users\Carl Tessier\Desktop\road.skp
2012-06-26 11:04 - 2012-06-26 11:10 - 00045787 ____A C:\Users\Carl Tessier\Documents\EnregistrementAuto_Sans titre.skp
2012-06-26 05:32 - 2012-06-27 19:58 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{3AC4B15A-55CA-4FC5-B699-EF16E4FCAEFD}
2012-06-26 05:32 - 2012-06-26 05:32 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{A1D08140-60D4-44EE-819A-BC0D9A4A37D3}
2012-06-25 11:05 - 2012-06-25 11:05 - 00000000 ____D C:\Users\Carl Tessier\AppData\Roaming\Malwarebytes
2012-06-25 11:05 - 2012-06-25 11:05 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-25 11:05 - 2012-06-25 11:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-25 11:05 - 2012-04-04 11:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-25 10:23 - 2012-06-28 20:19 - 00000000 ___AD C:\Qoobox
2012-06-25 10:06 - 2012-06-25 10:06 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{917DD91A-D8BD-4260-BFA6-B0CDAB4F0B49}
2012-06-24 04:09 - 2012-06-24 04:09 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{DFC2A60E-B6B6-4545-9FF4-E3284E8839FB}
2012-06-23 12:49 - 2012-06-25 10:06 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{3B6A86B5-DFC7-4FD0-BF2C-621BA578C493}
2012-06-23 12:49 - 2012-06-23 12:50 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{6CF26B69-B0F6-4F45-A225-A7C916CFDE0C}
2012-06-22 18:56 - 2012-06-22 18:56 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-22 18:45 - 2012-06-22 18:45 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{350ABF67-88BE-4A5C-A264-E90CF01E3FA5}
2012-06-22 18:43 - 2012-06-22 18:45 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{9294C58D-79C8-4DA8-BA1F-3561304CF32D}
2012-06-21 07:45 - 2012-06-21 07:46 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{D91DD74B-DD1E-4E28-B627-8E1C1BBA1CF9}
2012-06-21 07:45 - 2012-06-21 07:45 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{B758BF1F-5399-4C95-8945-3A4FC7C82FE0}
2012-06-20 19:45 - 2012-06-20 19:45 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{2B19A32D-E8B3-4F8D-811A-7C67FAC035A4}
2012-06-20 18:22 - 2012-06-20 18:21 - 02513020 ___RA C:\Users\Carl Tessier\Documents\meebo-chatlogs.zip
2012-06-20 07:44 - 2012-06-20 07:44 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{4C55E333-BF38-4108-8477-8507714B2FC9}
2012-06-20 07:43 - 2012-06-20 19:45 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{74DD165A-3BDC-4C61-9981-53A97C722B8D}
2012-06-18 14:41 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-18 14:41 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-18 14:41 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-18 14:41 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-18 14:40 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-18 14:40 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-18 14:40 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-18 14:39 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-18 14:39 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-17 18:11 - 2012-06-18 14:30 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{72A7C6CA-04E6-4AAA-B497-AFA543072F8F}
2012-06-16 08:36 - 2012-06-16 08:36 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{35BBE299-E847-47B0-86A4-4262E30E6FEA}
2012-06-15 14:45 - 2012-06-15 14:45 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\Macromedia
2012-06-15 14:40 - 2012-06-15 14:41 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{857C3BFF-EF30-4446-B8CC-E3733F4C515B}
2012-06-14 15:33 - 2012-06-14 15:33 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{F0FC1167-D8DE-4877-8BFA-4DA81D26215F}
2012-06-14 15:33 - 2012-06-14 15:33 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{897BFA0C-1D60-49EB-AB44-1A35D1B7DE50}
2012-06-13 14:37 - 2012-06-13 14:38 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{3BA4AD1A-C7F1-4E5F-8734-04BC0BF90B78}
2012-06-13 14:37 - 2012-06-13 14:37 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{13E745A5-1079-4C20-BEEC-3FF071E627FB}
2012-06-12 14:33 - 2012-06-12 14:33 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{375F18E2-7960-4C74-B4B5-50FC39375572}
2012-06-12 14:33 - 2012-06-12 14:33 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{042958F3-2260-4CDF-AF98-48DF09564A05}
2012-06-11 17:04 - 2012-06-11 17:04 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{DCCD9711-9DBE-424E-A0A5-1262C6473A19}
2012-06-11 17:04 - 2012-06-11 17:04 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{1187F8ED-8331-4FF5-9037-31FE851E22BE}
