Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

XP SECURITY 2012 INVASION

Started by pbj888 , Dec 16 2011 09:36 AM

  • Please log in to reply

#16
pbj888
Posted 18 December 2011 - 05:09 PM

pbj888

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Don't have any of those programs... Anti virus avast is not running,.. Tried over and over again... Still no uninstall
  • 0

Advertisements

#17
RKinner
Posted 18 December 2011 - 06:10 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
You are probably still infected with Zero Access.

Can you get a friend to download some stuff for you and put it on a USB drive?

Have him download:

Combofix.exe
http://subs.geekstogo.com/ComboFix.exe

TDSSKiller:
http://support.kaspe.../tdsskiller.exe

aswMBR:
http://public.avast....erek/aswMBR.exe

Malwarebytes' Anti-Malware:
http://www.malwarebytes.org/mbam.php

OTL:
http://www.geekstogo...timers-list-it/

AFD.txt:
http://www.geekstogo...attach_id=54343

FileAFD.txt:
http://www.geekstogo...attach_id=54344

Turn off or pause your anti-virus.

Copy all of the files to your desktop:

Don't try and open them. Right click on and Rename the afd.txt file to afd.reg and then rename the fileafd.txt file to afd.sys.

If you can't see the .txt extension on the downloaded files then:

If using Windows XP:

Close all programs so that you are at your desktop.
Double-click on the My Computer icon.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files.



Put both files on a USB drive and move them to the desktop of the sick PC. Copy the afd.sys file to c:\windows\system32\drivers\
It may already be there in which case you didn't need it. Go on to the next step.

Now right click on afd.reg and select MERGE. Allow it to merge then reboot.


Then ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.


Run OTL, Quickscan and post the log.

Ron
  • 0

#18
pbj888
Posted 18 December 2011 - 06:30 PM

pbj888

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
I will have to dled these programs at work tomorrow and get back to you. Thanks!
  • 0

#19
pbj888
Posted 19 December 2011 - 08:10 PM

pbj888

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Woohooooo back online!!! Thank you so much already....
I followed all the instructions except for the TDSSKiller. I didn't read the part where it said not to delete the dectected infections. Instead for both times scanned, I clicked "Copy to Quarantine" I hope that doesn't mean I messed things up....please advise. I also could not figure out how to copy the screen shot here.

Otherwise Here are all the logs:

ComboFix 11-12-19.01 - panitabuta 12/19/2011 19:29:35.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.578 [GMT -5:00]
Running from: c:\documents and settings\panitabuta\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgfinst.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi
c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi
c:\documents and settings\panitabuta\Local Settings\Application Data\vrus.exe
c:\windows\$NtUninstallKB23277$
c:\windows\$NtUninstallKB23277$\2857386817
c:\windows\kb835221.exe
c:\windows\kb913800.exe
c:\windows\windows-kb870669-x86-enu.exe
c:\windows\windowsinstaller-kb893803-v2-x86.exe
c:\windows\windowsxp-kb307154-x86-enu.exe
c:\windows\windowsxp-kb873339-x86-enu.exe
c:\windows\windowsxp-kb884018-x86-enu.exe
c:\windows\windowsxp-kb884575-x86-enu.exe
c:\windows\windowsxp-kb885250-x86-enu.exe
c:\windows\windowsxp-kb885835-x86-enu.exe
c:\windows\windowsxp-kb885836-x86-enu.exe
c:\windows\windowsxp-kb886185-x86-enu.exe
c:\windows\windowsxp-kb887472-x86-enu.exe
c:\windows\windowsxp-kb887742-x86-enu.exe
c:\windows\windowsxp-kb888113-x86-enu.exe
c:\windows\windowsxp-kb888239-x86-enu.exe
c:\windows\windowsxp-kb888302-x86-enu.exe
c:\windows\windowsxp-kb888321-x86-enu.exe
c:\windows\windowsxp-kb890046-x86-enu.exe
c:\windows\windowsxp-kb890859-x86-enu.exe
c:\windows\windowsxp-kb891781-x86-enu.exe
c:\windows\WindowsXP-KB893056-x86-ENU.exe
c:\windows\windowsxp-kb893066-v2-x86-enu.exe
c:\windows\windowsxp-kb893357-v2-x86-enu.exe
c:\windows\windowsxp-kb893756-x86-enu.exe
c:\windows\windowsxp-kb894391-x86-enu.exe
c:\windows\windowsxp-kb896358-x86-enu.exe
c:\windows\windowsxp-kb896422-x86-enu.exe
c:\windows\windowsxp-kb896423-x86-enu.exe
c:\windows\windowsxp-kb896424-x86-enu.exe
c:\windows\windowsxp-kb896428-x86-enu.exe
c:\windows\windowsxp-kb896688-x86-enu.exe
c:\windows\windowsxp-kb896727-x86-enu.exe
c:\windows\windowsxp-kb899587-x86-enu.exe
c:\windows\windowsxp-kb899588-x86-enu.exe
c:\windows\windowsxp-kb899589-x86-enu.exe
c:\windows\windowsxp-kb899591-x86-enu.exe
c:\windows\windowsxp-kb900725-x86-enu.exe
c:\windows\windowsxp-kb901017-x86-enu.exe
c:\windows\windowsxp-kb901214-x86-enu.exe
c:\windows\windowsxp-kb902400-x86-enu.exe
c:\windows\windowsxp-kb903235-x86-enu.exe
c:\windows\windowsxp-kb904706-x86-enu.exe
c:\windows\windowsxp-kb905414-x86-enu.exe
c:\windows\windowsxp-kb905749-x86-enu.exe
c:\windows\windowsxp-kb905915-x86-enu.exe
c:\windows\windowsxp-kb908519-x86-enu.exe
c:\windows\windowsxp-kb909667-x86-enu.exe
c:\windows\windowsxp-kb910437-x86-enu.exe
c:\windows\windowsxp-kb910728-x86-enu.exe
c:\windows\windowsxp-kb912919-x86-enu.exe
c:\windows\windowsxp-kb912945-x86-enu.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.afd
.
.
((((((((((((((((((((((((( Files Created from 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))))
.
.
2011-12-20 00:41 . 2011-12-20 00:41 -------- d-----w- c:\windows\LastGood.Tmp
2011-12-10 04:58 . 2011-12-10 04:58 -------- d-----w- c:\program files\Common Files\xing shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2006-03-16 01:13 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-03-15 23:55 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2011-09-26 15:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2006-03-15 23:55 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2006-03-15 23:55 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-10 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-10 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\I386\NTFS.SYS
.
[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-10 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-10 12:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-10 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-10 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-10 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-13 . EA16F83B5E4964C100F6098CE9874927 . 502784 . . [5.1.2600.2505] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB307154$\winlogon.exe
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2004-08-10 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[-] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-10 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-10 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2004-08-10 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-10 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-10 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-10 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-10 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-10 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-10 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2004-08-10 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
[-] 2004-08-10 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\I386\REGEDIT.EXE
.
[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\SoftwareDistribution\Download\1dfa26aa7c55425acf0fd8a07e6aaee7\sp3gdr\ole32.dll
[-] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\SoftwareDistribution\Download\1dfa26aa7c55425acf0fd8a07e6aaee7\sp3qfe\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2005-04-28 . 7440D29F257B7E44329343F944F2142C . 1286144 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\ole32.dll
[-] 2005-04-28 . 5950E4F28FDA9D147576BF6798937397 . 1285120 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\ole32.dll
[-] 2004-08-10 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\ole32.dll
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2004-08-10 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2005-03-10 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2004-08-10 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB895961$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-10 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-04 06:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2005-08-04 02:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2005-08-04 02:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\system32\MsPMSNSv.dll
[-] 2004-08-10 12:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-10 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2004-08-10 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-10 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-10 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-10 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-10 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-10 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-10 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-10 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2004-08-10 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-10 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2004-08-10 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-29 2407632]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-31 2424192]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-12-14 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-07 7557120]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-11-24 167936]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632]
"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-10 296056]
.
c:\documents and settings\panitabuta\Start Menu\Programs\Startup\
ViiKiiDesktopPlugin.lnk - c:\program files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe [2011-4-4 142848]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 01:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-11-18 03:47 118784 ----a-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2008-10-09 12:53 200136 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
2006-03-16 02:12 1077248 ----a-w- c:\program files\DISC\DISCover.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 21:56 64512 -c--a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2005-11-04 21:25 159832 ----a-w- c:\program files\Common Files\AOL\1226364954\ee\AOLHostManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 22:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-11-06 02:59 4347120 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
2009-12-07 09:22 266888 ----a-w- c:\documents and settings\panitabuta\Application Data\Smilebox\SmileboxTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TurboHddUsb]
2009-01-04 22:28 3327488 ----a-w- c:\program files\TurboHddUsb\TurboHddUsb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 04:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2005-10-12 05:36 151552 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21655:TCP"= 21655:TCP:BitComet 21655 TCP
"21655:UDP"= 21655:UDP:BitComet 21655 UDP
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/3/2009 8:20 PM 717296]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/20/2010 10:51 PM 294608]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [1/4/2009 5:28 PM 7040]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 7:56 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/20/2010 10:51 PM 17744]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [3/15/2006 6:57 PM 29184]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [3/15/2006 6:57 PM 226304]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 4:33 AM 30432]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 4:33 AM 30432]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [1/4/2009 5:28 PM 17792]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 12872]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2011-12-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-101638942-2500195564-795564065-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2011-12-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-101638942-2500195564-795564065-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/b/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: trymedia.com
TCP: DhcpNameServer = 192.168.1.1 207.69.188.185 207.69.188.186
FF - ProfilePath - c:\documents and settings\panitabuta\Application Data\Mozilla\Firefox\Profiles\dqqk3sx5.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-19 19:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(912)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(2216)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2011-12-19 20:12:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-20 01:12
ComboFix2.txt 2010-12-21 02:13
.
Pre-Run: 2,982,531,072 bytes free
Post-Run: 3,607,367,680 bytes free
.
- - End Of File - - D00B0C5DCFE820E587FB94BDB31B06F3