2012-06-10 08:33 - 2012-06-10 08:33 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{7AC41222-4776-4091-840E-3F385244BFB9}
2012-06-10 08:33 - 2012-06-10 08:33 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{1541BCFE-ECAA-4121-BF3E-B4E806654A2C}
2012-06-09 20:32 - 2012-06-09 20:32 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{4FA6D7BD-1DBC-4B7C-8B26-8299F11397C5}
2012-06-09 08:31 - 2012-06-09 20:32 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{61103219-96F7-4BF6-B394-E9185CCD5B4C}
2012-06-09 08:31 - 2012-06-09 08:32 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{EB9B6B80-8402-4DFA-8934-59D3593C9EF8}
2012-06-08 17:40 - 2012-02-27 23:34 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-08 17:40 - 2012-02-27 23:02 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-08 17:40 - 2012-02-27 22:56 - 02311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-08 17:40 - 2012-02-27 22:50 - 01345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-08 17:40 - 2012-02-27 22:49 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-08 17:40 - 2012-02-27 22:48 - 01493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-08 17:40 - 2012-02-27 22:48 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-08 17:40 - 2012-02-27 22:47 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-08 17:40 - 2012-02-27 22:45 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-08 17:40 - 2012-02-27 22:43 - 02144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-08 17:40 - 2012-02-27 22:43 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-08 17:40 - 2012-02-27 22:42 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-08 17:40 - 2012-02-27 22:39 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-08 17:40 - 2012-02-27 17:52 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-08 17:40 - 2012-02-27 17:27 - 09705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-08 17:40 - 2012-02-27 17:18 - 01799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-08 17:40 - 2012-02-27 17:12 - 01103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-08 17:40 - 2012-02-27 17:11 - 01427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-08 17:40 - 2012-02-27 17:11 - 01127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-08 17:40 - 2012-02-27 17:09 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-08 17:40 - 2012-02-27 17:08 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-08 17:40 - 2012-02-27 17:06 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-08 17:40 - 2012-02-27 17:04 - 01792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-08 17:40 - 2012-02-27 17:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-08 17:40 - 2012-02-27 17:03 - 00072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-08 17:40 - 2012-02-27 16:59 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-08 15:18 - 2012-06-08 15:18 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{A70220C4-AD51-4C9A-8556-23461C2558EB}
2012-06-08 15:18 - 2012-06-08 15:18 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{889051FF-DEEE-4FD5-BF6B-CC1E5DEE7B72}
2012-06-07 15:16 - 2012-06-07 15:16 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{C80423E0-ED7E-4115-8CE1-A0B56E6697C2}
2012-06-07 15:16 - 2012-06-07 15:16 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{71FE7A76-70AB-4B96-9128-51DE1C6802EE}
2012-06-06 17:00 - 2012-06-06 17:08 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\GitHub
2012-06-06 17:00 - 2012-06-06 17:00 - 00000000 ____D C:\Users\Carl Tessier\Documents\GitHub
2012-06-06 17:00 - 2012-06-06 17:00 - 00000000 ____D C:\Users\Carl Tessier\AppData\Roaming\GitHub
2012-06-06 16:33 - 2012-06-06 16:33 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{A0D271DC-CB11-4217-A2A8-A0D9E0EDC871}
2012-06-06 16:32 - 2012-06-06 16:32 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{0D5BB6CE-6AD7-4B3B-AEA7-D0AC1EC1B34C}
2012-06-05 15:03 - 2012-06-05 15:03 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{DEDF4CA7-F7FC-4C01-8872-A59D43FA045A}
2012-06-05 15:03 - 2012-06-05 15:03 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{D2FA1145-AEDE-4C88-B7C7-E9D6F477861D}
2012-06-04 16:01 - 2012-06-04 16:01 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{84CA4136-3D2C-4377-A52E-7D6E9227324A}
2012-06-04 16:01 - 2012-06-04 16:01 - 00000000 ____D C:\Users\Carl Tessier\AppData\Local\{624E74DD-0A13-4391-986E-E771E7DF2758}