20:13:43.0250 0560 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
20:13:44.0093 0560 ============================================================
20:13:44.0093 0560 Current date / time: 2011/12/19 20:13:44.0093
20:13:44.0093 0560 SystemInfo:
20:13:44.0093 0560
20:13:44.0093 0560 OS Version: 5.1.2600 ServicePack: 3.0
20:13:44.0093 0560 Product type: Workstation
20:13:44.0093 0560 ComputerName: VALUED-C0DCCC42
20:13:44.0093 0560 UserName: panitabuta
20:13:44.0093 0560 Windows directory: C:\WINDOWS
20:13:44.0093 0560 System windows directory: C:\WINDOWS
20:13:44.0093 0560 Processor architecture: Intel x86
20:13:44.0093 0560 Number of processors: 2
20:13:44.0093 0560 Page size: 0x1000
20:13:44.0093 0560 Boot type: Normal boot
20:13:44.0093 0560 ============================================================
20:13:49.0359 0560 Initialize success
20:13:53.0218 1284 ============================================================
20:13:53.0218 1284 Scan started
20:13:53.0218 1284 Mode: Manual;
20:13:53.0218 1284 ============================================================
20:13:58.0000 1284 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
20:13:58.0015 1284 Aavmker4 - ok
20:13:58.0250 1284 Abiosdsk - ok
20:13:58.0421 1284 abp480n5 - ok
20:13:58.0687 1284 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:13:58.0687 1284 ACPI - ok
20:13:58.0750 1284 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:13:58.0750 1284 ACPIEC - ok
20:13:58.0765 1284 adpu160m - ok
20:13:58.0812 1284 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:13:58.0812 1284 aec - ok
20:13:58.0937 1284 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:13:58.0937 1284 AegisP - ok
20:13:59.0109 1284 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:13:59.0109 1284 AFD - ok
20:13:59.0156 1284 Aha154x - ok
20:13:59.0171 1284 aic78u2 - ok
20:13:59.0187 1284 aic78xx - ok
20:13:59.0203 1284 AliIde - ok
20:13:59.0218 1284 amsint - ok
20:13:59.0296 1284 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
20:13:59.0296 1284 ApfiltrService - ok
20:13:59.0359 1284 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:13:59.0359 1284 Arp1394 - ok
20:13:59.0468 1284 asc - ok
20:13:59.0484 1284 asc3350p - ok
20:13:59.0546 1284 asc3550 - ok
20:13:59.0625 1284 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:13:59.0640 1284 aswFsBlk - ok
20:13:59.0687 1284 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
20:13:59.0687 1284 aswMon2 - ok
20:13:59.0734 1284 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
20:13:59.0750 1284 aswRdr - ok
20:13:59.0859 1284 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
20:13:59.0875 1284 aswSP - ok
20:13:59.0984 1284 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
20:14:00.0000 1284 aswTdi - ok
20:14:00.0031 1284 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:14:00.0046 1284 AsyncMac - ok
20:14:00.0093 1284 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:14:00.0093 1284 atapi - ok
20:14:00.0140 1284 Atdisk - ok
20:14:00.0187 1284 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:14:00.0187 1284 Atmarpc - ok
20:14:00.0250 1284 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:14:00.0265 1284 audstub - ok
20:14:00.0328 1284 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
20:14:00.0328 1284 Avgfwdx - ok
20:14:00.0328 1284 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
20:14:00.0328 1284 Avgfwfd - ok
20:14:00.0500 1284 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:14:00.0500 1284 Beep - ok
20:14:00.0515 1284 catchme - ok
20:14:00.0609 1284 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:14:00.0609 1284 cbidf2k - ok
20:14:00.0703 1284 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:14:00.0703 1284 CCDECODE - ok
20:14:00.0734 1284 cd20xrnt - ok
20:14:00.0906 1284 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:14:00.0906 1284 Cdaudio - ok
20:14:01.0000 1284 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:14:01.0000 1284 Cdfs - ok
20:14:01.0062 1284 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:14:01.0078 1284 Cdrom - ok
20:14:01.0109 1284 Changer - ok
20:14:01.0140 1284 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:14:01.0156 1284 CmBatt - ok
20:14:01.0156 1284 CmdIde - ok
20:14:01.0218 1284 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:14:01.0234 1284 Compbatt - ok
20:14:01.0312 1284 Cpqarray - ok
20:14:01.0359 1284 dac2w2k - ok
20:14:01.0421 1284 dac960nt - ok
20:14:01.0468 1284 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:14:01.0484 1284 Disk - ok
20:14:01.0656 1284 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:14:01.0734 1284 dmboot - ok
20:14:01.0796 1284 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
20:14:01.0796 1284 DMICall - ok
20:14:01.0843 1284 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:14:01.0843 1284 dmio - ok
20:14:01.0921 1284 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:14:01.0921 1284 dmload - ok
20:14:01.0953 1284 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:14:01.0953 1284 DMusic - ok
20:14:01.0968 1284 dpti2o - ok
20:14:02.0031 1284 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:14:02.0031 1284 drmkaud - ok
20:14:02.0109 1284 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:14:02.0125 1284 E100B - ok
20:14:02.0281 1284 e1express (389cf2cded384be477c3b3f15747d495) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
20:14:02.0296 1284 e1express - ok
20:14:02.0421 1284 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:14:02.0421 1284 Fastfat - ok
20:14:02.0453 1284 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:14:02.0468 1284 Fdc - ok
20:14:02.0515 1284 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:14:02.0546 1284 Fips - ok
20:14:02.0609 1284 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:14:02.0609 1284 Flpydisk - ok
20:14:02.0718 1284 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:14:02.0734 1284 FltMgr - ok
20:14:02.0843 1284 FNETTBOH (b91c51d44558985ed0593fd5963d1866) C:\WINDOWS\system32\drivers\FNETTBOH.SYS
20:14:02.0843 1284 FNETTBOH - ok
20:14:02.0875 1284 FNETURPX (0a79334fb069c6b38df7ad56a109ea01) C:\WINDOWS\system32\drivers\FNETURPX.SYS
20:14:02.0875 1284 FNETURPX - ok
20:14:02.0921 1284 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:14:02.0921 1284 Fs_Rec - ok
20:14:02.0968 1284 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:14:02.0984 1284 Ftdisk - ok
20:14:03.0031 1284 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:14:03.0031 1284 GEARAspiWDM - ok
20:14:03.0078 1284 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:14:03.0125 1284 Gpc - ok
20:14:03.0171 1284 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:14:03.0171 1284 HDAudBus - ok
20:14:03.0203 1284 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:14:03.0203 1284 hidusb - ok
20:14:03.0234 1284 hpn - ok
20:14:03.0296 1284 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
20:14:03.0312 1284 HSFHWAZL - ok
20:14:03.0562 1284 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:14:03.0609 1284 HSF_DPV - ok
20:14:03.0656 1284 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:14:03.0656 1284 HTTP - ok
20:14:03.0750 1284 i2omgmt - ok
20:14:03.0812 1284 i2omp - ok
20:14:04.0031 1284 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:14:04.0031 1284 i8042prt - ok
20:14:04.0375 1284 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:14:04.0437 1284 ialm - ok
20:14:04.0531 1284 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:14:04.0531 1284 Imapi - ok
20:14:04.0593 1284 ini910u - ok
20:14:04.0671 1284 IntelIde - ok
20:14:04.0781 1284 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:14:04.0781 1284 intelppm - ok
20:14:04.0812 1284 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:14:04.0828 1284 Ip6Fw - ok
20:14:04.0890 1284 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:14:04.0906 1284 IpFilterDriver - ok
20:14:05.0000 1284 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:14:05.0000 1284 IpInIp - ok
20:14:05.0046 1284 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:14:05.0046 1284 IpNat - ok
20:14:05.0109 1284 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:14:05.0109 1284 IPSec - ok
20:14:05.0125 1284 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:14:05.0140 1284 IRENUM - ok
20:14:05.0171 1284 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:14:05.0171 1284 isapnp - ok
20:14:05.0250 1284 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:14:05.0250 1284 Kbdclass - ok
20:14:05.0281 1284 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:14:05.0281 1284 kmixer - ok
20:14:05.0421 1284 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:14:05.0421 1284 KSecDD - ok
20:14:05.0500 1284 lbrtfdc - ok
20:14:05.0609 1284 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:14:05.0609 1284 mdmxsdk - ok
20:14:05.0687 1284 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:14:05.0687 1284 MHNDRV - ok
20:14:05.0734 1284 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:14:05.0734 1284 mnmdd - ok
20:14:05.0796 1284 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:14:05.0796 1284 Modem - ok
20:14:05.0921 1284 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:14:05.0953 1284 Mouclass - ok
20:14:06.0125 1284 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:14:06.0156 1284 mouhid - ok
20:14:06.0328 1284 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:14:06.0343 1284 MountMgr - ok
20:14:06.0406 1284 mraid35x - ok
20:14:06.0484 1284 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:14:06.0484 1284 MRxDAV - ok
20:14:06.0593 1284 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:14:06.0625 1284 MRxSmb - ok
20:14:06.0687 1284 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:14:06.0718 1284 Msfs - ok
20:14:06.0812 1284 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:14:06.0812 1284 MSKSSRV - ok
20:14:06.0953 1284 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:14:06.0984 1284 MSPCLOCK - ok
20:14:07.0171 1284 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:14:07.0171 1284 MSPQM - ok
20:14:07.0390 1284 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:14:07.0390 1284 mssmbios - ok
20:14:07.0531 1284 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:14:07.0531 1284 MSTEE - ok
20:14:07.0687 1284 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:14:07.0687 1284 Mup - ok
20:14:07.0781 1284 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:14:07.0781 1284 NABTSFEC - ok
20:14:08.0046 1284 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:14:08.0046 1284 NDIS - ok
20:14:08.0109 1284 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:14:08.0140 1284 NdisIP - ok
20:14:08.0234 1284 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:14:08.0234 1284 NdisTapi - ok
20:14:08.0312 1284 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:14:08.0312 1284 Ndisuio - ok
20:14:08.0390 1284 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:14:08.0421 1284 NdisWan - ok
20:14:08.0562 1284 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:14:08.0593 1284 NDProxy - ok
20:14:08.0734 1284 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:14:08.0750 1284 NetBIOS - ok
20:14:09.0312 1284 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:14:09.0406 1284 NetBT - ok
20:14:09.0687 1284 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:14:09.0687 1284 NIC1394 - ok
20:14:10.0078 1284 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:14:10.0109 1284 Npfs - ok
20:14:10.0218 1284 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:14:10.0375 1284 Ntfs - ok
20:14:10.0531 1284 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:14:10.0531 1284 Null - ok
20:14:11.0093 1284 nv (57e81d1fde97bb98f7373bce2f4ffb21) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:14:11.0281 1284 nv - ok
20:14:11.0453 1284 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:14:11.0453 1284 NwlnkFlt - ok
20:14:11.0531 1284 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:14:11.0531 1284 NwlnkFwd - ok
20:14:11.0656 1284 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:14:11.0687 1284 ohci1394 - ok
20:14:11.0781 1284 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:14:11.0796 1284 Parport - ok
20:14:11.0828 1284 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:14:11.0828 1284 PartMgr - ok
20:14:11.0875 1284 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:14:11.0890 1284 ParVdm - ok
20:14:11.0890 1284 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:14:11.0906 1284 PCI - ok
20:14:11.0906 1284 PCIDump - ok
20:14:11.0953 1284 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:14:11.0953 1284 PCIIde - ok
20:14:11.0984 1284 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:14:12.0000 1284 Pcmcia - ok
20:14:12.0093 1284 PDCOMP - ok
20:14:12.0125 1284 PDFRAME - ok
20:14:12.0171 1284 PDRELI - ok
20:14:12.0203 1284 PDRFRAME - ok
20:14:12.0234 1284 perc2 - ok
20:14:12.0296 1284 perc2hib - ok
20:14:12.0437 1284 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys
20:14:12.0437 1284 pnarp - ok
20:14:12.0484 1284 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:14:12.0484 1284 PptpMiniport - ok
20:14:12.0515 1284 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:14:12.0515 1284 PSched - ok
20:14:12.0625 1284 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:14:12.0625 1284 Ptilink - ok
20:14:12.0687 1284 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys
20:14:12.0687 1284 purendis - ok
20:14:12.0796 1284 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:14:12.0828 1284 PxHelp20 - ok
20:14:12.0843 1284 ql1080 - ok
20:14:12.0859 1284 Ql10wnt - ok
20:14:12.0875 1284 ql12160 - ok
20:14:12.0890 1284 ql1240 - ok
20:14:12.0906 1284 ql1280 - ok
20:14:12.0953 1284 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:14:12.0968 1284 RasAcd - ok
20:14:12.0984 1284 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:14:12.0984 1284 Rasl2tp - ok
20:14:13.0000 1284 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:14:13.0015 1284 RasPppoe - ok
20:14:13.0062 1284 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:14:13.0062 1284 Raspti - ok
20:14:13.0140 1284 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:14:13.0140 1284 Rdbss - ok
20:14:13.0218 1284 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:14:13.0218 1284 RDPCDD - ok
20:14:13.0296 1284 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:14:13.0312 1284 rdpdr - ok
20:14:13.0406 1284 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:14:13.0406 1284 RDPWD - ok
20:14:13.0671 1284 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:14:13.0671 1284 redbook - ok
20:14:13.0906 1284 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
20:14:13.0906 1284 s24trans - ok
20:14:13.0984 1284 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:14:13.0984 1284 SASDIFSV - ok
20:14:14.0015 1284 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
20:14:14.0015 1284 SASENUM - ok
20:14:14.0062 1284 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
20:14:14.0062 1284 SASKUTIL - ok
20:14:14.0203 1284 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:14:14.0203 1284 Secdrv - ok
20:14:14.0265 1284 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
20:14:14.0265 1284 Serial - ok
20:14:14.0343 1284 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
20:14:14.0343 1284 Sfloppy - ok
20:14:14.0390 1284 SI3132 (716a724a447c559f122ea140d636fa48) C:\WINDOWS\system32\DRIVERS\SI3132.sys
20:14:14.0390 1284 SI3132 - ok
20:14:14.0437 1284 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
20:14:14.0437 1284 SiFilter - ok
20:14:14.0453 1284 Simbad - ok
20:14:14.0468 1284 SiRemFil (62fd549acf2943f89612a8777295fa57) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
20:14:14.0468 1284 SiRemFil - ok
20:14:14.0515 1284 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:14:14.0515 1284 SLIP - ok
20:14:14.0578 1284 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
20:14:14.0578 1284 SNC - ok
20:14:14.0750 1284 SonyImgF (fb77021110eaa16ea6e0961c844ef0d2) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
20:14:14.0750 1284 SonyImgF - ok
20:14:15.0078 1284 Sparrow - ok
20:14:15.0203 1284 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:14:15.0218 1284 splitter - ok
20:14:15.0421 1284 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
20:14:15.0421 1284 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
20:14:15.0421 1284 sptd ( LockedFile.Multi.Generic ) - warning
20:14:15.0421 1284 sptd - detected LockedFile.Multi.Generic (1)
20:14:15.0546 1284 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:14:15.0562 1284 sr - ok
20:14:15.0828 1284 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:14:15.0984 1284 Srv - ok
20:14:16.0687 1284 STHDA (c80ec509026f6cc88486742083386ff6) C:\WINDOWS\system32\drivers\sthda.sys
20:14:16.0812 1284 STHDA - ok
20:14:17.0046 1284 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:14:17.0062 1284 streamip - ok
20:14:17.0109 1284 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:14:17.0140 1284 swenum - ok
20:14:17.0234 1284 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:14:17.0250 1284 swmidi - ok
20:14:17.0421 1284 symc810 - ok
20:14:17.0640 1284 symc8xx - ok
20:14:17.0765 1284 SYMIDSCO - ok
20:14:17.0875 1284 sym_hi - ok
20:14:17.0953 1284 sym_u3 - ok
20:14:18.0078 1284 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:14:18.0078 1284 sysaudio - ok
20:14:18.0203 1284 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:14:18.0265 1284 Tcpip - ok
20:14:18.0328 1284 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:14:18.0328 1284 TDPIPE - ok
20:14:18.0421 1284 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:14:18.0421 1284 TDTCP - ok
20:14:18.0593 1284 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:14:18.0593 1284 TermDD - ok
20:14:18.0671 1284 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys
20:14:18.0671 1284 ti21sony - ok
20:14:18.0687 1284 TosIde - ok
20:14:18.0812 1284 tosporte (6a404454c6133e749be33892eb6ffa35) C:\WINDOWS\system32\DRIVERS\tosporte.sys
20:14:18.0828 1284 tosporte - ok
20:14:18.0890 1284 Tosrfbd (e4901804c4d8d613fa3560de2c2e0261) C:\WINDOWS\system32\Drivers\tosrfbd.sys
20:14:18.0921 1284 Tosrfbd - ok
20:14:19.0109 1284 Tosrfbnp (613e09572f4c5b92ca6be8bdc4cc5b7d) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
20:14:19.0125 1284 Tosrfbnp - ok
20:14:19.0203 1284 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
20:14:19.0234 1284 Tosrfcom - ok
20:14:19.0359 1284 Tosrfhid (7726332391d8fca1a491a17f592fd6b3) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
20:14:19.0359 1284 Tosrfhid - ok
20:14:19.0484 1284 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
20:14:19.0500 1284 tosrfnds - ok
20:14:19.0625 1284 Tosrfusb (7414a6461bc83a22b0ae009ace3e375b) C:\WINDOWS\system32\Drivers\tosrfusb.sys
20:14:19.0640 1284 Tosrfusb - ok
20:14:19.0953 1284 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:14:20.0000 1284 Udfs - ok
20:14:20.0203 1284 ultra - ok
20:14:20.0484 1284 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:14:20.0546 1284 Update - ok
20:14:20.0812 1284 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:14:20.0843 1284 USBAAPL - ok
20:14:20.0921 1284 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:14:20.0937 1284 usbccgp - ok
20:14:21.0015 1284 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:14:21.0031 1284 usbehci - ok
20:14:21.0328 1284 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:14:21.0359 1284 usbhub - ok
20:14:21.0484 1284 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:14:21.0500 1284 usbprint - ok
20:14:21.0656 1284 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:14:21.0656 1284 usbscan - ok
20:14:21.0921 1284 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:14:21.0921 1284 usbstor - ok
20:14:21.0984 1284 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:14:21.0984 1284 usbuhci - ok
20:14:22.0125 1284 usbvm321 (c7f4158ea3915f4194aee233ff8d4728) C:\WINDOWS\system32\Drivers\usbvm321.sys
20:14:22.0140 1284 usbvm321 - ok
20:14:22.0234 1284 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:14:22.0250 1284 VgaSave - ok
20:14:22.0375 1284 ViaIde - ok
20:14:22.0671 1284 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:14:22.0687 1284 VolSnap - ok
20:14:23.0500 1284 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
20:14:24.0359 1284 w39n51 - ok
20:14:25.0109 1284 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:14:25.0156 1284 Wanarp - ok
20:14:25.0453 1284 WDICA - ok
20:14:25.0984 1284 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:14:26.0046 1284 wdmaud - ok
20:14:26.0687 1284 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:14:27.0015 1284 winachsf - ok
20:14:27.0468 1284 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:14:27.0515 1284 WSTCODEC - ok
20:14:27.0593 1284 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:14:31.0500 1284 \Device\Harddisk0\DR0 - ok
20:14:31.0515 1284 MBR (0x1B8) (45ed320cd87a2cdd9109f0fb74bda871) \Device\Harddisk2\DR5
20:14:32.0859 1284 \Device\Harddisk2\DR5 - ok
20:14:32.0875 1284 Boot (0x1200) (3b5d759b72386666f9b36171d0cdf862) \Device\Harddisk0\DR0\Partition0
20:14:32.0890 1284 \Device\Harddisk0\DR0\Partition0 - ok
20:14:32.0890 1284 ============================================================
20:14:32.0890 1284 Scan finished
20:14:32.0890 1284 ============================================================
20:14:32.0906 1104 Detected object count: 1
20:14:32.0906 1104 Actual detected object count: 1
20:15:15.0562 1104 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
20:15:15.0562 1104 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
20:15:37.0453 3704 ============================================================
20:15:37.0453 3704 Scan started
20:15:37.0453 3704 Mode: Manual; SigCheck; TDLFS;
20:15:37.0453 3704 ============================================================
20:15:39.0437 3704 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
20:15:39.0750 3704 Aavmker4 - ok
20:15:39.0765 3704 Abiosdsk - ok
20:15:39.0796 3704 abp480n5 - ok
20:15:39.0843 3704 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:15:39.0906 3704 ACPI ( UnsignedFile.Multi.Generic ) - warning
20:15:39.0906 3704 ACPI - detected UnsignedFile.Multi.Generic (1)
20:15:39.0984 3704 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:15:40.0000 3704 ACPIEC ( UnsignedFile.Multi.Generic ) - warning
20:15:40.0000 3704 ACPIEC - detected UnsignedFile.Multi.Generic (1)
20:15:40.0015 3704 adpu160m - ok
20:15:40.0062 3704 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:15:40.0078 3704 aec ( UnsignedFile.Multi.Generic ) - warning
20:15:40.0078 3704 aec - detected UnsignedFile.Multi.Generic (1)
20:15:40.0156 3704 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:15:40.0171 3704 AegisP ( UnsignedFile.Multi.Generic ) - warning
20:15:40.0171 3704 AegisP - detected UnsignedFile.Multi.Generic (1)
20:15:40.0250 3704 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:15:40.0281 3704 AFD - ok
20:15:40.0421 3704 Aha154x - ok
20:15:40.0468 3704 aic78u2 - ok
20:15:40.0500 3704 aic78xx - ok
20:15:40.0515 3704 AliIde - ok
20:15:40.0531 3704 amsint - ok
20:15:40.0593 3704 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
20:15:40.0609 3704 ApfiltrService ( UnsignedFile.Multi.Generic ) - warning
20:15:40.0609 3704 ApfiltrService - detected UnsignedFile.Multi.Generic (1)
20:15:40.0671 3704 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:15:40.0687 3704 Arp1394 ( UnsignedFile.Multi.Generic ) - warning
20:15:40.0687 3704 Arp1394 - detected UnsignedFile.Multi.Generic (1)
20:15:40.0703 3704 asc - ok
20:15:40.0718 3704 asc3350p - ok
20:15:40.0734 3704 asc3550 - ok
20:15:40.0796 3704 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:15:40.0812 3704 aswFsBlk - ok
20:15:40.0828 3704 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
20:15:40.0843 3704 aswMon2 - ok
20:15:40.0875 3704 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
20:15:40.0890 3704 aswRdr - ok
20:15:40.0937 3704 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
20:15:40.0953 3704 aswSP - ok
20:15:40.0984 3704 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
20:15:41.0000 3704 aswTdi - ok
20:15:41.0031 3704 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:15:41.0031 3704 AsyncMac ( UnsignedFile.Multi.Generic ) - warning
20:15:41.0031 3704 AsyncMac - detected UnsignedFile.Multi.Generic (1)
20:15:41.0468 3704 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:15:41.0484 3704 atapi ( UnsignedFile.Multi.Generic ) - warning
20:15:41.0484 3704 atapi - detected UnsignedFile.Multi.Generic (1)
20:15:41.0750 3704 Atdisk - ok
20:15:42.0000 3704 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:15:42.0015 3704 Atmarpc ( UnsignedFile.Multi.Generic ) - warning
20:15:42.0015 3704 Atmarpc - detected UnsignedFile.Multi.Generic (1)
20:15:42.0140 3704 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:15:42.0140 3704 audstub ( UnsignedFile.Multi.Generic ) - warning
20:15:42.0140 3704 audstub - detected UnsignedFile.Multi.Generic (1)
20:15:42.0234 3704 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
20:15:42.0250 3704 Avgfwdx - ok
20:15:42.0250 3704 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
20:15:42.0265 3704 Avgfwfd - ok
20:15:42.0359 3704 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:15:42.0359 3704 Beep ( UnsignedFile.Multi.Generic ) - warning
20:15:42.0359 3704 Beep - detected UnsignedFile.Multi.Generic (1)
20:15:42.0375 3704 catchme - ok
20:15:42.0515 3704 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:15:42.0515 3704 cbidf2k ( UnsignedFile.Multi.Generic ) - warning
20:15:42.0515 3704 cbidf2k - detected UnsignedFile.Multi.Generic (1)
20:15:42.0687 3704 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:15:42.0734 3704 CCDECODE ( UnsignedFile.Multi.Generic ) - warning
20:15:42.0734 3704 CCDECODE - detected UnsignedFile.Multi.Generic (1)
20:15:42.0890 3704 cd20xrnt - ok
20:15:43.0234 3704 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:15:43.0234 3704 Cdaudio ( UnsignedFile.Multi.Generic ) - warning
20:15:43.0234 3704 Cdaudio - detected UnsignedFile.Multi.Generic (1)
20:15:44.0093 3704 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:15:44.0109 3704 Cdfs ( UnsignedFile.Multi.Generic ) - warning
20:15:44.0109 3704 Cdfs - detected UnsignedFile.Multi.Generic (1)
20:15:44.0703 3704 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:15:44.0703 3704 Cdrom ( UnsignedFile.Multi.Generic ) - warning
20:15:44.0703 3704 Cdrom - detected UnsignedFile.Multi.Generic (1)
20:15:44.0828 3704 Changer - ok
20:15:44.0875 3704 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:15:44.0890 3704 CmBatt ( UnsignedFile.Multi.Generic ) - warning
20:15:44.0890 3704 CmBatt - detected UnsignedFile.Multi.Generic (1)
20:15:44.0890 3704 CmdIde - ok
20:15:44.0937 3704 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:15:44.0953 3704 Compbatt ( UnsignedFile.Multi.Generic ) - warning
20:15:44.0968 3704 Compbatt - detected UnsignedFile.Multi.Generic (1)
20:15:44.0984 3704 Cpqarray - ok
20:15:45.0015 3704 dac2w2k - ok
20:15:45.0031 3704 dac960nt - ok
20:15:45.0093 3704 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:15:45.0109 3704 Disk ( UnsignedFile.Multi.Generic ) - warning
20:15:45.0109 3704 Disk - detected UnsignedFile.Multi.Generic (1)
20:15:45.0234 3704 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:15:45.0328 3704 dmboot ( UnsignedFile.Multi.Generic ) - warning
20:15:45.0328 3704 dmboot - detected UnsignedFile.Multi.Generic (1)
20:15:45.0375 3704 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
20:15:45.0375 3704 DMICall ( UnsignedFile.Multi.Generic ) - warning
20:15:45.0375 3704 DMICall - detected UnsignedFile.Multi.Generic (1)
20:15:45.0421 3704 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:15:45.0437 3704 dmio ( UnsignedFile.Multi.Generic ) - warning
20:15:45.0437 3704 dmio - detected UnsignedFile.Multi.Generic (1)
20:15:45.0531 3704 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:15:45.0546 3704 dmload ( UnsignedFile.Multi.Generic ) - warning
20:15:45.0546 3704 dmload - detected UnsignedFile.Multi.Generic (1)
20:15:45.0875 3704 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:15:45.0875 3704 DMusic ( UnsignedFile.Multi.Generic ) - warning
20:15:45.0875 3704 DMusic - detected UnsignedFile.Multi.Generic (1)
20:15:45.0921 3704 dpti2o - ok
20:15:45.0968 3704 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:15:45.0968 3704 drmkaud ( UnsignedFile.Multi.Generic ) - warning
20:15:45.0968 3704 drmkaud - detected UnsignedFile.Multi.Generic (1)
20:15:46.0031 3704 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:15:46.0046 3704 E100B ( UnsignedFile.Multi.Generic ) - warning
20:15:46.0046 3704 E100B - detected UnsignedFile.Multi.Generic (1)
20:15:46.0093 3704 e1express (389cf2cded384be477c3b3f15747d495) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
20:15:46.0109 3704 e1express ( UnsignedFile.Multi.Generic ) - warning
20:15:46.0109 3704 e1express - detected UnsignedFile.Multi.Generic (1)
20:15:46.0171 3704 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:15:46.0171 3704 Fastfat ( UnsignedFile.Multi.Generic ) - warning
20:15:46.0171 3704 Fastfat - detected UnsignedFile.Multi.Generic (1)
20:15:46.0203 3704 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:15:46.0203 3704 Fdc ( UnsignedFile.Multi.Generic ) - warning
20:15:46.0203 3704 Fdc - detected UnsignedFile.Multi.Generic (1)
20:15:46.0281 3704 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:15:46.0281 3704 Fips ( UnsignedFile.Multi.Generic ) - warning
20:15:46.0281 3704 Fips - detected UnsignedFile.Multi.Generic (1)
20:15:46.0312 3704 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:15:46.0328 3704 Flpydisk ( UnsignedFile.Multi.Generic ) - warning
20:15:46.0328 3704 Flpydisk - detected UnsignedFile.Multi.Generic (1)
20:15:46.0406 3704 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:15:46.0437 3704 FltMgr ( UnsignedFile.Multi.Generic ) - warning
20:15:46.0437 3704 FltMgr - detected UnsignedFile.Multi.Generic (1)
20:15:46.0515 3704 FNETTBOH (b91c51d44558985ed0593fd5963d1866) C:\WINDOWS\system32\drivers\FNETTBOH.SYS
20:15:46.0515 3704 FNETTBOH ( UnsignedFile.Multi.Generic ) - warning
20:15:46.0515 3704 FNETTBOH - detected UnsignedFile.Multi.Generic (1)
20:15:46.0546 3704 FNETURPX (0a79334fb069c6b38df7ad56a109ea01) C:\WINDOWS\system32\drivers\FNETURPX.SYS
20:15:46.0546 3704 FNETURPX ( UnsignedFile.Multi.Generic ) - warning
20:15:46.0546 3704 FNETURPX - detected UnsignedFile.Multi.Generic (1)
20:15:46.0578 3704 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:15:46.0578 3704 Fs_Rec ( UnsignedFile.Multi.Generic ) - warning
20:15:46.0578 3704 Fs_Rec - detected UnsignedFile.Multi.Generic (1)
20:15:46.0656 3704 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:15:46.0656 3704 Ftdisk ( UnsignedFile.Multi.Generic ) - warning
20:15:46.0656 3704 Ftdisk - detected UnsignedFile.Multi.Generic (1)
20:15:47.0031 3704 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:15:47.0328 3704 GEARAspiWDM - ok
20:15:47.0453 3704 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:15:47.0453 3704 Gpc ( UnsignedFile.Multi.Generic ) - warning
20:15:47.0453 3704 Gpc - detected UnsignedFile.Multi.Generic (1)
20:15:47.0515 3704 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:15:47.0515 3704 HDAudBus ( UnsignedFile.Multi.Generic ) - warning
20:15:47.0515 3704 HDAudBus - detected UnsignedFile.Multi.Generic (1)
20:15:47.0578 3704 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:15:47.0578 3704 hidusb ( UnsignedFile.Multi.Generic ) - warning
20:15:47.0578 3704 hidusb - detected UnsignedFile.Multi.Generic (1)
20:15:47.0593 3704 hpn - ok
20:15:47.0656 3704 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
20:15:47.0671 3704 HSFHWAZL ( UnsignedFile.Multi.Generic ) - warning
20:15:47.0671 3704 HSFHWAZL - detected UnsignedFile.Multi.Generic (1)
20:15:47.0781 3704 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:15:47.0843 3704 HSF_DPV ( UnsignedFile.Multi.Generic ) - warning
20:15:47.0843 3704 HSF_DPV - detected UnsignedFile.Multi.Generic (1)
20:15:47.0968 3704 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:15:47.0968 3704 HTTP ( UnsignedFile.Multi.Generic ) - warning
20:15:47.0968 3704 HTTP - detected UnsignedFile.Multi.Generic (1)
20:15:48.0031 3704 i2omgmt - ok
20:15:48.0109 3704 i2omp - ok
20:15:48.0171 3704 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:15:48.0171 3704 i8042prt ( UnsignedFile.Multi.Generic ) - warning
20:15:48.0171 3704 i8042prt - detected UnsignedFile.Multi.Generic (1)
20:15:48.0281 3704 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:15:48.0421 3704 ialm ( UnsignedFile.Multi.Generic ) - warning
20:15:48.0421 3704 ialm - detected UnsignedFile.Multi.Generic (1)
20:15:48.0515 3704 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:15:48.0531 3704 Imapi ( UnsignedFile.Multi.Generic ) - warning
20:15:48.0531 3704 Imapi - detected UnsignedFile.Multi.Generic (1)
20:15:48.0546 3704 ini910u - ok
20:15:48.0562 3704 IntelIde - ok
20:15:48.0625 3704 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:15:48.0625 3704 intelppm ( UnsignedFile.Multi.Generic ) - warning
20:15:48.0625 3704 intelppm - detected UnsignedFile.Multi.Generic (1)
20:15:48.0656 3704 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:15:48.0656 3704 Ip6Fw ( UnsignedFile.Multi.Generic ) - warning
20:15:48.0656 3704 Ip6Fw - detected UnsignedFile.Multi.Generic (1)
20:15:48.0703 3704 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:15:48.0718 3704 IpFilterDriver ( UnsignedFile.Multi.Generic ) - warning
20:15:48.0718 3704 IpFilterDriver - detected UnsignedFile.Multi.Generic (1)
20:15:48.0765 3704 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:15:48.0781 3704 IpInIp ( UnsignedFile.Multi.Generic ) - warning
20:15:48.0781 3704 IpInIp - detected UnsignedFile.Multi.Generic (1)
20:15:48.0796 3704 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:15:48.0812 3704 IpNat ( UnsignedFile.Multi.Generic ) - warning
20:15:48.0812 3704 IpNat - detected UnsignedFile.Multi.Generic (1)
20:15:48.0828 3704 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:15:48.0843 3704 IPSec ( UnsignedFile.Multi.Generic ) - warning
20:15:48.0843 3704 IPSec - detected UnsignedFile.Multi.Generic (1)
20:15:48.0859 3704 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:15:48.0859 3704 IRENUM ( UnsignedFile.Multi.Generic ) - warning
20:15:48.0875 3704 IRENUM - detected UnsignedFile.Multi.Generic (1)
20:15:48.0890 3704 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:15:48.0906 3704 isapnp ( UnsignedFile.Multi.Generic ) - warning
20:15:48.0906 3704 isapnp - detected UnsignedFile.Multi.Generic (1)
20:15:48.0921 3704 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:15:48.0921 3704 Kbdclass ( UnsignedFile.Multi.Generic ) - warning
20:15:48.0921 3704 Kbdclass - detected UnsignedFile.Multi.Generic (1)
20:15:48.0953 3704 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:15:48.0953 3704 kmixer ( UnsignedFile.Multi.Generic ) - warning
20:15:48.0953 3704 kmixer - detected UnsignedFile.Multi.Generic (1)
20:15:49.0109 3704 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:15:49.0125 3704 KSecDD ( UnsignedFile.Multi.Generic ) - warning
20:15:49.0125 3704 KSecDD - detected UnsignedFile.Multi.Generic (1)
20:15:49.0156 3704 lbrtfdc - ok
20:15:49.0265 3704 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:15:49.0265 3704 mdmxsdk ( UnsignedFile.Multi.Generic ) - warning
20:15:49.0265 3704 mdmxsdk - detected UnsignedFile.Multi.Generic (1)
20:15:49.0328 3704 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:15:49.0343 3704 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
20:15:49.0343 3704 MHNDRV - detected UnsignedFile.Multi.Generic (1)
20:15:49.0375 3704 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:15:49.0390 3704 mnmdd ( UnsignedFile.Multi.Generic ) - warning
20:15:49.0390 3704 mnmdd - detected UnsignedFile.Multi.Generic (1)
20:15:49.0437 3704 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:15:49.0437 3704 Modem ( UnsignedFile.Multi.Generic ) - warning
20:15:49.0437 3704 Modem - detected UnsignedFile.Multi.Generic (1)
20:15:49.0484 3704 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:15:49.0484 3704 Mouclass ( UnsignedFile.Multi.Generic ) - warning
20:15:49.0484 3704 Mouclass - detected UnsignedFile.Multi.Generic (1)
20:15:49.0531 3704 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:15:49.0546 3704 mouhid ( UnsignedFile.Multi.Generic ) - warning
20:15:49.0546 3704 mouhid - detected UnsignedFile.Multi.Generic (1)
20:15:49.0656 3704 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:15:49.0656 3704 MountMgr ( UnsignedFile.Multi.Generic ) - warning
20:15:49.0656 3704 MountMgr - detected UnsignedFile.Multi.Generic (1)
20:15:49.0671 3704 mraid35x - ok
20:15:49.0687 3704 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:15:49.0703 3704 MRxDAV ( UnsignedFile.Multi.Generic ) - warning
20:15:49.0703 3704 MRxDAV - detected UnsignedFile.Multi.Generic (1)
20:15:49.0765 3704 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:15:49.0781 3704 MRxSmb - ok
20:15:49.0859 3704 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:15:49.0875 3704 Msfs ( UnsignedFile.Multi.Generic ) - warning
20:15:49.0875 3704 Msfs - detected UnsignedFile.Multi.Generic (1)
20:15:49.0906 3704 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:15:49.0921 3704 MSKSSRV ( UnsignedFile.Multi.Generic ) - warning
20:15:49.0921 3704 MSKSSRV - detected UnsignedFile.Multi.Generic (1)
20:15:49.0953 3704 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:15:49.0968 3704 MSPCLOCK ( UnsignedFile.Multi.Generic ) - warning
20:15:49.0968 3704 MSPCLOCK - detected UnsignedFile.Multi.Generic (1)
20:15:49.0968 3704 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:15:49.0984 3704 MSPQM ( UnsignedFile.Multi.Generic ) - warning
20:15:49.0984 3704 MSPQM - detected UnsignedFile.Multi.Generic (1)
20:15:50.0015 3704 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:15:50.0015 3704 mssmbios ( UnsignedFile.Multi.Generic ) - warning
20:15:50.0015 3704 mssmbios - detected UnsignedFile.Multi.Generic (1)
20:15:50.0093 3704 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:15:50.0093 3704 MSTEE ( UnsignedFile.Multi.Generic ) - warning
20:15:50.0093 3704 MSTEE - detected UnsignedFile.Multi.Generic (1)
20:15:50.0171 3704 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:15:50.0187 3704 Mup - ok
20:15:50.0218 3704 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:15:50.0234 3704 NABTSFEC ( UnsignedFile.Multi.Generic ) - warning
20:15:50.0234 3704 NABTSFEC - detected UnsignedFile.Multi.Generic (1)
20:15:50.0265 3704 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:15:50.0281 3704 NDIS ( UnsignedFile.Multi.Generic ) - warning
20:15:50.0281 3704 NDIS - detected UnsignedFile.Multi.Generic (1)
20:15:50.0296 3704 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:15:50.0312 3704 NdisIP ( UnsignedFile.Multi.Generic ) - warning
20:15:50.0312 3704 NdisIP - detected UnsignedFile.Multi.Generic (1)
20:15:50.0343 3704 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:15:50.0359 3704 NdisTapi - ok
20:15:50.0390 3704 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:15:50.0406 3704 Ndisuio ( UnsignedFile.Multi.Generic ) - warning
20:15:50.0406 3704 Ndisuio - detected UnsignedFile.Multi.Generic (1)
20:15:50.0484 3704 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:15:50.0484 3704 NdisWan ( UnsignedFile.Multi.Generic ) - warning
20:15:50.0484 3704 NdisWan - detected UnsignedFile.Multi.Generic (1)
20:15:50.0562 3704 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:15:50.0578 3704 NDProxy - ok
20:15:50.0609 3704 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:15:50.0609 3704 NetBIOS ( UnsignedFile.Multi.Generic ) - warning
20:15:50.0609 3704 NetBIOS - detected UnsignedFile.Multi.Generic (1)
20:15:50.0656 3704 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:15:50.0671 3704 NetBT ( UnsignedFile.Multi.Generic ) - warning
20:15:50.0671 3704 NetBT - detected UnsignedFile.Multi.Generic (1)
20:15:50.0718 3704 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:15:50.0734 3704 NIC1394 ( UnsignedFile.Multi.Generic ) - warning
20:15:50.0734 3704 NIC1394 - detected UnsignedFile.Multi.Generic (1)
20:15:50.0765 3704 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:15:50.0765 3704 Npfs ( UnsignedFile.Multi.Generic ) - warning
20:15:50.0765 3704 Npfs - detected UnsignedFile.Multi.Generic (1)
20:15:50.0828 3704 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:15:50.0843 3704 Ntfs ( UnsignedFile.Multi.Generic ) - warning
20:15:50.0843 3704 Ntfs - detected UnsignedFile.Multi.Generic (1)
20:15:50.0906 3704 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:15:50.0906 3704 Null ( UnsignedFile.Multi.Generic ) - warning
20:15:50.0906 3704 Null - detected UnsignedFile.Multi.Generic (1)
20:15:51.0109 3704 nv (57e81d1fde97bb98f7373bce2f4ffb21) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:15:51.0359 3704 nv ( UnsignedFile.Multi.Generic ) - warning
20:15:51.0359 3704 nv - detected UnsignedFile.Multi.Generic (1)
20:15:51.0484 3704 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:15:51.0500 3704 NwlnkFlt ( UnsignedFile.Multi.Generic ) - warning
20:15:51.0500 3704 NwlnkFlt - detected UnsignedFile.Multi.Generic (1)
20:15:51.0546 3704 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:15:51.0546 3704 NwlnkFwd ( UnsignedFile.Multi.Generic ) - warning
20:15:51.0546 3704 NwlnkFwd - detected UnsignedFile.Multi.Generic (1)
20:15:51.0593 3704 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:15:51.0609 3704 ohci1394 ( UnsignedFile.Multi.Generic ) - warning
20:15:51.0609 3704 ohci1394 - detected UnsignedFile.Multi.Generic (1)
20:15:51.0656 3704 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:15:51.0671 3704 Parport ( UnsignedFile.Multi.Generic ) - warning
20:15:51.0671 3704 Parport - detected UnsignedFile.Multi.Generic (1)
20:15:51.0671 3704 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:15:51.0687 3704 PartMgr ( UnsignedFile.Multi.Generic ) - warning
20:15:51.0687 3704 PartMgr - detected UnsignedFile.Multi.Generic (1)
20:15:51.0734 3704 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:15:51.0734 3704 ParVdm ( UnsignedFile.Multi.Generic ) - warning
20:15:51.0734 3704 ParVdm - detected UnsignedFile.Multi.Generic (1)
20:15:51.0765 3704 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:15:51.0765 3704 PCI ( UnsignedFile.Multi.Generic ) - warning
20:15:51.0765 3704 PCI - detected UnsignedFile.Multi.Generic (1)
20:15:51.0781 3704 PCIDump - ok
20:15:51.0828 3704 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:15:51.0843 3704 PCIIde ( UnsignedFile.Multi.Generic ) - warning
20:15:51.0843 3704 PCIIde - detected UnsignedFile.Multi.Generic (1)
20:15:51.0875 3704 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:15:51.0875 3704 Pcmcia ( UnsignedFile.Multi.Generic ) - warning
20:15:51.0875 3704 Pcmcia - detected UnsignedFile.Multi.Generic (1)
20:15:51.0890 3704 PDCOMP - ok
20:15:51.0906 3704 PDFRAME - ok
20:15:51.0921 3704 PDRELI - ok
20:15:51.0937 3704 PDRFRAME - ok
20:15:51.0937 3704 perc2 - ok
20:15:51.0953 3704 perc2hib - ok
20:15:52.0031 3704 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys
20:15:52.0046 3704 pnarp - ok
20:15:52.0078 3704 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:15:52.0078 3704 PptpMiniport ( UnsignedFile.Multi.Generic ) - warning
20:15:52.0078 3704 PptpMiniport - detected UnsignedFile.Multi.Generic (1)
20:15:52.0109 3704 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:15:52.0109 3704 PSched ( UnsignedFile.Multi.Generic ) - warning
20:15:52.0109 3704 PSched - detected UnsignedFile.Multi.Generic (1)
20:15:52.0250 3704 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:15:52.0265 3704 Ptilink ( UnsignedFile.Multi.Generic ) - warning
20:15:52.0265 3704 Ptilink - detected UnsignedFile.Multi.Generic (1)
20:15:52.0312 3704 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys
20:15:52.0328 3704 purendis - ok
20:15:52.0406 3704 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:15:52.0421 3704 PxHelp20 - ok
20:15:52.0421 3704 ql1080 - ok
20:15:52.0437 3704 Ql10wnt - ok
20:15:52.0453 3704 ql12160 - ok
20:15:52.0468 3704 ql1240 - ok
20:15:52.0484 3704 ql1280 - ok
20:15:52.0531 3704 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:15:52.0546 3704 RasAcd ( UnsignedFile.Multi.Generic ) - warning
20:15:52.0546 3704 RasAcd - detected UnsignedFile.Multi.Generic (1)
20:15:52.0562 3704 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:15:52.0578 3704 Rasl2tp ( UnsignedFile.Multi.Generic ) - warning
20:15:52.0578 3704 Rasl2tp - detected UnsignedFile.Multi.Generic (1)
20:15:52.0656 3704 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:15:52.0656 3704 RasPppoe ( UnsignedFile.Multi.Generic ) - warning
20:15:52.0656 3704 RasPppoe - detected UnsignedFile.Multi.Generic (1)
20:15:52.0718 3704 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:15:52.0718 3704 Raspti ( UnsignedFile.Multi.Generic ) - warning
20:15:52.0718 3704 Raspti - detected UnsignedFile.Multi.Generic (1)
20:15:52.0828 3704 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:15:52.0843 3704 Rdbss ( UnsignedFile.Multi.Generic ) - warning
20:15:52.0843 3704 Rdbss - detected UnsignedFile.Multi.Generic (1)
20:15:52.0890 3704 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:15:52.0906 3704 RDPCDD ( UnsignedFile.Multi.Generic ) - warning
20:15:52.0906 3704 RDPCDD - detected UnsignedFile.Multi.Generic (1)
20:15:52.0937 3704 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:15:52.0937 3704 rdpdr ( UnsignedFile.Multi.Generic ) - warning
20:15:52.0937 3704 rdpdr - detected UnsignedFile.Multi.Generic (1)
20:15:53.0046 3704 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:15:53.0062 3704 RDPWD - ok
20:15:53.0093 3704 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:15:53.0093 3704 redbook ( UnsignedFile.Multi.Generic ) - warning
20:15:53.0093 3704 redbook - detected UnsignedFile.Multi.Generic (1)
20:15:53.0187 3704 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
20:15:53.0187 3704 s24trans ( UnsignedFile.Multi.Generic ) - warning
20:15:53.0187 3704 s24trans - detected UnsignedFile.Multi.Generic (1)
20:15:53.0281 3704 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:15:53.0296 3704 SASDIFSV - ok
20:15:53.0312 3704 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
20:15:53.0328 3704 SASENUM - ok
20:15:53.0375 3704 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
20:15:53.0375 3704 SASKUTIL - ok
20:15:53.0500 3704 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:15:53.0515 3704 Secdrv ( UnsignedFile.Multi.Generic ) - warning
20:15:53.0515 3704 Secdrv - detected UnsignedFile.Multi.Generic (1)
20:15:53.0562 3704 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
20:15:53.0578 3704 Serial ( UnsignedFile.Multi.Generic ) - warning
20:15:53.0578 3704 Serial - detected UnsignedFile.Multi.Generic (1)
20:15:53.0625 3704 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
20:15:53.0625 3704 Sfloppy ( UnsignedFile.Multi.Generic ) - warning
20:15:53.0625 3704 Sfloppy - detected UnsignedFile.Multi.Generic (1)
20:15:53.0671 3704 SI3132 (716a724a447c559f122ea140d636fa48) C:\WINDOWS\system32\DRIVERS\SI3132.sys
20:15:53.0687 3704 SI3132 ( UnsignedFile.Multi.Generic ) - warning
20:15:53.0687 3704 SI3132 - detected UnsignedFile.Multi.Generic (1)
20:15:53.0703 3704 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
20:15:53.0703 3704 SiFilter ( UnsignedFile.Multi.Generic ) - warning
20:15:53.0703 3704 SiFilter - detected UnsignedFile.Multi.Generic (1)
20:15:53.0718 3704 Simbad - ok
20:15:53.0734 3704 SiRemFil (62fd549acf2943f89612a8777295fa57) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
20:15:53.0734 3704 SiRemFil ( UnsignedFile.Multi.Generic ) - warning
20:15:53.0734 3704 SiRemFil - detected UnsignedFile.Multi.Generic (1)
20:15:53.0750 3704 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:15:53.0765 3704 SLIP ( UnsignedFile.Multi.Generic ) - warning
20:15:53.0765 3704 SLIP - detected UnsignedFile.Multi.Generic (1)
20:15:53.0843 3704 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
20:15:53.0843 3704 SNC ( UnsignedFile.Multi.Generic ) - warning
20:15:53.0843 3704 SNC - detected UnsignedFile.Multi.Generic (1)
20:15:53.0921 3704 SonyImgF (fb77021110eaa16ea6e0961c844ef0d2) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
20:15:53.0921 3704 SonyImgF ( UnsignedFile.Multi.Generic ) - warning
20:15:53.0921 3704 SonyImgF - detected UnsignedFile.Multi.Generic (1)
20:15:53.0937 3704 Sparrow - ok
20:15:53.0953 3704 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:15:53.0953 3704 splitter ( UnsignedFile.Multi.Generic ) - warning
20:15:53.0953 3704 splitter - detected UnsignedFile.Multi.Generic (1)
20:15:54.0031 3704 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
20:15:54.0031 3704 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
20:15:54.0031 3704 sptd ( LockedFile.Multi.Generic ) - warning
20:15:54.0031 3704 sptd - detected LockedFile.Multi.Generic (1)
20:15:54.0187 3704 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:15:54.0187 3704 sr ( UnsignedFile.Multi.Generic ) - warning
20:15:54.0187 3704 sr - detected UnsignedFile.Multi.Generic (1)
20:15:54.0281 3704 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:15:54.0296 3704 Srv - ok
20:15:54.0468 3704 STHDA (c80ec509026f6cc88486742083386ff6) C:\WINDOWS\system32\drivers\sthda.sys
20:15:54.0500 3704 STHDA ( UnsignedFile.Multi.Generic ) - warning
20:15:54.0500 3704 STHDA - detected UnsignedFile.Multi.Generic (1)
20:15:54.0625 3704 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:15:54.0625 3704 streamip ( UnsignedFile.Multi.Generic ) - warning
20:15:54.0625 3704 streamip - detected UnsignedFile.Multi.Generic (1)
20:15:54.0671 3704 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:15:54.0671 3704 swenum ( UnsignedFile.Multi.Generic ) - warning
20:15:54.0671 3704 swenum - detected UnsignedFile.Multi.Generic (1)
20:15:54.0734 3704 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:15:54.0734 3704 swmidi ( UnsignedFile.Multi.Generic ) - warning
20:15:54.0734 3704 swmidi - detected UnsignedFile.Multi.Generic (1)
20:15:54.0765 3704 symc810 - ok
20:15:54.0812 3704 symc8xx - ok
20:15:54.0937 3704 SYMIDSCO - ok
20:15:54.0968 3704 sym_hi - ok
20:15:55.0000 3704 sym_u3 - ok
20:15:55.0046 3704 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:15:55.0062 3704 sysaudio ( UnsignedFile.Multi.Generic ) - warning
20:15:55.0062 3704 sysaudio - detected UnsignedFile.Multi.Generic (1)
20:15:55.0171 3704 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:15:55.0203 3704 Tcpip - ok
20:15:55.0281 3704 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:15:55.0296 3704 TDPIPE ( UnsignedFile.Multi.Generic ) - warning
20:15:55.0296 3704 TDPIPE - detected UnsignedFile.Multi.Generic (1)
20:15:55.0328 3704 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:15:55.0328 3704 TDTCP ( UnsignedFile.Multi.Generic ) - warning
20:15:55.0328 3704 TDTCP - detected UnsignedFile.Multi.Generic (1)
20:15:55.0343 3704 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:15:55.0359 3704 TermDD ( UnsignedFile.Multi.Generic ) - warning
20:15:55.0359 3704 TermDD - detected UnsignedFile.Multi.Generic (1)
20:15:55.0421 3704 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys
20:15:55.0421 3704 ti21sony ( UnsignedFile.Multi.Generic ) - warning
20:15:55.0421 3704 ti21sony - detected UnsignedFile.Multi.Generic (1)
20:15:55.0453 3704 TosIde - ok
20:15:55.0500 3704 tosporte (6a404454c6133e749be33892eb6ffa35) C:\WINDOWS\system32\DRIVERS\tosporte.sys
20:15:55.0515 3704 tosporte ( UnsignedFile.Multi.Generic ) - warning
20:15:55.0515 3704 tosporte - detected UnsignedFile.Multi.Generic (1)
20:15:55.0546 3704 Tosrfbd (e4901804c4d8d613fa3560de2c2e0261) C:\WINDOWS\system32\Drivers\tosrfbd.sys
20:15:55.0546 3704 Tosrfbd ( UnsignedFile.Multi.Generic ) - warning
20:15:55.0546 3704 Tosrfbd - detected UnsignedFile.Multi.Generic (1)
20:15:55.0609 3704 Tosrfbnp (613e09572f4c5b92ca6be8bdc4cc5b7d) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
20:15:55.0609 3704 Tosrfbnp ( UnsignedFile.Multi.Generic ) - warning
20:15:55.0609 3704 Tosrfbnp - detected UnsignedFile.Multi.Generic (1)
20:15:55.0656 3704 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
20:15:55.0656 3704 Tosrfcom ( UnsignedFile.Multi.Generic ) - warning
20:15:55.0656 3704 Tosrfcom - detected UnsignedFile.Multi.Generic (1)
20:15:55.0734 3704 Tosrfhid (7726332391d8fca1a491a17f592fd6b3) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
20:15:55.0750 3704 Tosrfhid ( UnsignedFile.Multi.Generic ) - warning
20:15:55.0750 3704 Tosrfhid - detected UnsignedFile.Multi.Generic (1)
20:15:55.0859 3704 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
20:15:55.0859 3704 tosrfnds ( UnsignedFile.Multi.Generic ) - warning
20:15:55.0859 3704 tosrfnds - detected UnsignedFile.Multi.Generic (1)
20:15:55.0937 3704 Tosrfusb (7414a6461bc83a22b0ae009ace3e375b) C:\WINDOWS\system32\Drivers\tosrfusb.sys
20:15:55.0937 3704 Tosrfusb ( UnsignedFile.Multi.Generic ) - warning
20:15:55.0937 3704 Tosrfusb - detected UnsignedFile.Multi.Generic (1)
20:15:56.0015 3704 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:15:56.0031 3704 Udfs ( UnsignedFile.Multi.Generic ) - warning
20:15:56.0031 3704 Udfs - detected UnsignedFile.Multi.Generic (1)
20:15:56.0078 3704 ultra - ok
20:15:56.0140 3704 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:15:56.0156 3704 Update ( UnsignedFile.Multi.Generic ) - warning
20:15:56.0156 3704 Update - detected UnsignedFile.Multi.Generic (1)
20:15:56.0250 3704 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:15:56.0265 3704 USBAAPL - ok
20:15:56.0328 3704 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:15:56.0328 3704 usbccgp ( UnsignedFile.Multi.Generic ) - warning
20:15:56.0328 3704 usbccgp - detected UnsignedFile.Multi.Generic (1)
20:15:56.0359 3704 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:15:56.0359 3704 usbehci ( UnsignedFile.Multi.Generic ) - warning
20:15:56.0359 3704 usbehci - detected UnsignedFile.Multi.Generic (1)
20:15:56.0390 3704 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:15:56.0390 3704 usbhub ( UnsignedFile.Multi.Generic ) - warning
20:15:56.0390 3704 usbhub - detected UnsignedFile.Multi.Generic (1)