============ 3 Months Modified Files ========================

2012-07-04 16:07 - 2012-04-05 14:50 - 00000934 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3585025520-255359423-1373225610-1000Core.job
2012-07-04 16:07 - 2009-09-24 20:46 - 01437365 ____A C:\Windows\WindowsUpdate.log
2012-07-04 16:02 - 2012-04-05 14:50 - 00000956 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3585025520-255359423-1373225610-1000UA.job
2012-07-04 16:02 - 2009-06-30 19:51 - 00001068 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-04 08:51 - 2009-06-15 13:52 - 00001014 ____A C:\Windows\Tasks\Google Software Updater.job
2012-07-04 06:26 - 2009-06-30 19:51 - 00001064 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-03 18:26 - 2009-09-24 18:58 - 00010288 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-03 18:26 - 2009-09-24 18:58 - 00010288 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-03 18:21 - 2012-06-28 20:03 - 00017228 ____A C:\Windows\SysWOW64\debug.log
2012-07-03 18:19 - 2012-07-03 18:18 - 00275664 ____A C:\Windows\Minidump\070312-30903-01.dmp
2012-07-03 18:19 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-03 18:19 - 2009-07-13 20:51 - 08517615 ____A C:\Windows\setupact.log
2012-07-03 18:18 - 2012-02-10 16:33 - 724409910 ____A C:\Windows\MEMORY.DMP
2012-07-03 18:04 - 2012-07-03 18:04 - 00275664 ____A C:\Windows\Minidump\070312-29967-01.dmp
2012-07-03 17:47 - 2012-07-03 17:47 - 04731392 ____A (AVAST Software) C:\Users\Carl Tessier\Downloads\aswMBR(1).exe
2012-07-03 17:45 - 2012-07-03 17:45 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Carl Tessier\Downloads\tdsskiller.exe
2012-07-03 17:22 - 2009-07-04 12:49 - 00002048 ___AH C:\Users\Carl Tessier\Documents\Default.rdp
2012-07-01 07:58 - 2012-06-26 12:07 - 01114762 ____A C:\Users\Carl Tessier\Desktop\road.skp
2012-06-30 06:26 - 2012-04-05 14:44 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-30 06:26 - 2011-05-16 14:08 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-29 20:09 - 2012-06-29 19:55 - 01112625 ____A C:\Users\Carl Tessier\Desktop\road.skb
2012-06-28 20:19 - 2012-06-28 20:19 - 00085243 ____A C:\ComboFix.txt
2012-06-28 20:03 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-06-28 19:58 - 2009-09-24 20:22 - 00072014 ____A C:\Windows\PFRO.log
2012-06-28 19:57 - 2009-07-13 18:34 - 211025920 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-06-28 19:57 - 2009-07-13 18:34 - 20185088 ____A C:\Windows\System32\config\SYSTEM.bak
2012-06-28 19:57 - 2009-07-13 18:34 - 131334144 ____A C:\Windows\System32\config\COMPONENTS.bak
2012-06-28 19:57 - 2009-07-13 18:34 - 05242880 ____A C:\Windows\System32\config\DEFAULT.bak
2012-06-28 19:57 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-06-28 19:57 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2012-06-28 19:49 - 2012-06-28 19:24 - 00001768 ____A C:\Windows\debug.log
2012-06-28 19:14 - 2012-06-28 19:14 - 00001225 ____A C:\Users\Carl Tessier\Desktop\checkup.txt
2012-06-28 19:13 - 2012-06-28 19:13 - 04566027 ____R (Swearware) C:\Users\Carl Tessier\Downloads\ComboFix.exe
2012-06-28 18:36 - 2012-06-28 18:36 - 00881475 ____A C:\Users\Carl Tessier\Downloads\SecurityCheck.exe
2012-06-27 10:11 - 2012-06-27 10:11 - 00002953 ____A C:\Users\Carl Tessier\Desktop\gmer.log
2012-06-26 21:57 - 2009-08-25 10:32 - 01043818 ____A C:\Windows\System32\perfh01D.dat
2012-06-26 21:57 - 2009-08-25 10:32 - 00293366 ____A C:\Windows\System32\perfc01D.dat
2012-06-26 21:57 - 2009-08-25 09:41 - 01105848 ____A C:\Windows\System32\perfh019.dat
2012-06-26 21:57 - 2009-08-25 09:41 - 00303200 ____A C:\Windows\System32\perfc019.dat
2012-06-26 21:57 - 2009-08-25 09:33 - 01133868 ____A C:\Windows\System32\perfh013.dat
2012-06-26 21:57 - 2009-08-25 09:33 - 00306772 ____A C:\Windows\System32\perfc013.dat
2012-06-26 21:57 - 2009-08-25 09:25 - 00874678 ____A C:\Windows\System32\perfh014.dat
2012-06-26 21:57 - 2009-08-25 09:25 - 00242806 ____A C:\Windows\System32\perfc014.dat
2012-06-26 21:57 - 2009-08-25 09:18 - 01127086 ____A C:\Windows\System32\perfh010.dat
2012-06-26 21:57 - 2009-08-25 09:18 - 00298924 ____A C:\Windows\System32\perfc010.dat
2012-06-26 21:57 - 2009-08-25 09:09 - 01153444 ____A C:\Windows\System32\perfh00C.dat
2012-06-26 21:57 - 2009-08-25 09:09 - 00308722 ____A C:\Windows\System32\perfc00C.dat
2012-06-26 21:57 - 2009-08-25 09:01 - 00864550 ____A C:\Windows\System32\perfh00B.dat
2012-06-26 21:57 - 2009-08-25 09:01 - 00254804 ____A C:\Windows\System32\perfc00B.dat
2012-06-26 21:57 - 2009-08-25 08:54 - 01135394 ____A C:\Windows\System32\perfh00A.dat
2012-06-26 21:57 - 2009-08-25 08:54 - 00315048 ____A C:\Windows\System32\perfc00A.dat
2012-06-26 21:57 - 2009-08-25 08:46 - 01090602 ____A C:\Windows\System32\perfh007.dat
2012-06-26 21:57 - 2009-08-25 08:46 - 00300654 ____A C:\Windows\System32\perfc007.dat
2012-06-26 21:57 - 2009-08-25 08:38 - 00891774 ____A C:\Windows\System32\perfh006.dat
2012-06-26 21:57 - 2009-08-25 08:38 - 00250382 ____A C:\Windows\System32\perfc006.dat
2012-06-26 21:57 - 2009-07-13 21:13 - 14776996 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-26 21:46 - 2012-06-26 21:46 - 00302592 ____A C:\Users\Carl Tessier\Downloads\3ulmpvfr.exe
2012-06-26 21:46 - 2009-10-13 09:50 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-26 21:40 - 2012-06-26 21:40 - 00607260 ____R (Swearware) C:\Users\Carl Tessier\Downloads\dds.scr
2012-06-26 21:14 - 2012-06-26 21:14 - 04731392 ____A (AVAST Software) C:\Users\Carl Tessier\Downloads\aswMBR.exe
2012-06-26 11:10 - 2012-06-26 11:04 - 00045787 ____A C:\Users\Carl Tessier\Documents\EnregistrementAuto_Sans titre.skp
2012-06-26 10:20 - 2009-11-06 21:03 - 00030720 __ASH C:\Users\Carl Tessier\AppData\Roaming\Thumbs.db
2012-06-20 18:21 - 2012-06-20 18:22 - 02513020 ___RA C:\Users\Carl Tessier\Documents\meebo-chatlogs.zip
2012-06-20 07:33 - 2009-07-13 21:08 - 00032496 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-14 15:28 - 2009-07-13 20:45 - 03416688 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 17:28 - 2009-09-24 21:01 - 00134576 ____A C:\Users\Carl Tessier\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-12 14:34 - 2009-05-26 14:56 - 00001075 ___AH C:\IPH.PH
2012-06-10 13:18 - 2009-06-03 16:50 - 00175936 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-06-08 17:18 - 2009-09-25 06:25 - 14529586 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-08 16:57 - 2011-03-10 15:06 - 00000039 ____A C:\Windows\vbaddin.ini