20:15:56.0421 3704 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:15:56.0421 3704 usbprint ( UnsignedFile.Multi.Generic ) - warning
20:15:56.0421 3704 usbprint - detected UnsignedFile.Multi.Generic (1)
20:15:56.0453 3704 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:15:56.0453 3704 usbscan ( UnsignedFile.Multi.Generic ) - warning
20:15:56.0453 3704 usbscan - detected UnsignedFile.Multi.Generic (1)
20:15:56.0500 3704 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:15:56.0515 3704 usbstor ( UnsignedFile.Multi.Generic ) - warning
20:15:56.0515 3704 usbstor - detected UnsignedFile.Multi.Generic (1)
20:15:56.0609 3704 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:15:56.0609 3704 usbuhci ( UnsignedFile.Multi.Generic ) - warning
20:15:56.0609 3704 usbuhci - detected UnsignedFile.Multi.Generic (1)
20:15:56.0718 3704 usbvm321 (c7f4158ea3915f4194aee233ff8d4728) C:\WINDOWS\system32\Drivers\usbvm321.sys
20:15:56.0718 3704 usbvm321 ( UnsignedFile.Multi.Generic ) - warning
20:15:56.0718 3704 usbvm321 - detected UnsignedFile.Multi.Generic (1)
20:15:56.0828 3704 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:15:56.0828 3704 VgaSave ( UnsignedFile.Multi.Generic ) - warning
20:15:56.0828 3704 VgaSave - detected UnsignedFile.Multi.Generic (1)
20:15:56.0875 3704 ViaIde - ok
20:15:56.0906 3704 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:15:56.0906 3704 VolSnap ( UnsignedFile.Multi.Generic ) - warning
20:15:56.0906 3704 VolSnap - detected UnsignedFile.Multi.Generic (1)
20:15:57.0062 3704 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
20:15:57.0171 3704 w39n51 ( UnsignedFile.Multi.Generic ) - warning
20:15:57.0171 3704 w39n51 - detected UnsignedFile.Multi.Generic (1)
20:15:57.0203 3704 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:15:57.0203 3704 Wanarp ( UnsignedFile.Multi.Generic ) - warning
20:15:57.0203 3704 Wanarp - detected UnsignedFile.Multi.Generic (1)
20:15:57.0265 3704 WDICA - ok
20:15:57.0328 3704 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:15:57.0328 3704 wdmaud ( UnsignedFile.Multi.Generic ) - warning
20:15:57.0328 3704 wdmaud - detected UnsignedFile.Multi.Generic (1)
20:15:57.0437 3704 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:15:57.0468 3704 winachsf ( UnsignedFile.Multi.Generic ) - warning
20:15:57.0468 3704 winachsf - detected UnsignedFile.Multi.Generic (1)
20:15:57.0671 3704 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:15:57.0671 3704 WSTCODEC ( UnsignedFile.Multi.Generic ) - warning
20:15:57.0671 3704 WSTCODEC - detected UnsignedFile.Multi.Generic (1)
20:15:57.0750 3704 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:15:57.0968 3704 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:15:57.0968 3704 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:15:57.0968 3704 MBR (0x1B8) (45ed320cd87a2cdd9109f0fb74bda871) \Device\Harddisk2\DR5
20:15:59.0609 3704 \Device\Harddisk2\DR5 - ok
20:15:59.0625 3704 Boot (0x1200) (3b5d759b72386666f9b36171d0cdf862) \Device\Harddisk0\DR0\Partition0
20:15:59.0625 3704 \Device\Harddisk0\DR0\Partition0 - ok
20:15:59.0625 3704 ============================================================
20:15:59.0625 3704 Scan finished
20:15:59.0625 3704 ============================================================
20:15:59.0734 0340 Detected object count: 149
20:15:59.0734 0340 Actual detected object count: 149
20:16:22.0250 0340 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
20:16:22.0250 0340 ACPI ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:22.0296 0340 C:\WINDOWS\system32\DRIVERS\ACPIEC.sys - copied to quarantine
20:16:22.0296 0340 ACPIEC ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:22.0421 0340 C:\WINDOWS\system32\drivers\aec.sys - copied to quarantine
20:16:22.0421 0340 aec ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:22.0562 0340 C:\WINDOWS\system32\DRIVERS\AegisP.sys - copied to quarantine
20:16:22.0562 0340 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:22.0687 0340 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys - copied to quarantine
20:16:22.0687 0340 ApfiltrService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:22.0875 0340 C:\WINDOWS\system32\DRIVERS\arp1394.sys - copied to quarantine
20:16:22.0875 0340 Arp1394 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:22.0921 0340 C:\WINDOWS\system32\DRIVERS\asyncmac.sys - copied to quarantine
20:16:22.0937 0340 AsyncMac ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:23.0031 0340 C:\WINDOWS\system32\DRIVERS\atapi.sys - copied to quarantine
20:16:23.0046 0340 atapi ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:23.0093 0340 C:\WINDOWS\system32\DRIVERS\atmarpc.sys - copied to quarantine
20:16:23.0093 0340 Atmarpc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:23.0218 0340 C:\WINDOWS\system32\DRIVERS\audstub.sys - copied to quarantine
20:16:23.0218 0340 audstub ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:23.0281 0340 C:\WINDOWS\system32\drivers\Beep.sys - copied to quarantine
20:16:23.0281 0340 Beep ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:23.0828 0340 C:\WINDOWS\system32\drivers\cbidf2k.sys - copied to quarantine
20:16:23.0828 0340 cbidf2k ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:24.0125 0340 C:\WINDOWS\system32\DRIVERS\CCDECODE.sys - copied to quarantine
20:16:24.0125 0340 CCDECODE ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:24.0218 0340 C:\WINDOWS\system32\drivers\Cdaudio.sys - copied to quarantine
20:16:24.0218 0340 Cdaudio ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:24.0421 0340 C:\WINDOWS\system32\drivers\Cdfs.sys - copied to quarantine
20:16:24.0421 0340 Cdfs ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:24.0546 0340 C:\WINDOWS\system32\DRIVERS\cdrom.sys - copied to quarantine
20:16:24.0546 0340 Cdrom ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:24.0656 0340 C:\WINDOWS\system32\DRIVERS\CmBatt.sys - copied to quarantine
20:16:24.0656 0340 CmBatt ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:24.0734 0340 C:\WINDOWS\system32\DRIVERS\compbatt.sys - copied to quarantine
20:16:24.0750 0340 Compbatt ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:24.0843 0340 C:\WINDOWS\system32\DRIVERS\disk.sys - copied to quarantine
20:16:24.0843 0340 Disk ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:24.0937 0340 C:\WINDOWS\system32\drivers\dmboot.sys - copied to quarantine
20:16:24.0937 0340 dmboot ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:25.0156 0340 C:\WINDOWS\system32\DRIVERS\DMICall.sys - copied to quarantine
20:16:25.0156 0340 DMICall ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:25.0218 0340 C:\WINDOWS\system32\drivers\dmio.sys - copied to quarantine
20:16:25.0218 0340 dmio ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:25.0625 0340 C:\WINDOWS\system32\drivers\dmload.sys - copied to quarantine
20:16:25.0625 0340 dmload ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:25.0718 0340 C:\WINDOWS\system32\drivers\DMusic.sys - copied to quarantine
20:16:25.0718 0340 DMusic ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:26.0421 0340 C:\WINDOWS\system32\drivers\drmkaud.sys - copied to quarantine
20:16:26.0421 0340 drmkaud ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:26.0500 0340 C:\WINDOWS\system32\DRIVERS\e100b325.sys - copied to quarantine
20:16:26.0515 0340 E100B ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:26.0640 0340 C:\WINDOWS\system32\DRIVERS\e1e5132.sys - copied to quarantine
20:16:26.0640 0340 e1express ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:26.0750 0340 C:\WINDOWS\system32\drivers\Fastfat.sys - copied to quarantine
20:16:26.0750 0340 Fastfat ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:26.0828 0340 C:\WINDOWS\system32\drivers\Fdc.sys - copied to quarantine
20:16:26.0828 0340 Fdc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:26.0937 0340 C:\WINDOWS\system32\drivers\Fips.sys - copied to quarantine
20:16:26.0937 0340 Fips ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:27.0109 0340 C:\WINDOWS\system32\drivers\Flpydisk.sys - copied to quarantine
20:16:27.0109 0340 Flpydisk ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:27.0187 0340 C:\WINDOWS\system32\drivers\fltmgr.sys - copied to quarantine
20:16:27.0187 0340 FltMgr ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:27.0312 0340 C:\WINDOWS\system32\drivers\FNETTBOH.SYS - copied to quarantine
20:16:27.0312 0340 FNETTBOH ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:27.0343 0340 C:\WINDOWS\system32\drivers\FNETURPX.SYS - copied to quarantine
20:16:27.0343 0340 FNETURPX ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:27.0500 0340 C:\WINDOWS\system32\drivers\Fs_Rec.sys - copied to quarantine
20:16:27.0515 0340 Fs_Rec ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:27.0593 0340 C:\WINDOWS\system32\DRIVERS\ftdisk.sys - copied to quarantine
20:16:27.0593 0340 Ftdisk ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:27.0718 0340 C:\WINDOWS\system32\DRIVERS\msgpc.sys - copied to quarantine
20:16:27.0718 0340 Gpc ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:27.0828 0340 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys - copied to quarantine
20:16:27.0828 0340 HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:28.0031 0340 C:\WINDOWS\system32\DRIVERS\hidusb.sys - copied to quarantine
20:16:28.0031 0340 hidusb ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:28.0156 0340 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys - copied to quarantine
20:16:28.0156 0340 HSFHWAZL ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:29.0218 0340 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys - copied to quarantine
20:16:29.0218 0340 HSF_DPV ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:29.0781 0340 C:\WINDOWS\system32\Drivers\HTTP.sys - copied to quarantine
20:16:29.0781 0340 HTTP ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:30.0718 0340 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - copied to quarantine
20:16:30.0718 0340 i8042prt ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:31.0062 0340 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys - copied to quarantine
20:16:31.0062 0340 ialm ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:31.0218 0340 C:\WINDOWS\system32\DRIVERS\imapi.sys - copied to quarantine
20:16:31.0218 0340 Imapi ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:31.0296 0340 C:\WINDOWS\system32\DRIVERS\intelppm.sys - copied to quarantine
20:16:31.0296 0340 intelppm ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:31.0468 0340 C:\WINDOWS\system32\drivers\ip6fw.sys - copied to quarantine
20:16:31.0484 0340 Ip6Fw ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:31.0562 0340 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys - copied to quarantine
20:16:31.0562 0340 IpFilterDriver ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:31.0890 0340 C:\WINDOWS\system32\DRIVERS\ipinip.sys - copied to quarantine
20:16:31.0906 0340 IpInIp ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:32.0015 0340 C:\WINDOWS\system32\DRIVERS\ipnat.sys - copied to quarantine
20:16:32.0015 0340 IpNat ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:32.0765 0340 C:\WINDOWS\system32\DRIVERS\ipsec.sys - copied to quarantine
20:16:32.0765 0340 IPSec ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:32.0875 0340 C:\WINDOWS\system32\DRIVERS\irenum.sys - copied to quarantine
20:16:32.0875 0340 IRENUM ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:33.0218 0340 C:\WINDOWS\system32\DRIVERS\isapnp.sys - copied to quarantine
20:16:33.0218 0340 isapnp ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:33.0250 0340 C:\WINDOWS\system32\DRIVERS\kbdclass.sys - copied to quarantine
20:16:33.0250 0340 Kbdclass ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:33.0359 0340 C:\WINDOWS\system32\drivers\kmixer.sys - copied to quarantine
20:16:33.0359 0340 kmixer ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:33.0406 0340 C:\WINDOWS\system32\drivers\KSecDD.sys - copied to quarantine
20:16:33.0406 0340 KSecDD ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:33.0734 0340 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys - copied to quarantine
20:16:33.0734 0340 mdmxsdk ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:33.0843 0340 C:\WINDOWS\system32\DRIVERS\mhndrv.sys - copied to quarantine
20:16:33.0843 0340 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:34.0265 0340 C:\WINDOWS\system32\drivers\mnmdd.sys - copied to quarantine
20:16:34.0265 0340 mnmdd ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:34.0578 0340 C:\WINDOWS\system32\drivers\Modem.sys - copied to quarantine
20:16:34.0578 0340 Modem ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:35.0156 0340 C:\WINDOWS\system32\DRIVERS\mouclass.sys - copied to quarantine
20:16:35.0156 0340 Mouclass ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:35.0250 0340 C:\WINDOWS\system32\DRIVERS\mouhid.sys - copied to quarantine
20:16:35.0250 0340 mouhid ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:35.0515 0340 C:\WINDOWS\system32\drivers\MountMgr.sys - copied to quarantine
20:16:35.0515 0340 MountMgr ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:35.0578 0340 C:\WINDOWS\system32\DRIVERS\mrxdav.sys - copied to quarantine
20:16:35.0578 0340 MRxDAV ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:35.0703 0340 C:\WINDOWS\system32\drivers\Msfs.sys - copied to quarantine
20:16:35.0703 0340 Msfs ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:35.0750 0340 C:\WINDOWS\system32\drivers\MSKSSRV.sys - copied to quarantine
20:16:35.0750 0340 MSKSSRV ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:35.0828 0340 C:\WINDOWS\system32\drivers\MSPCLOCK.sys - copied to quarantine
20:16:35.0828 0340 MSPCLOCK ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:35.0875 0340 C:\WINDOWS\system32\drivers\MSPQM.sys - copied to quarantine
20:16:35.0875 0340 MSPQM ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:35.0968 0340 C:\WINDOWS\system32\DRIVERS\mssmbios.sys - copied to quarantine
20:16:35.0968 0340 mssmbios ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:36.0031 0340 C:\WINDOWS\system32\drivers\MSTEE.sys - copied to quarantine
20:16:36.0031 0340 MSTEE ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:36.0109 0340 C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys - copied to quarantine
20:16:36.0109 0340 NABTSFEC ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:36.0296 0340 C:\WINDOWS\system32\drivers\NDIS.sys - copied to quarantine
20:16:36.0296 0340 NDIS ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:36.0390 0340 C:\WINDOWS\system32\DRIVERS\NdisIP.sys - copied to quarantine
20:16:36.0390 0340 NdisIP ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:36.0640 0340 C:\WINDOWS\system32\DRIVERS\ndisuio.sys - copied to quarantine
20:16:36.0640 0340 Ndisuio ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:36.0687 0340 C:\WINDOWS\system32\DRIVERS\ndiswan.sys - copied to quarantine
20:16:36.0687 0340 NdisWan ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:36.0796 0340 C:\WINDOWS\system32\DRIVERS\netbios.sys - copied to quarantine
20:16:36.0796 0340 NetBIOS ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:36.0953 0340 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
20:16:36.0953 0340 NetBT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:37.0421 0340 C:\WINDOWS\system32\DRIVERS\nic1394.sys - copied to quarantine
20:16:37.0421 0340 NIC1394 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:37.0656 0340 C:\WINDOWS\system32\drivers\Npfs.sys - copied to quarantine
20:16:37.0656 0340 Npfs ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:37.0843 0340 C:\WINDOWS\system32\drivers\Ntfs.sys - copied to quarantine
20:16:37.0843 0340 Ntfs ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:37.0921 0340 C:\WINDOWS\system32\drivers\Null.sys - copied to quarantine
20:16:37.0921 0340 Null ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:38.0640 0340 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys - copied to quarantine
20:16:38.0640 0340 nv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:38.0843 0340 C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys - copied to quarantine
20:16:38.0843 0340 NwlnkFlt ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:38.0921 0340 C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys - copied to quarantine
20:16:38.0921 0340 NwlnkFwd ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:39.0328 0340 C:\WINDOWS\system32\DRIVERS\ohci1394.sys - copied to quarantine
20:16:39.0343 0340 ohci1394 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:39.0500 0340 C:\WINDOWS\system32\drivers\Parport.sys - copied to quarantine
20:16:39.0500 0340 Parport ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:39.0843 0340 C:\WINDOWS\system32\drivers\PartMgr.sys - copied to quarantine
20:16:39.0843 0340 PartMgr ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:39.0921 0340 C:\WINDOWS\system32\drivers\ParVdm.sys - copied to quarantine
20:16:39.0921 0340 ParVdm ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:40.0265 0340 C:\WINDOWS\system32\DRIVERS\pci.sys - copied to quarantine
20:16:40.0265 0340 PCI ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:40.0359 0340 C:\WINDOWS\system32\DRIVERS\pciide.sys - copied to quarantine
20:16:40.0359 0340 PCIIde ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:40.0500 0340 C:\WINDOWS\system32\DRIVERS\pcmcia.sys - copied to quarantine
20:16:40.0500 0340 Pcmcia ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:40.0609 0340 C:\WINDOWS\system32\DRIVERS\raspptp.sys - copied to quarantine
20:16:40.0609 0340 PptpMiniport ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:40.0859 0340 C:\WINDOWS\system32\DRIVERS\psched.sys - copied to quarantine
20:16:40.0859 0340 PSched ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:41.0203 0340 C:\WINDOWS\system32\DRIVERS\ptilink.sys - copied to quarantine
20:16:41.0203 0340 Ptilink ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:42.0109 0340 C:\WINDOWS\system32\DRIVERS\rasacd.sys - copied to quarantine
20:16:42.0109 0340 RasAcd ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:42.0421 0340 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys - copied to quarantine
20:16:42.0421 0340 Rasl2tp ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:42.0750 0340 C:\WINDOWS\system32\DRIVERS\raspppoe.sys - copied to quarantine
20:16:42.0750 0340 RasPppoe ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:42.0968 0340 C:\WINDOWS\system32\DRIVERS\raspti.sys - copied to quarantine
20:16:42.0968 0340 Raspti ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:43.0109 0340 C:\WINDOWS\system32\DRIVERS\rdbss.sys - copied to quarantine
20:16:43.0109 0340 Rdbss ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:43.0171 0340 C:\WINDOWS\system32\DRIVERS\RDPCDD.sys - copied to quarantine
20:16:43.0171 0340 RDPCDD ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:43.0250 0340 C:\WINDOWS\system32\DRIVERS\rdpdr.sys - copied to quarantine
20:16:43.0250 0340 rdpdr ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:44.0000 0340 C:\WINDOWS\system32\DRIVERS\redbook.sys - copied to quarantine
20:16:44.0000 0340 redbook ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:44.0062 0340 C:\WINDOWS\system32\DRIVERS\s24trans.sys - copied to quarantine
20:16:44.0062 0340 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:44.0187 0340 C:\WINDOWS\system32\DRIVERS\secdrv.sys - copied to quarantine
20:16:44.0187 0340 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:45.0062 0340 C:\WINDOWS\system32\drivers\Serial.sys - copied to quarantine
20:16:45.0078 0340 Serial ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:46.0125 0340 C:\WINDOWS\system32\DRIVERS\sfloppy.sys - copied to quarantine
20:16:46.0125 0340 Sfloppy ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:46.0796 0340 C:\WINDOWS\system32\DRIVERS\SI3132.sys - copied to quarantine
20:16:46.0796 0340 SI3132 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:47.0265 0340 C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys - copied to quarantine
20:16:47.0265 0340 SiFilter ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:47.0453 0340 C:\WINDOWS\system32\DRIVERS\SiRemFil.sys - copied to quarantine
20:16:47.0453 0340 SiRemFil ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:47.0843 0340 C:\WINDOWS\system32\DRIVERS\SLIP.sys - copied to quarantine
20:16:47.0843 0340 SLIP ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:48.0000 0340 C:\WINDOWS\system32\Drivers\SonyNC.sys - copied to quarantine
20:16:48.0000 0340 SNC ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:48.0296 0340 C:\WINDOWS\system32\DRIVERS\SonyImgF.sys - copied to quarantine
20:16:48.0296 0340 SonyImgF ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:48.0562 0340 C:\WINDOWS\system32\drivers\splitter.sys - copied to quarantine
20:16:48.0562 0340 splitter ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:48.0890 0340 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
20:16:48.0890 0340 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
20:16:49.0062 0340 C:\WINDOWS\system32\DRIVERS\sr.sys - copied to quarantine
20:16:49.0062 0340 sr ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:51.0171 0340 C:\WINDOWS\system32\drivers\sthda.sys - copied to quarantine
20:16:51.0171 0340 STHDA ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:51.0953 0340 C:\WINDOWS\system32\DRIVERS\StreamIP.sys - copied to quarantine
20:16:51.0953 0340 streamip ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:52.0078 0340 C:\WINDOWS\system32\DRIVERS\swenum.sys - copied to quarantine
20:16:52.0078 0340 swenum ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:52.0203 0340 C:\WINDOWS\system32\drivers\swmidi.sys - copied to quarantine
20:16:52.0203 0340 swmidi ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:52.0296 0340 C:\WINDOWS\system32\drivers\sysaudio.sys - copied to quarantine
20:16:52.0296 0340 sysaudio ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:52.0531 0340 C:\WINDOWS\system32\drivers\TDPIPE.sys - copied to quarantine
20:16:52.0531 0340 TDPIPE ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:52.0578 0340 C:\WINDOWS\system32\drivers\TDTCP.sys - copied to quarantine
20:16:52.0578 0340 TDTCP ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:52.0671 0340 C:\WINDOWS\system32\DRIVERS\termdd.sys - copied to quarantine
20:16:52.0671 0340 TermDD ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:52.0828 0340 C:\WINDOWS\system32\drivers\ti21sony.sys - copied to quarantine
20:16:52.0828 0340 ti21sony ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:53.0078 0340 C:\WINDOWS\system32\DRIVERS\tosporte.sys - copied to quarantine
20:16:53.0078 0340 tosporte ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:53.0156 0340 C:\WINDOWS\system32\Drivers\tosrfbd.sys - copied to quarantine
20:16:53.0156 0340 Tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:53.0296 0340 C:\WINDOWS\system32\Drivers\tosrfbnp.sys - copied to quarantine
20:16:53.0296 0340 Tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:53.0359 0340 C:\WINDOWS\system32\Drivers\tosrfcom.sys - copied to quarantine
20:16:53.0359 0340 Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:53.0515 0340 C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys - copied to quarantine
20:16:53.0515 0340 Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:53.0656 0340 C:\WINDOWS\system32\DRIVERS\tosrfnds.sys - copied to quarantine
20:16:53.0656 0340 tosrfnds ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:53.0796 0340 C:\WINDOWS\system32\Drivers\tosrfusb.sys - copied to quarantine
20:16:53.0796 0340 Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:53.0875 0340 C:\WINDOWS\system32\drivers\Udfs.sys - copied to quarantine
20:16:53.0875 0340 Udfs ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:53.0984 0340 C:\WINDOWS\system32\DRIVERS\update.sys - copied to quarantine
20:16:53.0984 0340 Update ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:54.0109 0340 C:\WINDOWS\system32\DRIVERS\usbccgp.sys - copied to quarantine
20:16:54.0109 0340 usbccgp ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:54.0187 0340 C:\WINDOWS\system32\DRIVERS\usbehci.sys - copied to quarantine
20:16:54.0187 0340 usbehci ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:54.0421 0340 C:\WINDOWS\system32\DRIVERS\usbhub.sys - copied to quarantine
20:16:54.0421 0340 usbhub ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:54.0546 0340 C:\WINDOWS\system32\DRIVERS\usbprint.sys - copied to quarantine
20:16:54.0546 0340 usbprint ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:54.0718 0340 C:\WINDOWS\system32\DRIVERS\usbscan.sys - copied to quarantine
20:16:54.0718 0340 usbscan ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:54.0781 0340 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - copied to quarantine
20:16:54.0781 0340 usbstor ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:54.0921 0340 C:\WINDOWS\system32\DRIVERS\usbuhci.sys - copied to quarantine
20:16:54.0921 0340 usbuhci ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:55.0046 0340 C:\WINDOWS\system32\Drivers\usbvm321.sys - copied to quarantine
20:16:55.0046 0340 usbvm321 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:55.0171 0340 C:\WINDOWS\System32\drivers\vga.sys - copied to quarantine
20:16:55.0171 0340 VgaSave ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:55.0281 0340 C:\WINDOWS\system32\drivers\VolSnap.sys - copied to quarantine
20:16:55.0281 0340 VolSnap ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:55.0781 0340 C:\WINDOWS\system32\DRIVERS\w39n51.sys - copied to quarantine
20:16:55.0781 0340 w39n51 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:55.0890 0340 C:\WINDOWS\system32\DRIVERS\wanarp.sys - copied to quarantine
20:16:55.0890 0340 Wanarp ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:56.0015 0340 C:\WINDOWS\system32\drivers\wdmaud.sys - copied to quarantine
20:16:56.0015 0340 wdmaud ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:56.0171 0340 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys - copied to quarantine
20:16:56.0171 0340 winachsf ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:56.0578 0340 C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS - copied to quarantine
20:16:56.0578 0340 WSTCODEC ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
20:16:56.0718 0340 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
20:16:56.0734 0340 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
20:16:56.0781 0340 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
20:16:56.0984 0340 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
20:16:57.0000 0340 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
20:16:57.0000 0340 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:16:57.0000 0340 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:16:57.0015 0340 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
20:16:57.0015 0340 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Quarantine
20:17:15.0359 3364 Deinitialize success






aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-19 20:17:40
-----------------------------
20:17:40.140 OS Version: Windows 5.1.2600 Service Pack 3
20:17:40.140 Number of processors: 2 586 0xE08
20:17:40.140 ComputerName: VALUED-C0DCCC42 UserName: panitabuta
20:17:41.593 Initialize success
20:17:43.062 AVAST engine defs: 11121901
20:18:13.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
20:18:13.093 Disk 0 Vendor: FUJITSU_MHV2100BH_PL 00000029 Size: 95396MB BusType: 3
20:18:13.109 Disk 1 \Device\Harddisk1\DR3 -> \Device\00000098
20:18:13.109 Disk 1 Vendor: ( Size: 95396MB BusType: 0
20:18:15.296 Disk 0 MBR read successfully
20:18:15.296 Disk 0 MBR scan
20:18:17.046 Disk 0 Windows XP default MBR code
20:18:17.250 Disk 0 scanning sectors +195366465
20:18:20.015 Disk 0 scanning C:\WINDOWS\system32\drivers
20:18:59.687 Service scanning
20:19:01.078 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
20:19:01.687 Modules scanning
20:19:03.296 Module: C:\WINDOWS\System32\Drivers\atapi.sys **SUSPICIOUS**
20:19:17.046 AVAST engine scan C:\WINDOWS
20:19:36.375 AVAST engine scan C:\WINDOWS\system32
20:22:22.000 AVAST engine scan C:\WINDOWS\system32\drivers
20:22:43.156 AVAST engine scan C:\Documents and Settings\panitabuta
20:24:57.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\panitabuta\Desktop\MBR.dat"
20:24:57.656 The log file has been saved successfully to "C:\Documents and Settings\panitabuta\Desktop\aswMBR.txt"





Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8400

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/19/2011 8:38:41 PM
mbam-log-2011-12-19 (20-38-41).txt

Scan type: Quick scan
Objects scanned: 184554
Time elapsed: 7 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\panitabuta\Local Settings\Application Data\hgq.exe" -a "C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8400

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/19/2011 8:38:18 PM
mbam-log-2011-12-19 (20-38-12).txt

Scan type: Quick scan
Objects scanned: 184554
Time elapsed: 7 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\panitabuta\Local Settings\Application Data\hgq.exe" -a "C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8400

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/19/2011 8:38:41 PM
mbam-log-2011-12-19 (20-38-41).txt

Scan type: Quick scan
Objects scanned: 184554
Time elapsed: 7 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\panitabuta\Local Settings\Application Data\hgq.exe" -a "C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8400

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/19/2011 8:38:41 PM
mbam-log-2011-12-19 (20-38-41).txt

Scan type: Quick scan
Objects scanned: 184554
Time elapsed: 7 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\panitabuta\Local Settings\Application Data\hgq.exe" -a "C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#20
RKinner
Posted 19 December 2011 - 10:01 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
I hope it was able to reboot after you quarantined everything in TDSSKiller.



Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\drivers\sptd.sys

FCopy::
c:\windows\ServicePackFiles\i386\atapi.sys | c:\windows\system32\drivers\atapi.sys

Driver::
sptd
MSSQL$VAIO_VEDB
SQLAgent$VAIO_VEDB
Avgfwdx
Avgfwfd

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.


Can you run TDSSKiller again and post the log? Also aswMBR.

Ron
  • 0

#21
pbj888
Posted 21 December 2011 - 08:03 PM

pbj888

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
When I scanned the TDSSKiller I think it did restart.

Here are the logs. I also followed the combofix instructions.