2012-06-06 18:34 - 2010-11-07 15:13 - 00004218 ____A C:\Users\Carl Tessier\Documents\drfrankenstein.list
2012-06-02 14:19 - 2012-06-18 14:41 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 14:41 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 14:41 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 14:40 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 14:40 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-18 14:41 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-18 14:40 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-18 14:39 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-18 14:39 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-29 17:18 - 2012-05-29 17:18 - 00062464 ___AH (ESET) C:\Windows\System32\findup1664.dll
2012-05-26 17:55 - 2009-10-22 06:56 - 00000600 ____A C:\Users\Carl Tessier\AppData\Local\PUTTY.RND
2012-05-25 16:34 - 2010-08-04 20:05 - 00000919 ___AH C:\Users\Carl Tessier\.gitk
2012-05-21 13:20 - 2011-12-27 20:37 - 00065536 ____A C:\Users\Carl Tessier\Desktop\Pokemon - Fire Red Version (USA).sav
2012-05-08 14:43 - 2012-05-08 14:43 - 00361526 ____A C:\Users\Carl Tessier\Downloads\20120505_mssi-11.jpeg
2012-05-05 21:32 - 2012-05-06 18:19 - 04474880 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtCored4.dll
2012-05-05 21:32 - 2012-05-06 18:19 - 02562560 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtCore4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 23985664 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtWebKitd4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 14874112 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtGuid4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 13110784 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtWebKit4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 08569856 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtGui4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 07275520 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtDesignerd4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 06948864 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtScriptd4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 05961728 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtXmlPatternsd4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 04900864 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtDeclaratived4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 04704768 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtDesigner4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 03890176 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtDesignerComponentsd4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 03857408 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\Qt3Supportd4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 02634752 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtXmlPatterns4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 02576384 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtDeclarative4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 02395136 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\Qt3Support4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 02257920 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtCLucened4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 01926144 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtDesignerComponents4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 01760256 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtNetworkd4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 01428992 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtOpenGLd4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 01341440 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtScript4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 01042432 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtScriptToolsd4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 01037312 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtNetwork4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 00872448 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtCLucene4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 00840192 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtHelpd4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 00778752 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtOpenGL4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 00596480 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtXmld4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 00583168 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtScriptTools4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 00525824 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtSvgd4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 00433152 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtHelp4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 00355840 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtXml4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 00341504 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtSqld4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 00283136 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtSvg4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 00230912 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtMultimediad4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 00201728 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtSql4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 00195584 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtTestd4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 00114176 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtMultimedia4.dll
2012-05-05 21:31 - 2012-05-06 18:19 - 00109056 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\QtTest4.dll
2012-05-05 21:31 - 2009-06-02 03:03 - 00517632 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\phonond4.dll
2012-05-05 21:31 - 2009-06-01 20:49 - 00270848 ____A (Nokia Corporation and/or its subsidiary(-ies)) C:\Windows\SysWOW64\phonon4.dll
2012-04-29 18:56 - 2012-04-17 17:13 - 00002048 ____A C:\Windows\SysWOW64\win32xmI.TXl
2012-04-06 06:01 - 2009-05-18 13:24 - 00136508 ____A C:\Windows\DirectX.log