ComboFix 11-12-21.02 - panitabuta 12/21/2011 19:15:49.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.356 [GMT -5:00]
Running from: c:\documents and settings\panitabuta\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\panitabuta\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
FILE ::
"c:\windows\system32\drivers\sptd.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\oobe\isperror
c:\windows\system32\oobe\isperror\ispcnerr.htm
c:\windows\system32\oobe\isperror\ispdtone.htm
c:\windows\system32\oobe\isperror\isphdshk.htm
c:\windows\system32\oobe\isperror\ispins.htm
c:\windows\system32\oobe\isperror\ispnoanw.htm
c:\windows\system32\oobe\isperror\isppberr.htm
c:\windows\system32\oobe\isperror\ispphbsy.htm
c:\windows\system32\oobe\isperror\ispsbusy.htm
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\atapi.sys --> c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MSSQL$VAIO_VEDB
-------\Legacy_SPTD
-------\Service_Avgfwdx
-------\Service_Avgfwfd
-------\Service_MSSQL$VAIO_VEDB
-------\Service_sptd
-------\Service_SQLAgent$VAIO_VEDB
.
.
((((((((((((((((((((((((( Files Created from 2011-11-22 to 2011-12-22 )))))))))))))))))))))))))))))))
.
.
2011-12-20 03:06 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-20 01:25 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-20 01:15 . 2011-12-20 01:15 -------- d-----w- C:\TDSSKiller_Quarantine
2011-12-10 04:58 . 2011-12-10 04:58 -------- d-----w- c:\program files\Common Files\xing shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2010-12-21 03:50 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-12-21 03:50 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2010-12-21 03:51 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-12-21 03:51 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-12-21 03:51 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-12-21 03:51 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2010-12-21 03:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2010-12-21 03:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2010-12-21 03:51 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-23 13:25 . 2006-03-15 23:56 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2006-03-15 23:56 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2006-03-15 23:55 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2006-03-15 23:55 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-03-15 23:55 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2006-03-15 23:55 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2006-03-15 23:55 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2006-03-15 23:55 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-14 22:38 . 2006-03-15 23:55 456192 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2006-03-16 01:13 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-03-15 23:55 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2011-09-26 15:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2006-03-15 23:55 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2006-03-15 23:55 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-10 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-10 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\I386\NTFS.SYS
.
[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-10 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-10 12:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-10 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-10 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-10 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-13 . EA16F83B5E4964C100F6098CE9874927 . 502784 . . [5.1.2600.2505] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB307154$\winlogon.exe
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2004-08-10 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
[-] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-10 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-10 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2004-08-10 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-10 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-10 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-10 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2004-08-10 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-10 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-10 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2004-08-10 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
[-] 2004-08-10 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\I386\REGEDIT.EXE
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2004-08-10 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2005-03-10 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2004-08-10 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB895961$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-10 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2004-08-04 06:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2005-08-04 02:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2005-08-04 02:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\system32\MsPMSNSv.dll
[-] 2004-08-10 12:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-10 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2004-08-10 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-10 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-10 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-10 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-10 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-10 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-10 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-10 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2004-08-10 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-10 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2004-08-10 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-12-20_00.54.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-22 00:32 . 2011-12-22 00:32 16384 c:\windows\temp\Perflib_Perfdata_b40.dat
+ 2008-07-14 11:09 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
- 2008-07-14 11:09 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
+ 2006-03-15 23:55 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll
- 2006-03-15 23:55 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll
+ 2007-08-13 23:54 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 23:54 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll
+ 2006-03-15 23:55 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll
- 2006-03-15 23:55 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll
+ 2009-06-14 15:33 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-14 15:33 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2008-08-20 05:33 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-20 05:33 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-11-12 01:38 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-11-12 01:38 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-08-13 23:44 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-13 23:44 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2010-03-30 21:09 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2010-03-30 21:09 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2010-12-13 05:30 . 2011-10-16 00:10 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-12-13 05:30 . 2011-12-20 01:27 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-12-13 05:30 . 2011-10-16 00:10 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-12-13 05:30 . 2011-12-20 01:27 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-12-13 05:30 . 2011-10-16 00:10 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-12-13 05:30 . 2011-12-20 01:27 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-12-20 01:25 . 2011-08-22 23:48 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
+ 2011-12-20 01:25 . 2011-08-22 23:48 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
+ 2011-12-20 01:25 . 2011-08-22 23:48 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
+ 2011-12-20 01:25 . 2011-08-22 23:48 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
+ 2011-12-20 01:25 . 2011-08-22 23:48 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
- 2006-03-15 23:56 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll
+ 2006-03-15 23:56 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll
+ 2006-03-15 23:55 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll
- 2006-03-15 23:55 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll
+ 2006-03-15 23:55 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll
- 2006-03-15 23:55 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll
- 2007-08-13 23:54 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll
+ 2007-08-13 23:54 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll
+ 2006-03-15 23:55 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll
- 2006-03-15 23:55 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll
- 2006-03-15 23:55 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll
+ 2006-03-15 23:55 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll
+ 2006-03-15 23:55 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe
- 2006-03-15 23:55 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe
- 2006-03-15 17:03 . 2011-10-16 23:23 283720 c:\windows\system32\FNTCACHE.DAT
+ 2006-03-15 17:03 . 2011-12-20 01:40 283720 c:\windows\system32\FNTCACHE.DAT
+ 2010-03-30 21:09 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll
+ 2011-08-11 01:58 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll
- 2011-08-11 01:58 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll
- 2007-08-13 23:44 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 23:44 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll
- 2008-08-20 05:33 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-08-20 05:33 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-11-12 01:38 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2008-11-12 01:38 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-06-14 15:33 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-14 15:33 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2008-08-20 05:33 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll
- 2008-08-20 05:33 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2010-06-10 22:36 . 2011-11-04 19:20 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2010-06-10 22:36 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2007-08-13 23:39 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-08-13 23:39 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 23:39 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-13 23:39 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe
- 2011-02-04 22:48 . 2011-02-04 22:48 456192 c:\windows\system32\dllcache\encdec.dll
+ 2011-02-04 22:48 . 2011-10-14 22:38 456192 c:\windows\system32\dllcache\encdec.dll
+ 2010-12-13 05:30 . 2011-12-20 01:27 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-12-13 05:30 . 2011-10-16 00:10 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-12-13 05:30 . 2011-10-16 00:10 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-12-13 05:30 . 2011-12-20 01:27 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-12-13 05:30 . 2011-12-20 01:27 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2010-12-13 05:30 . 2011-10-16 00:10 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-12-13 05:30 . 2011-12-20 01:27 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2010-12-13 05:30 . 2011-10-16 00:10 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2010-12-13 05:30 . 2011-10-16 00:10 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2010-12-13 05:30 . 2011-12-20 01:27 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2010-12-13 05:30 . 2011-10-16 00:10 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-12-13 05:30 . 2011-12-20 01:27 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2010-12-13 05:30 . 2011-10-16 00:10 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-12-13 05:30 . 2011-12-20 01:27 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-11-04 05:04 . 2008-11-04 05:04 498072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MORPH9.DLL
+ 2011-12-20 01:25 . 2011-08-22 23:48 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
+ 2011-12-20 01:25 . 2011-08-22 23:48 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
+ 2011-12-20 01:25 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
+ 2011-12-20 01:25 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
+ 2011-12-20 01:25 . 2011-08-22 23:48 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
+ 2011-12-20 01:25 . 2011-08-22 23:48 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
+ 2011-12-20 01:25 . 2011-08-22 23:48 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
+ 2011-12-20 01:25 . 2011-08-22 23:48 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
+ 2011-12-20 01:25 . 2011-08-22 23:48 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
+ 2011-12-20 01:25 . 2011-08-22 23:48 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
+ 2011-12-20 01:25 . 2011-08-22 23:48 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
+ 2011-12-20 01:25 . 2011-08-22 11:56 174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
+ 2011-12-20 01:27 . 2011-12-20 01:27 350080 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2006-03-15 23:56 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll
- 2006-03-15 23:56 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll
+ 2006-03-15 23:55 . 2011-11-04 19:20 5978112 c:\windows\system32\mshtml.dll
- 2007-08-13 23:34 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll
+ 2007-08-13 23:34 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll
+ 2008-11-11 03:38 . 2011-11-23 13:25 1859584 c:\windows\system32\dllcache\win32k.sys
+ 2010-03-30 21:09 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll
- 2010-03-30 21:09 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2010-07-16 12:05 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
- 2008-11-11 03:37 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-11-11 03:37 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-11-11 03:37 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-11-11 03:37 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-11-11 03:37 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-11-11 03:37 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2006-03-15 23:55 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2006-03-15 23:55 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-20 05:33 . 2011-11-04 19:20 5978112 c:\windows\system32\dllcache\mshtml.dll
+ 2008-11-12 01:38 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll
- 2008-11-12 01:38 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll
+ 2011-11-01 18:34 . 2011-11-01 18:34 4250112 c:\windows\Installer\13335a.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34 2247168 c:\windows\Installer\133342.msp
+ 2011-11-11 21:14 . 2011-11-11 21:14 9096192 c:\windows\Installer\13332c.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34 4225536 c:\windows\Installer\133316.msp
+ 2011-11-01 18:34 . 2011-11-01 18:34 2531840 c:\windows\Installer\1332fb.msp
+ 2011-11-11 21:15 . 2011-11-11 21:15 1795584 c:\windows\Installer\1332e5.msp
+ 2011-11-11 21:16 . 2011-11-11 21:16 8458240 c:\windows\Installer\1332cf.msp
+ 2010-12-13 05:30 . 2011-12-20 01:27 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-12-13 05:30 . 2011-10-16 00:10 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-12-13 05:30 . 2011-10-16 00:10 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-12-13 05:30 . 2011-12-20 01:27 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-04-03 02:44 . 2009-04-03 02:44 2532224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\GRAPH.EXE
+ 2011-12-20 01:25 . 2011-08-22 23:48 1212416 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
+ 2011-12-20 01:25 . 2011-10-03 08:35 5971456 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
+ 2011-12-20 01:25 . 2011-08-22 23:48 2000384 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
+ 2008-11-11 03:37 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-11-11 03:37 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-11-11 03:37 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-11-11 03:37 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-11-11 03:37 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-11-11 03:37 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-11-11 03:37 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-11-11 03:37 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2011-10-16 08:58 . 2011-12-20 01:18 52988224 c:\windows\system32\MRT.exe
+ 2007-08-13 23:54 . 2011-11-04 19:20 11081728 c:\windows\system32\ieframe.dll
- 2007-08-13 23:54 . 2011-08-23 21:48 11081728 c:\windows\system32\ieframe.dll
- 2008-11-12 01:38 . 2011-08-23 21:48 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2008-11-12 01:38 . 2011-11-04 19:20 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-12-20 01:25 . 2011-08-23 21:48 11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-29 2407632]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-31 2424192]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-12-14 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-07 7557120]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-11-24 167936]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-01 69632]
"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-10 296056]
.
c:\documents and settings\panitabuta\Start Menu\Programs\Startup\
ViiKiiDesktopPlugin.lnk - c:\program files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe [2011-4-4 142848]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-05-21 01:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-11-18 03:47 118784 ----a-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2008-10-09 12:53 200136 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
2006-03-16 02:12 1077248 ----a-w- c:\program files\DISC\DISCover.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 21:56 64512 -c--a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2005-11-04 21:25 159832 ----a-w- c:\program files\Common Files\AOL\1226364954\ee\AOLHostManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 22:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2008-11-06 02:59 4347120 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
2009-12-07 09:22 266888 ----a-w- c:\documents and settings\panitabuta\Application Data\Smilebox\SmileboxTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TurboHddUsb]
2009-01-04 22:28 3327488 ----a-w- c:\program files\TurboHddUsb\TurboHddUsb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 04:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2005-10-12 05:36 151552 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21655:TCP"= 21655:TCP:BitComet 21655 TCP
"21655:UDP"= 21655:UDP:BitComet 21655 UDP
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/19/2011 10:06 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/20/2010 10:51 PM 314456]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [1/4/2009 5:28 PM 7040]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 7:56 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/20/2010 10:51 PM 20568]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [3/15/2006 6:57 PM 29184]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [3/15/2006 6:57 PM 226304]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [1/4/2009 5:28 PM 17792]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 12872]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWSNX
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2011-12-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-101638942-2500195564-795564065-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
2011-12-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-101638942-2500195564-795564065-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 21:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/b/
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: trymedia.com
TCP: DhcpNameServer = 192.168.1.1 207.69.188.185 207.69.188.186
FF - ProfilePath - c:\documents and settings\panitabuta\Application Data\Mozilla\Firefox\Profiles\dqqk3sx5.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-21 19:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(912)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(3492)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2011-12-21 19:47:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-22 00:47
ComboFix2.txt 2011-12-20 01:12
ComboFix3.txt 2010-12-21 02:13
.
Pre-Run: 2,535,141,376 bytes free
Post-Run: 2,556,575,744 bytes free
.
- - End Of File - - F949CE6A1C9D4704FDDA928913E57A55


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-21 20:42:06
-----------------------------
20:42:06.509 OS Version: Windows 5.1.2600 Service Pack 3
20:42:06.509 Number of processors: 2 586 0xE08
20:42:06.509 ComputerName: VALUED-C0DCCC42 UserName: panitabuta
20:42:07.165 Initialize success
20:42:10.056 AVAST engine defs: 11122102
20:42:12.462 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
20:42:12.462 Disk 0 Vendor: FUJITSU_MHV2100BH_PL 00000029 Size: 95396MB BusType: 3
20:42:12.478 Disk 1 \Device\Harddisk1\DR3 -> \Device\00000097
20:42:12.478 Disk 1 Vendor: ( Size: 95396MB BusType: 0
20:42:14.509 Disk 0 MBR read successfully
20:42:14.525 Disk 0 MBR scan
20:42:14.525 Disk 0 Windows XP default MBR code
20:42:14.540 Disk 0 scanning sectors +195366465
20:42:14.634 Disk 0 scanning C:\WINDOWS\system32\drivers
20:42:41.228 Service scanning
20:42:42.697 Modules scanning
20:43:08.087 AVAST engine scan C:\WINDOWS
20:43:43.681 AVAST engine scan C:\WINDOWS\system32
20:47:30.009 AVAST engine scan C:\WINDOWS\system32\drivers
20:48:15.806 AVAST engine scan C:\Documents and Settings\panitabuta
20:57:51.994 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\panitabuta\Desktop\MBR.dat"
20:57:52.009 The log file has been saved successfully to "C:\Documents and Settings\panitabuta\Desktop\aswMBR2.txt"