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 4090.86 MB
Available physical RAM: 3357.19 MB
Total Pagefile: 4089.01 MB
Available Pagefile: 3360.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:70.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.05 GB) NTFS
4 Drive f: (CRUZER) (Removable) (Total:15.11 GB) (Free:5.99 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 15 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 39 MB
Partition 3 Primary 218 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 218 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F CRUZER FAT32 Removable 15 GB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-01 17:31

======================= End Of Log ==========================

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 AM

Posted 04 July 2012 - 07:52 PM

Greetings

Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Dr Frankenstein

Dr Frankenstein
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 06 July 2012 - 07:34 PM

Here it is.

Farbar Recovery Scan Tool Version: 04-07-2012 01
Ran by SYSTEM at 2012-07-06 18:48:50
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 AM

Posted 07 July 2012 - 12:56 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 AM

Posted 09 July 2012 - 11:39 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Dr Frankenstein

Dr Frankenstein
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 10 July 2012 - 06:28 PM

Here's fixlog.txt.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-07-2012 01
Ran by SYSTEM at 2012-07-09 23:59:35 Run:1
Running from F:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Edited by Dr Frankenstein, 10 July 2012 - 06:28 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 AM

Posted 10 July 2012 - 09:13 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 AM

Posted 13 July 2012 - 12:02 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users