20:12:40.0650 4076 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
20:12:41.0072 4076 ============================================================
20:12:41.0072 4076 Current date / time: 2011/12/21 20:12:41.0072
20:12:41.0072 4076 SystemInfo:
20:12:41.0072 4076
20:12:41.0072 4076 OS Version: 5.1.2600 ServicePack: 3.0
20:12:41.0072 4076 Product type: Workstation
20:12:41.0072 4076 ComputerName: VALUED-C0DCCC42
20:12:41.0072 4076 UserName: panitabuta
20:12:41.0072 4076 Windows directory: C:\WINDOWS
20:12:41.0072 4076 System windows directory: C:\WINDOWS
20:12:41.0072 4076 Processor architecture: Intel x86
20:12:41.0072 4076 Number of processors: 2
20:12:41.0072 4076 Page size: 0x1000
20:12:41.0072 4076 Boot type: Normal boot
20:12:41.0072 4076 ============================================================
20:12:42.0322 4076 Initialize success
20:12:48.0962 1056 ============================================================
20:12:48.0962 1056 Scan started
20:12:48.0962 1056 Mode: Manual;
20:12:48.0962 1056 ============================================================
20:12:49.0415 1056 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
20:12:49.0415 1056 Aavmker4 - ok
20:12:49.0447 1056 Abiosdsk - ok
20:12:49.0478 1056 abp480n5 - ok
20:12:49.0556 1056 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:12:49.0556 1056 ACPI - ok
20:12:49.0572 1056 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:12:49.0572 1056 ACPIEC - ok
20:12:49.0587 1056 adpu160m - ok
20:12:49.0619 1056 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:12:49.0619 1056 aec - ok
20:12:49.0665 1056 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:12:49.0665 1056 AegisP - ok
20:12:49.0744 1056 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:12:49.0759 1056 AFD - ok
20:12:49.0759 1056 Aha154x - ok
20:12:49.0775 1056 aic78u2 - ok
20:12:49.0790 1056 aic78xx - ok
20:12:49.0822 1056 AliIde - ok
20:12:49.0822 1056 amsint - ok
20:12:49.0884 1056 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
20:12:49.0884 1056 ApfiltrService - ok
20:12:50.0009 1056 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:12:50.0009 1056 Arp1394 - ok
20:12:50.0040 1056 asc - ok
20:12:50.0072 1056 asc3350p - ok
20:12:50.0103 1056 asc3550 - ok
20:12:50.0197 1056 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:12:50.0197 1056 aswFsBlk - ok
20:12:50.0244 1056 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
20:12:50.0244 1056 aswMon2 - ok
20:12:50.0290 1056 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
20:12:50.0290 1056 aswRdr - ok
20:12:50.0353 1056 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
20:12:50.0353 1056 aswSnx - ok
20:12:50.0478 1056 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
20:12:50.0494 1056 aswSP - ok
20:12:50.0540 1056 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
20:12:50.0556 1056 aswTdi - ok
20:12:50.0619 1056 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:12:50.0619 1056 AsyncMac - ok
20:12:50.0634 1056 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:12:50.0650 1056 atapi - ok
20:12:50.0650 1056 Atdisk - ok
20:12:50.0697 1056 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:12:50.0697 1056 Atmarpc - ok
20:12:50.0759 1056 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:12:50.0759 1056 audstub - ok
20:12:50.0853 1056 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:12:50.0853 1056 Beep - ok
20:12:50.0869 1056 catchme - ok
20:12:50.0931 1056 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:12:50.0947 1056 cbidf2k - ok
20:12:51.0009 1056 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:12:51.0009 1056 CCDECODE - ok
20:12:51.0056 1056 cd20xrnt - ok
20:12:51.0150 1056 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:12:51.0150 1056 Cdaudio - ok
20:12:51.0165 1056 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:12:51.0165 1056 Cdfs - ok
20:12:51.0197 1056 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:12:51.0197 1056 Cdrom - ok
20:12:51.0228 1056 Changer - ok
20:12:51.0290 1056 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:12:51.0290 1056 CmBatt - ok
20:12:51.0306 1056 CmdIde - ok
20:12:51.0369 1056 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:12:51.0369 1056 Compbatt - ok
20:12:51.0384 1056 Cpqarray - ok
20:12:51.0400 1056 dac2w2k - ok
20:12:51.0415 1056 dac960nt - ok
20:12:51.0447 1056 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:12:51.0447 1056 Disk - ok
20:12:51.0525 1056 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:12:51.0556 1056 dmboot - ok
20:12:51.0681 1056 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
20:12:51.0681 1056 DMICall - ok
20:12:51.0775 1056 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:12:51.0775 1056 dmio - ok
20:12:51.0853 1056 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:12:51.0853 1056 dmload - ok
20:12:51.0931 1056 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:12:51.0931 1056 DMusic - ok
20:12:51.0947 1056 dpti2o - ok
20:12:51.0978 1056 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:12:51.0978 1056 drmkaud - ok
20:12:52.0040 1056 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:12:52.0040 1056 E100B - ok
20:12:52.0103 1056 e1express (389cf2cded384be477c3b3f15747d495) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
20:12:52.0103 1056 e1express - ok
20:12:52.0228 1056 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:12:52.0228 1056 Fastfat - ok
20:12:52.0275 1056 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:12:52.0275 1056 Fdc - ok
20:12:52.0322 1056 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:12:52.0337 1056 Fips - ok
20:12:52.0353 1056 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:12:52.0353 1056 Flpydisk - ok
20:12:52.0400 1056 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:12:52.0400 1056 FltMgr - ok
20:12:52.0447 1056 FNETTBOH (b91c51d44558985ed0593fd5963d1866) C:\WINDOWS\system32\drivers\FNETTBOH.SYS
20:12:52.0447 1056 FNETTBOH - ok
20:12:52.0462 1056 FNETURPX (0a79334fb069c6b38df7ad56a109ea01) C:\WINDOWS\system32\drivers\FNETURPX.SYS
20:12:52.0462 1056 FNETURPX - ok
20:12:52.0494 1056 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:12:52.0494 1056 Fs_Rec - ok
20:12:52.0556 1056 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:12:52.0556 1056 Ftdisk - ok
20:12:52.0665 1056 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:12:52.0665 1056 GEARAspiWDM - ok
20:12:52.0744 1056 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:12:52.0744 1056 Gpc - ok
20:12:52.0853 1056 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:12:52.0853 1056 HDAudBus - ok
20:12:52.0900 1056 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:12:52.0900 1056 hidusb - ok
20:12:52.0915 1056 hpn - ok
20:12:52.0962 1056 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
20:12:52.0978 1056 HSFHWAZL - ok
20:12:53.0040 1056 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:12:53.0087 1056 HSF_DPV - ok
20:12:53.0150 1056 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:12:53.0150 1056 HTTP - ok
20:12:53.0212 1056 i2omgmt - ok
20:12:53.0275 1056 i2omp - ok
20:12:53.0337 1056 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:12:53.0337 1056 i8042prt - ok
20:12:53.0447 1056 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:12:53.0494 1056 ialm - ok
20:12:53.0540 1056 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:12:53.0540 1056 Imapi - ok
20:12:53.0556 1056 ini910u - ok
20:12:53.0587 1056 IntelIde - ok
20:12:53.0603 1056 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:12:53.0603 1056 intelppm - ok
20:12:53.0665 1056 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:12:53.0665 1056 Ip6Fw - ok
20:12:53.0712 1056 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:12:53.0728 1056 IpFilterDriver - ok
20:12:53.0775 1056 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:12:53.0775 1056 IpInIp - ok
20:12:53.0837 1056 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:12:53.0837 1056 IpNat - ok
20:12:53.0869 1056 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:12:53.0869 1056 IPSec - ok
20:12:53.0947 1056 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:12:53.0947 1056 IRENUM - ok
20:12:53.0994 1056 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:12:53.0994 1056 isapnp - ok
20:12:54.0056 1056 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:12:54.0056 1056 Kbdclass - ok
20:12:54.0087 1056 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:12:54.0087 1056 kmixer - ok
20:12:54.0150 1056 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:12:54.0150 1056 KSecDD - ok
20:12:54.0165 1056 lbrtfdc - ok
20:12:54.0197 1056 MBAMSwissArmy - ok
20:12:54.0259 1056 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:12:54.0259 1056 mdmxsdk - ok
20:12:54.0322 1056 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:12:54.0322 1056 MHNDRV - ok
20:12:54.0353 1056 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:12:54.0353 1056 mnmdd - ok
20:12:54.0384 1056 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:12:54.0384 1056 Modem - ok
20:12:54.0431 1056 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:12:54.0431 1056 Mouclass - ok
20:12:54.0494 1056 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:12:54.0494 1056 mouhid - ok
20:12:54.0509 1056 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:12:54.0509 1056 MountMgr - ok
20:12:54.0525 1056 mraid35x - ok
20:12:54.0556 1056 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:12:54.0556 1056 MRxDAV - ok
20:12:54.0634 1056 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:12:54.0634 1056 MRxSmb - ok
20:12:54.0712 1056 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:12:54.0712 1056 Msfs - ok
20:12:54.0806 1056 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:12:54.0806 1056 MSKSSRV - ok
20:12:54.0822 1056 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:12:54.0822 1056 MSPCLOCK - ok
20:12:54.0837 1056 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:12:54.0837 1056 MSPQM - ok
20:12:54.0869 1056 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:12:54.0869 1056 mssmbios - ok
20:12:54.0884 1056 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:12:54.0884 1056 MSTEE - ok
20:12:54.0931 1056 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:12:54.0931 1056 Mup - ok
20:12:54.0978 1056 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:12:54.0978 1056 NABTSFEC - ok
20:12:55.0009 1056 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:12:55.0025 1056 NDIS - ok
20:12:55.0040 1056 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:12:55.0040 1056 NdisIP - ok
20:12:55.0103 1056 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:12:55.0103 1056 NdisTapi - ok
20:12:55.0134 1056 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:12:55.0134 1056 Ndisuio - ok
20:12:55.0150 1056 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:12:55.0165 1056 NdisWan - ok
20:12:55.0244 1056 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:12:55.0259 1056 NDProxy - ok
20:12:55.0322 1056 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:12:55.0322 1056 NetBIOS - ok
20:12:55.0384 1056 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:12:55.0384 1056 NetBT - ok
20:12:55.0447 1056 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:12:55.0447 1056 NIC1394 - ok
20:12:55.0494 1056 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:12:55.0494 1056 Npfs - ok
20:12:55.0540 1056 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:12:55.0572 1056 Ntfs - ok
20:12:55.0634 1056 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:12:55.0634 1056 Null - ok
20:12:55.0822 1056 nv (57e81d1fde97bb98f7373bce2f4ffb21) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:12:55.0962 1056 nv - ok
20:12:56.0056 1056 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:12:56.0056 1056 NwlnkFlt - ok
20:12:56.0103 1056 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:12:56.0103 1056 NwlnkFwd - ok
20:12:56.0181 1056 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:12:56.0181 1056 ohci1394 - ok
20:12:56.0244 1056 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:12:56.0259 1056 Parport - ok
20:12:56.0275 1056 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:12:56.0275 1056 PartMgr - ok
20:12:56.0322 1056 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:12:56.0322 1056 ParVdm - ok
20:12:56.0337 1056 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:12:56.0353 1056 PCI - ok
20:12:56.0353 1056 PCIDump - ok
20:12:56.0400 1056 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:12:56.0415 1056 PCIIde - ok
20:12:56.0431 1056 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:12:56.0447 1056 Pcmcia - ok
20:12:56.0447 1056 PDCOMP - ok
20:12:56.0462 1056 PDFRAME - ok
20:12:56.0478 1056 PDRELI - ok
20:12:56.0494 1056 PDRFRAME - ok
20:12:56.0509 1056 perc2 - ok
20:12:56.0525 1056 perc2hib - ok
20:12:56.0587 1056 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys
20:12:56.0587 1056 pnarp - ok
20:12:56.0634 1056 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:12:56.0634 1056 PptpMiniport - ok
20:12:56.0712 1056 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:12:56.0712 1056 PSched - ok
20:12:56.0790 1056 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:12:56.0790 1056 Ptilink - ok
20:12:56.0853 1056 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys
20:12:56.0853 1056 purendis - ok
20:12:56.0900 1056 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:12:56.0900 1056 PxHelp20 - ok
20:12:56.0915 1056 ql1080 - ok
20:12:56.0931 1056 Ql10wnt - ok
20:12:56.0947 1056 ql12160 - ok
20:12:56.0962 1056 ql1240 - ok
20:12:56.0978 1056 ql1280 - ok
20:12:57.0025 1056 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:12:57.0025 1056 RasAcd - ok
20:12:57.0056 1056 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:12:57.0056 1056 Rasl2tp - ok
20:12:57.0087 1056 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:12:57.0103 1056 RasPppoe - ok
20:12:57.0150 1056 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:12:57.0150 1056 Raspti - ok
20:12:57.0181 1056 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:12:57.0181 1056 Rdbss - ok
20:12:57.0228 1056 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:12:57.0228 1056 RDPCDD - ok
20:12:57.0275 1056 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:12:57.0290 1056 rdpdr - ok
20:12:57.0384 1056 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:12:57.0384 1056 RDPWD - ok
20:12:57.0447 1056 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:12:57.0462 1056 redbook - ok
20:12:57.0540 1056 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
20:12:57.0540 1056 s24trans - ok
20:12:57.0619 1056 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:12:57.0619 1056 SASDIFSV - ok
20:12:57.0634 1056 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
20:12:57.0650 1056 SASENUM - ok
20:12:57.0665 1056 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
20:12:57.0665 1056 SASKUTIL - ok
20:12:57.0712 1056 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:12:57.0712 1056 Secdrv - ok
20:12:57.0775 1056 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
20:12:57.0775 1056 Serial - ok
20:12:57.0790 1056 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
20:12:57.0806 1056 Sfloppy - ok
20:12:57.0884 1056 SI3132 (716a724a447c559f122ea140d636fa48) C:\WINDOWS\system32\DRIVERS\SI3132.sys
20:12:57.0884 1056 SI3132 - ok
20:12:57.0978 1056 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
20:12:57.0978 1056 SiFilter - ok
20:12:58.0025 1056 Simbad - ok
20:12:58.0056 1056 SiRemFil (62fd549acf2943f89612a8777295fa57) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
20:12:58.0056 1056 SiRemFil - ok
20:12:58.0087 1056 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:12:58.0087 1056 SLIP - ok
20:12:58.0150 1056 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
20:12:58.0150 1056 SNC - ok
20:12:58.0228 1056 SonyImgF (fb77021110eaa16ea6e0961c844ef0d2) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
20:12:58.0228 1056 SonyImgF - ok
20:12:58.0244 1056 Sparrow - ok
20:12:58.0275 1056 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:12:58.0275 1056 splitter - ok
20:12:58.0337 1056 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:12:58.0337 1056 sr - ok
20:12:58.0400 1056 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:12:58.0415 1056 Srv - ok
20:12:58.0587 1056 STHDA (c80ec509026f6cc88486742083386ff6) C:\WINDOWS\system32\drivers\sthda.sys
20:12:58.0634 1056 STHDA - ok
20:12:58.0712 1056 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:12:58.0728 1056 streamip - ok
20:12:58.0822 1056 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:12:58.0822 1056 swenum - ok
20:12:58.0931 1056 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:12:58.0931 1056 swmidi - ok
20:12:59.0025 1056 symc810 - ok
20:12:59.0056 1056 symc8xx - ok
20:12:59.0134 1056 SYMIDSCO - ok
20:12:59.0165 1056 sym_hi - ok
20:12:59.0275 1056 sym_u3 - ok
20:12:59.0369 1056 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:12:59.0369 1056 sysaudio - ok
20:12:59.0447 1056 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:12:59.0447 1056 Tcpip - ok
20:12:59.0525 1056 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:12:59.0525 1056 TDPIPE - ok
20:12:59.0540 1056 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:12:59.0556 1056 TDTCP - ok
20:12:59.0572 1056 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:12:59.0572 1056 TermDD - ok
20:12:59.0650 1056 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys
20:12:59.0650 1056 ti21sony - ok
20:12:59.0681 1056 TosIde - ok
20:12:59.0759 1056 tosporte (6a404454c6133e749be33892eb6ffa35) C:\WINDOWS\system32\DRIVERS\tosporte.sys
20:12:59.0759 1056 tosporte - ok
20:12:59.0806 1056 Tosrfbd (e4901804c4d8d613fa3560de2c2e0261) C:\WINDOWS\system32\Drivers\tosrfbd.sys
20:12:59.0806 1056 Tosrfbd - ok
20:12:59.0884 1056 Tosrfbnp (613e09572f4c5b92ca6be8bdc4cc5b7d) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
20:12:59.0884 1056 Tosrfbnp - ok
20:12:59.0915 1056 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
20:12:59.0915 1056 Tosrfcom - ok
20:12:59.0994 1056 Tosrfhid (7726332391d8fca1a491a17f592fd6b3) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
20:12:59.0994 1056 Tosrfhid - ok
20:13:00.0056 1056 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
20:13:00.0056 1056 tosrfnds - ok
20:13:00.0103 1056 Tosrfusb (7414a6461bc83a22b0ae009ace3e375b) C:\WINDOWS\system32\Drivers\tosrfusb.sys
20:13:00.0103 1056 Tosrfusb - ok
20:13:00.0150 1056 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:13:00.0165 1056 Udfs - ok
20:13:00.0181 1056 ultra - ok
20:13:00.0244 1056 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:13:00.0244 1056 Update - ok
20:13:00.0306 1056 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:13:00.0322 1056 USBAAPL - ok
20:13:00.0400 1056 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:13:00.0400 1056 usbccgp - ok
20:13:00.0462 1056 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:13:00.0462 1056 usbehci - ok
20:13:00.0509 1056 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:13:00.0509 1056 usbhub - ok
20:13:00.0572 1056 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:13:00.0587 1056 usbprint - ok
20:13:00.0603 1056 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:13:00.0619 1056 usbscan - ok
20:13:00.0681 1056 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:13:00.0681 1056 usbstor - ok
20:13:00.0728 1056 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:13:00.0728 1056 usbuhci - ok
20:13:00.0822 1056 usbvm321 (c7f4158ea3915f4194aee233ff8d4728) C:\WINDOWS\system32\Drivers\usbvm321.sys
20:13:00.0837 1056 usbvm321 - ok
20:13:00.0884 1056 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:13:00.0884 1056 VgaSave - ok
20:13:00.0900 1056 ViaIde - ok
20:13:00.0915 1056 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:13:00.0931 1056 VolSnap - ok
20:13:01.0056 1056 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
20:13:01.0119 1056 w39n51 - ok
20:13:01.0181 1056 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:13:01.0181 1056 Wanarp - ok
20:13:01.0197 1056 WDICA - ok
20:13:01.0228 1056 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:13:01.0228 1056 wdmaud - ok
20:13:01.0306 1056 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:13:01.0353 1056 winachsf - ok
20:13:01.0478 1056 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:13:01.0478 1056 WSTCODEC - ok
20:13:01.0540 1056 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:13:01.0744 1056 \Device\Harddisk0\DR0 - ok
20:13:01.0759 1056 MBR (0x1B8) (45ed320cd87a2cdd9109f0fb74bda871) \Device\Harddisk2\DR5
20:13:03.0478 1056 \Device\Harddisk2\DR5 - ok
20:13:03.0478 1056 Boot (0x1200) (3b5d759b72386666f9b36171d0cdf862) \Device\Harddisk0\DR0\Partition0
20:13:03.0494 1056 \Device\Harddisk0\DR0\Partition0 - ok
20:13:03.0494 1056 ============================================================
20:13:03.0494 1056 Scan finished
20:13:03.0494 1056 ============================================================
20:13:03.0509 0736 Detected object count: 0
20:13:03.0509 0736 Actual detected object count: 0
20:13:46.0259 3900 Deinitialize success



Does this mean the virus is gone? Comp is running so much better! Thank you sooo much!!
  • 0

#22
RKinner
Posted 22 December 2011 - 02:37 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
I don't see any signs of it. I don't like in the combofix log where it has so many minus signs in front of the MD5 values. Not sure what is going on there. Let's try Eset:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time (HOURS!).
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.
  • 0

#23
pbj888
Posted 24 December 2011 - 09:44 AM

pbj888

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetSpeedMonitor.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\panitabuta\Application Data\Sun\Java\Deployment\cache\6.0\5\4c092f05-43a9f579 a variant of Java/Exploit.CVE-2011-3544.C trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\panitabuta\Local Settings\Application Data\vrus.exe.vir a variant of Win32/Kryptik.XBK trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{6B3B2631-9354-4189-8E72-FAB98CF40958}\RP725\A0153053.exe a variant of Win32/Kryptik.XBK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.12.2011_20.13.44\tdlfs0000\tsk0003.dta Win32/Olmarik.ADZ trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.12.2011_20.13.44\tdlfs0000\tsk0005.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.12.2011_20.13.44\tdlfs0000\tsk0006.dta Win64/Olmarik.R trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\19.12.2011_20.13.44\tdlfs0000\tsk0007.dta Win64/Olmarik.A trojan cleaned by deleting - quarantined










ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=aff98f5a4e0ba842b274523e517b1aa8
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-24 09:51:11
# local_time=2011-12-24 04:51:11 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 33463179 33463179 0 0
# compatibility_mode=768 16777215 100 0 30889732 30889732 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=126113
# found=8
# cleaned=8
# scan_time=9123
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetSpeedMonitor.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\panitabuta\Application Data\Sun\Java\Deployment\cache\6.0\5\4c092f05-43a9f579 a variant of Java/Exploit.CVE-2011-3544.C trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\panitabuta\Local Settings\Application Data\vrus.exe.vir a variant of Win32/Kryptik.XBK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{6B3B2631-9354-4189-8E72-FAB98CF40958}\RP725\A0153053.exe a variant of Win32/Kryptik.XBK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\19.12.2011_20.13.44\tdlfs0000\tsk0003.dta Win32/Olmarik.ADZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\19.12.2011_20.13.44\tdlfs0000\tsk0005.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\19.12.2011_20.13.44\tdlfs0000\tsk0006.dta Win64/Olmarik.R trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\19.12.2011_20.13.44\tdlfs0000\tsk0007.dta Win64/Olmarik.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#24
RKinner
Posted 24 December 2011 - 10:26 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
ESET did find a couple of things we hadn't so I guess it was worth it. Let's clear the temp files and the Java and Flash caches:

Copy the following:


:Commands
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. I don't need the log.

Then let's check for damages:


Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#25
pbj888
Posted 24 December 2011 - 08:08 PM

pbj888

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 24/12/2011 8:36:46 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/12/2011 6:07:04 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The VAIO Entertainment File Import Service service depends on the VAIO Entertainment Database Service service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

Log: 'System' Date/Time: 24/12/2011 6:07:04 PM
Type: error Category: 0
Event: 7003 Source: Service Control Manager
The VAIO Entertainment Database Service service depends on the following nonexistent service: MSSQL$VAIO_VEDB

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/12/2011 6:37:13 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 24/12/2011 6:07:36 PM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0013022754A2. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Thanks!!!
  • 0

Advertisements

#26
RKinner
Posted 24 December 2011 - 09:03 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
You need to reinstall your Sony stuff
VAIO Entertainment File Import Service
VAIO Entertainment Database Service service
MSSQL$VAIO_VEDB
if you use it or uninstall it if you don't or at least go into Services (start, run, services.msc, ok ) and change the startup type on the first two to Disabled.

Are you using any kind of P2P program? (uTorrent, limewire, frostwire etc?) That's usually what causes this error:

I think we can clean up now.

We need to clean up System Restore.

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]
Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 29 or 7 update 1). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP