Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer keeps rebooting after possible infection! [Closed]

Started by valgalvez , Mar 19 2012 05:11 PM

  • This topic is locked This topic is locked

#1
valgalvez
Posted 19 March 2012 - 05:11 PM

valgalvez

    Member

  • Member
  • PipPip
  • 32 posts
Hi all,

Earlier today I opened an email which I soon found out was probably spam, because shortly after that I started getting google redirects but no pop ups requiring activation of anything..I instantly went to do a Malwarebytes scan and it need to be updated, so I updated and rebooted, and it has rebooting ever since on it's own, once it restarts I try to run a malwarebytes scan and it just reboots mid scan. :( I was able to get into safe mode and do a quick scan but nothing came up. I was just about to do an OTL scan but was wondering if it would be ok to do it in safe mode since that is the only way the computer stays on?

Thank you

Specs: LG Desktop
Pentium Dual Core CPU E5300 2.60GHz
4.0 GB Ram
Windows 7
  • 0

Advertisements

#2
valgalvez
Posted 19 March 2012 - 05:45 PM

valgalvez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
This is my OTL quick scan log done in safemode with networking..

OTL logfile created on: 3/19/2012 5:59:36 PM - Run 2
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\valerie\Downloads
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 51.49% Memory free
5.93 Gb Paging File | 4.50 Gb Available in Paging File | 75.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 425.93 Gb Free Space | 91.47% Space Free | Partition Type: NTFS
Drive N: | 465.76 Gb Total Space | 375.78 Gb Free Space | 80.68% Space Free | Partition Type: NTFS

Computer Name: VALERIE | User Name: Valerie | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/19 17:58:06 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Valerie\Downloads\OTL(2).exe
PRC - [2011/07/15 21:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/28 18:43:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2011/02/28 18:43:07 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jp2launcher.exe
PRC - [2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/01/27 10:34:07 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/13 18:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE


========== Modules (No Company Name) ==========

MOD - [2009/10/27 20:40:14 | 003,885,984 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 18:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/11 13:36:56 | 000,045,056 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/08/24 10:59:18 | 000,155,648 | ---- | M] () [Auto | Stopped] -- C:\Windows\agent.exe -- (Agent)
SRV - [2011/06/21 18:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Stopped] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2010/04/20 03:00:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/18 02:25:12 | 000,678,912 | ---- | M] (Intuit, Inc.) [Disabled | Stopped] -- C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe -- (QuickBooksDB20)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/09/13 11:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Stopped] -- C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe -- (QuickBooksDB18)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8A8BB0D6-4ADB-4C7B-93A2-377B384ADF28}\MpKsl53b49644.sys -- (MpKsl53b49644)
DRV - [2012/03/19 17:07:32 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/12/10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/07/13 18:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 18:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 D3 36 80 95 DA CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS470
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {F80B23F2-A379-46F8-9590-833743071DF3}:1.9.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\valerie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\valerie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\valerie\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\valerie\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\valerie\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F80B23F2-A379-46F8-9590-833743071DF3}: C:\Users\valerie\AppData\Local\{F80B23F2-A379-46F8-9590-833743071DF3}\ [2011/07/28 09:16:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 17:10:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/01 19:54:07 | 000,000,000 | ---D | M]

[2010/01/07 13:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valerie\AppData\Roaming\Mozilla\Extensions
[2010/01/07 13:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valerie\AppData\Roaming\Mozilla\Firefox\Profiles\oz8hkpgg.default\extensions
[2012/02/23 10:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/28 18:43:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/28 09:16:40 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\VALERIE\APPDATA\LOCAL\{F80B23F2-A379-46F8-9590-833743071DF3}
[2011/02/28 18:43:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickBooksDB20] C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe (Intuit, Inc.)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE (Corel Corporation)
O4 - HKLM..\Run: [ScrewDrivers RDP Plugin] C:\Program Files\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe ()
O4 - HKCU..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mdsynergy.com ([mdscapture] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mdsynergy.com ([mdsdocstore] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mdsynergy.com ([services] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mdsynergy.com ([www] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} https://www2.mdsyner...OpType=PrintCab (RSClientPrint 2008 Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1_01)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=722 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BRESSMAN.LOCAL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6ADD6660-7DF5-44BF-8C4B-82CFCD74DF28}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6ADD6660-7DF5-44BF-8C4B-82CFCD74DF28}: NameServer = 192.168.1.2
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4949ce93-5378-11df-82ef-0030672f14ee}\Shell - "" = AutoRun
O33 - MountPoints2\{4949ce93-5378-11df-82ef-0030672f14ee}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{6616dbd7-7542-11df-9fd2-0030672f14ee}\Shell - "" = AutoRun
O33 - MountPoints2\{6616dbd7-7542-11df-9fd2-0030672f14ee}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{bf7fde29-7f79-11df-afaf-0030672f14ee}\Shell - "" = AutoRun
O33 - MountPoints2\{bf7fde29-7f79-11df-afaf-0030672f14ee}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/19 17:07:32 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/03/19 15:55:06 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/10/13 17:10:47 | 000,465,264 | ---- | C] (Corel) -- C:\Program Files\Common Files\AppFramework.dll
[2011/10/13 17:10:47 | 000,332,144 | ---- | C] (Corel) -- C:\Program Files\Common Files\MediaOrganizer.dll
[2011/10/13 17:10:47 | 000,033,136 | ---- | C] (Corel-V1E) -- C:\Program Files\Common Files\FlickrProvider.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/19 17:55:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/19 17:55:13 | 250,007,272 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/19 17:55:10 | 2388,582,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/19 17:51:53 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/19 17:13:40 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/19 17:13:40 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/19 17:10:04 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2012/03/19 17:07:32 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/03/19 15:52:50 | 000,015,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 15:52:50 | 000,015,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/14 11:54:52 | 000,001,722 | ---- | M] () -- C:\Users\valerie\Desktop\office(1)-2(1).GCF
[2012/03/14 10:29:52 | 000,001,864 | ---- | M] () -- C:\Users\valerie\Desktop\ALVC EMR.rdp
[2012/02/27 12:02:13 | 000,001,682 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/02/22 16:20:55 | 003,515,392 | ---- | M] () -- C:\Users\valerie\Desktop\office(1)-2(1).or5
[2012/02/21 11:35:49 | 000,001,407 | ---- | M] () -- C:\Users\valerie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/21 04:02:08 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/19 17:10:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2012/03/19 15:54:51 | 250,007,272 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/03/14 10:29:49 | 000,001,864 | ---- | C] () -- C:\Users\valerie\Desktop\ALVC EMR.rdp
[2012/02/21 04:02:08 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/01/26 15:12:22 | 000,155,648 | ---- | C] () -- C:\Windows\agent.exe
[2012/01/26 15:12:15 | 000,046,592 | ---- | C] () -- C:\Windows\System32\sdtnpm.dll
[2012/01/11 12:49:32 | 000,011,302 | -HS- | C] () -- C:\Users\valerie\AppData\Local\151574j07m34o4330
[2012/01/11 12:49:32 | 000,011,302 | -HS- | C] () -- C:\ProgramData\151574j07m34o4330
[2011/10/13 17:10:47 | 000,402,800 | ---- | C] () -- C:\Program Files\Common Files\facebook.dll
[2011/10/13 17:10:47 | 000,148,177 | ---- | C] () -- C:\Program Files\Common Files\BookViewer.xap
[2011/10/13 17:10:47 | 000,130,416 | ---- | C] () -- C:\Program Files\Common Files\PluginCommon.dll
[2011/07/28 09:16:41 | 000,000,120 | ---- | C] () -- C:\Users\valerie\AppData\Local\Jxacaheqimezo.dat
[2011/07/28 09:16:41 | 000,000,000 | ---- | C] () -- C:\Users\valerie\AppData\Local\Bxifevenupe.bin
[2011/03/25 10:26:12 | 000,000,600 | ---- | C] () -- C:\Users\valerie\AppData\Local\PUTTY.RND
[2011/01/28 17:59:30 | 000,000,600 | ---- | C] () -- C:\Users\valerie\AppData\Roaming\winscp.rnd
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/04/09 17:14:21 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini

========== LOP Check ==========

[2012/02/14 15:24:04 | 000,000,000 | ---D | M] -- C:\Users\valerie\AppData\Roaming\Auslogics
[2011/09/09 10:51:39 | 000,000,000 | ---D | M] -- C:\Users\valerie\AppData\Roaming\Downloaded Installations
[2012/01/02 11:00:07 | 000,000,000 | ---D | M] -- C:\Users\valerie\AppData\Roaming\MDSWebScan
[2012/01/26 15:21:57 | 000,000,000 | ---D | M] -- C:\Users\valerie\AppData\Roaming\Neat
[2012/03/19 14:09:20 | 000,000,000 | ---D | M] -- C:\Users\valerie\AppData\Roaming\Nitro PDF
[2012/01/26 15:21:54 | 000,000,000 | ---D | M] -- C:\Users\valerie\AppData\Roaming\Nuance
[2009/07/13 21:53:46 | 000,024,384 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >

Also, forgot to mention that every time it reboots it goes to a blue screen that states its doing a memory dump.
  • 0

#3
maliprog
Posted 23 March 2012 - 12:59 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello valgalvez and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed


You can run all these scan in Safe Mode with Networking. Please read Step 1 and take it seriously!


Step 1

NOTE: You have very nasty infection! I would strongly advice you to backup all your important data from your system before you begin with the fix.

This malware tends to disable you whole system and let you with nothing. Please backup your data!

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 4

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#4
maliprog
Posted 26 March 2012 - 11:40 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#5
maliprog
Posted 27 March 2012 - 11:03 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
User returned

Hi valgalvez,

Please post your logs.
  • 0

#6
valgalvez
Posted 28 March 2012 - 10:41 AM

valgalvez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Combo Log:

ComboFix 12-03-27.03 - Valerie 03/27/2012 17:06:43.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3037.1710 [GMT -7:00]
Running from: c:\users\valerie\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\valerie\AppData\Local\{F80B23F2-A379-46F8-9590-833743071DF3}
c:\users\valerie\AppData\Local\{F80B23F2-A379-46F8-9590-833743071DF3}\chrome.manifest
c:\users\valerie\AppData\Local\{F80B23F2-A379-46F8-9590-833743071DF3}\chrome\content\_cfg.js
c:\users\valerie\AppData\Local\{F80B23F2-A379-46F8-9590-833743071DF3}\chrome\content\overlay.xul
c:\users\valerie\AppData\Local\{F80B23F2-A379-46F8-9590-833743071DF3}\install.rdf
c:\users\valerie\g2mdlhlpx.exe
c:\users\valerie\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-28 )))))))))))))))))))))))))))))))
.
.
2012-03-28 00:12 . 2012-03-28 00:12 -------- d-----w- c:\users\User\AppData\Local\temp
2012-03-28 00:12 . 2012-03-28 00:12 -------- d-----w- c:\users\QBDataServiceUser20\AppData\Local\temp
2012-03-27 23:56 . 2012-03-27 23:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-22 19:55 . 2012-03-22 20:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-22 19:53 . 2012-03-22 19:53 709968 ----a-w- c:\windows\is-LMSLK.exe
2012-03-21 01:44 . 2012-03-21 01:44 -------- d-----w- C:\_OTM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-27 19:02 . 2010-02-12 19:11 1682 --sha-w- c:\programdata\KGyGaAvL.sys
2012-02-21 11:02 . 2012-02-21 11:02 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-21 11:02 . 2012-02-21 11:02 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-21 11:02 . 2012-02-21 11:02 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-21 11:02 . 2012-02-21 11:02 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-21 11:02 . 2012-02-21 11:02 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-21 11:02 . 2012-02-21 11:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-21 11:02 . 2012-02-21 11:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-21 11:02 . 2012-02-21 11:02 367104 ----a-w- c:\windows\system32\html.iec
2012-02-21 11:02 . 2012-02-21 11:02 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-21 11:02 . 2012-02-21 11:02 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-21 11:02 . 2012-02-21 11:02 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-21 11:02 . 2012-02-21 11:02 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-21 11:02 . 2012-02-21 11:02 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-21 11:02 . 2012-02-21 11:02 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-21 11:02 . 2012-02-21 11:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-21 11:02 . 2012-02-21 11:02 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-21 11:02 . 2012-02-21 11:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-21 11:02 . 2012-02-21 11:02 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-21 11:02 . 2012-02-21 11:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-21 11:02 . 2012-02-21 11:02 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-21 11:02 . 2012-02-21 11:02 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-09 22:23 . 2011-07-06 19:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-14 03:48 . 2012-02-15 02:16 2340864 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 11:20 . 2012-01-10 11:22 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A23654C7-D618-461D-9706-ECDF981017D7}\offreg.dll
2012-01-04 09:26 . 2010-01-04 23:01 236576 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 09:03 . 2012-02-15 02:17 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-03 05:44 . 2012-02-15 02:17 478208 ----a-w- c:\windows\system32\timedate.cpl
2011-08-24 01:42 . 2011-10-14 00:10 332144 ----a-w- c:\program files\Common Files\MediaOrganizer.dll
2011-08-24 01:35 . 2011-10-14 00:10 33136 ----a-w- c:\program files\Common Files\FlickrProvider.dll
2011-08-24 01:35 . 2011-10-14 00:10 402800 ----a-w- c:\program files\Common Files\facebook.dll
2011-08-24 01:35 . 2011-10-14 00:10 130416 ----a-w- c:\program files\Common Files\PluginCommon.dll
2011-08-24 01:34 . 2011-10-14 00:10 465264 ----a-w- c:\program files\Common Files\AppFramework.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2011-09-08 522752]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE" [2009-06-22 83232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"QuickBooksDB20"="c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe" [2009-08-18 678912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ScrewDrivers RDP Plugin"="c:\program files\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe" [2010-12-15 45384]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-12-02 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Lotus Organizer EasyClip.lnk - c:\lotus\organize\easyclip.exe [2002-8-8 87040]
Lotus QuickStart.lnk - c:\lotus\wordpro\ltsstart.exe [2002-8-7 32768]
Lotus SmartCenter.lnk - c:\lotus\smartctr\smartctr.exe [2002-7-23 204800]
Lotus SuiteStart.lnk - c:\lotus\smartctr\suitest.exe [2002-7-23 32768]
PathPoll - Shortcut.lnk - c:\streamlinemd\PathPoll\PathPoll.exe [2011-7-5 2089984]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-11 1155432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R0 wbjwqply;wbjwqply;c:\windows\System32\drivers\feli.sys [x]
R1 MpKsl53b49644;MpKsl53b49644;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A8BB0D6-4ADB-4C7B-93A2-377B384ADF28}\MpKsl53b49644.sys [x]
R2 Agent;Agent;c:\windows\agent.exe [2011-08-24 155648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-02-09 136176]
R2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [2006-09-13 128536]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-02-09 136176]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-03-22 40776]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1343400]
R4 QuickBooksDB20;QuickBooksDB20;c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe [2009-08-18 678912]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2011-06-22 196912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-09 22:23]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-09 22:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
Trusted Zone: mdsynergy.com\mdscapture
Trusted Zone: mdsynergy.com\mdsdocstore
Trusted Zone: mdsynergy.com\services
Trusted Zone: mdsynergy.com\www
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{6ADD6660-7DF5-44BF-8C4B-82CFCD74DF28}: NameServer = 192.168.1.2
DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://www2.mdsynergy.com/reports/ReportsTree/Reserved.ReportViewerWebControl.axd?ReportSession=klky5he2mkw2zo55uv1p5yqw&ControlID=96e6516b5c1e402f92c85567d11a498b&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
FF - ProfilePath - c:\users\valerie\AppData\Roaming\Mozilla\Firefox\Profiles\oz8hkpgg.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-MsMpSvc
HKLM_ActiveSetup-Neat ADF Scanner 2008 - reg copy HKLM\Software\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008
HKLM_ActiveSetup-Send To Neat - reg copy HKLM\Software\The Neat Company\Send To Neat HKCU\Software\The Neat Company\Send To Neat
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-27 17:16:10
ComboFix-quarantined-files.txt 2012-03-28 00:16
.
Pre-Run: 457,963,388,928 bytes free
Post-Run: 458,197,663,744 bytes free
.
- - End Of File - - 045916AB6157B36500513D6C7BB26B52
  • 0

#7
valgalvez
Posted 28 March 2012 - 10:44 AM

valgalvez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
TDSS Log:

*Btw after I did the Tdss scan in safe mode with networking, it restarted and I was able to start normally with no reboots and did the combo scan in normal mode.

16:52:56.0484 1792 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
16:52:57.0000 1792 ============================================================
16:52:57.0000 1792 Current date / time: 2012/03/27 16:52:57.0000
16:52:57.0000 1792 SystemInfo:
16:52:57.0000 1792
16:52:57.0000 1792 OS Version: 6.1.7600 ServicePack: 0.0
16:52:57.0000 1792 Product type: Workstation
16:52:57.0000 1792 ComputerName: VALERIE
16:52:57.0000 1792 UserName: Valerie
16:52:57.0000 1792 Windows directory: C:\Windows
16:52:57.0000 1792 System windows directory: C:\Windows
16:52:57.0000 1792 Processor architecture: Intel x86
16:52:57.0000 1792 Number of processors: 2
16:52:57.0000 1792 Page size: 0x1000
16:52:57.0000 1792 Boot type: Safe boot with network
16:52:57.0000 1792 ============================================================
16:52:58.0187 1792 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:52:58.0187 1792 Drive \Device\Harddisk1\DR1 - Size: 0x7840FE00 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:52:58.0187 1792 \Device\Harddisk0\DR0:
16:52:58.0187 1792 MBR used
16:52:58.0187 1792 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:52:58.0187 1792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
16:52:58.0187 1792 \Device\Harddisk1\DR1:
16:52:58.0187 1792 MBR used
16:52:58.0187 1792 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x81, BlocksNum 0x3B9D3F
16:52:58.0203 1792 Initialize success
16:52:58.0203 1792 ============================================================
16:53:31.0140 1508 ============================================================
16:53:31.0140 1508 Scan started
16:53:31.0140 1508 Mode: Manual; SigCheck; TDLFS;
16:53:31.0140 1508 ============================================================
16:53:31.0953 1508 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
16:53:32.0046 1508 1394ohci - ok
16:53:32.0093 1508 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
16:53:32.0109 1508 ACPI - ok
16:53:32.0109 1508 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
16:53:32.0156 1508 AcpiPmi - ok
16:53:32.0203 1508 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:53:32.0218 1508 adp94xx - ok
16:53:32.0218 1508 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:53:32.0234 1508 adpahci - ok
16:53:32.0312 1508 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:53:32.0312 1508 adpu320 - ok
16:53:32.0343 1508 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
16:53:32.0359 1508 AeLookupSvc - ok
16:53:32.0421 1508 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
16:53:32.0453 1508 AFD - ok
16:53:32.0515 1508 Agent (b3aa46598403f63574f84880f2f2db8c) C:\Windows\agent.exe
16:53:32.0515 1508 Agent ( UnsignedFile.Multi.Generic ) - warning
16:53:32.0515 1508 Agent - detected UnsignedFile.Multi.Generic (1)
16:53:32.0531 1508 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
16:53:32.0546 1508 agp440 - ok
16:53:32.0578 1508 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:53:32.0578 1508 aic78xx - ok
16:53:32.0656 1508 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
16:53:32.0671 1508 ALG - ok
16:53:32.0687 1508 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
16:53:32.0687 1508 aliide - ok
16:53:32.0703 1508 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
16:53:32.0703 1508 amdagp - ok
16:53:32.0718 1508 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
16:53:32.0734 1508 amdide - ok
16:53:32.0750 1508 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:53:32.0781 1508 AmdK8 - ok
16:53:32.0796 1508 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:53:32.0812 1508 AmdPPM - ok
16:53:32.0843 1508 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
16:53:32.0843 1508 amdsata - ok
16:53:32.0859 1508 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:53:32.0875 1508 amdsbs - ok
16:53:32.0906 1508 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
16:53:32.0906 1508 amdxata - ok
16:53:32.0921 1508 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
16:53:32.0953 1508 AppID - ok
16:53:33.0015 1508 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
16:53:33.0046 1508 AppIDSvc - ok
16:53:33.0078 1508 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
16:53:33.0156 1508 Appinfo - ok
16:53:33.0234 1508 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
16:53:33.0250 1508 AppMgmt - ok
16:53:33.0296 1508 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:53:33.0312 1508 arc - ok
16:53:33.0343 1508 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:53:33.0343 1508 arcsas - ok
16:53:33.0375 1508 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:53:33.0453 1508 AsyncMac - ok
16:53:33.0468 1508 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
16:53:33.0468 1508 atapi - ok
16:53:33.0515 1508 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
16:53:33.0562 1508 AudioEndpointBuilder - ok
16:53:33.0578 1508 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
16:53:33.0593 1508 Audiosrv - ok
16:53:33.0609 1508 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
16:53:33.0625 1508 AxInstSV - ok
16:53:33.0687 1508 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:53:33.0718 1508 b06bdrv - ok
16:53:33.0765 1508 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:53:33.0781 1508 b57nd60x - ok
16:53:33.0796 1508 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
16:53:33.0812 1508 BDESVC - ok
16:53:33.0828 1508 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:53:33.0843 1508 Beep - ok
16:53:33.0937 1508 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
16:53:33.0968 1508 BFE - ok
16:53:34.0000 1508 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
16:53:34.0031 1508 BITS - ok
16:53:34.0046 1508 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:53:34.0062 1508 blbdrive - ok
16:53:34.0093 1508 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
16:53:34.0109 1508 bowser - ok
16:53:34.0140 1508 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:53:34.0156 1508 BrFiltLo - ok
16:53:34.0171 1508 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:53:34.0187 1508 BrFiltUp - ok
16:53:34.0203 1508 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
16:53:34.0234 1508 Browser - ok
16:53:34.0265 1508 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:53:34.0265 1508 Brserid - ok
16:53:34.0281 1508 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:53:34.0312 1508 BrSerWdm - ok
16:53:34.0312 1508 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:53:34.0343 1508 BrUsbMdm - ok
16:53:34.0343 1508 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:53:34.0359 1508 BrUsbSer - ok
16:53:34.0375 1508 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:53:34.0390 1508 BTHMODEM - ok
16:53:34.0437 1508 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
16:53:34.0468 1508 bthserv - ok
16:53:34.0500 1508 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:53:34.0531 1508 cdfs - ok
16:53:34.0578 1508 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
16:53:34.0593 1508 cdrom - ok
16:53:34.0640 1508 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
16:53:34.0671 1508 CertPropSvc - ok
16:53:34.0671 1508 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:53:34.0687 1508 circlass - ok
16:53:34.0703 1508 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:53:34.0718 1508 CLFS - ok
16:53:34.0765 1508 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:53:34.0765 1508 clr_optimization_v2.0.50727_32 - ok
16:53:34.0843 1508 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:53:34.0890 1508 clr_optimization_v4.0.30319_32 - ok
16:53:34.0890 1508 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:53:34.0921 1508 CmBatt - ok
16:53:34.0921 1508 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
16:53:34.0937 1508 cmdide - ok
16:53:34.0968 1508 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
16:53:35.0000 1508 CNG - ok
16:53:35.0015 1508 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:53:35.0031 1508 Compbatt - ok
16:53:35.0078 1508 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:53:35.0078 1508 CompositeBus - ok
16:53:35.0109 1508 COMSysApp - ok
16:53:35.0125 1508 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:53:35.0140 1508 crcdisk - ok
16:53:35.0156 1508 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
16:53:35.0203 1508 CryptSvc - ok
16:53:35.0218 1508 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
16:53:35.0250 1508 CSC - ok
16:53:35.0281 1508 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
16:53:35.0312 1508 CscService - ok
16:53:35.0343 1508 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
16:53:35.0375 1508 DcomLaunch - ok
16:53:35.0390 1508 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
16:53:35.0437 1508 defragsvc - ok
16:53:35.0500 1508 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
16:53:35.0515 1508 DfsC - ok
16:53:35.0578 1508 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
16:53:35.0609 1508 Dhcp - ok
16:53:35.0640 1508 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:53:35.0656 1508 discache - ok
16:53:35.0718 1508 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:53:35.0718 1508 Disk - ok
16:53:35.0750 1508 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
16:53:35.0765 1508 Dnscache - ok
16:53:35.0781 1508 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
16:53:35.0812 1508 dot3svc - ok
16:53:35.0828 1508 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
16:53:35.0859 1508 DPS - ok
16:53:35.0906 1508 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:53:35.0921 1508 drmkaud - ok
16:53:35.0953 1508 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
16:53:35.0984 1508 DXGKrnl - ok
16:53:36.0000 1508 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
16:53:36.0015 1508 EapHost - ok
16:53:36.0093 1508 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:53:36.0156 1508 ebdrv - ok
16:53:36.0187 1508 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
16:53:36.0203 1508 EFS - ok
16:53:36.0343 1508 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
16:53:36.0375 1508 ehRecvr - ok
16:53:36.0390 1508 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
16:53:36.0406 1508 ehSched - ok
16:53:36.0515 1508 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:53:36.0531 1508 elxstor - ok
16:53:36.0687 1508 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
16:53:36.0734 1508 ErrDev - ok
16:53:36.0921 1508 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
16:53:36.0968 1508 EventSystem - ok
16:53:37.0156 1508 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:53:37.0187 1508 exfat - ok
16:53:37.0359 1508 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:53:37.0406 1508 fastfat - ok
16:53:37.0640 1508 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
16:53:37.0687 1508 Fax - ok
16:53:37.0890 1508 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:53:37.0921 1508 fdc - ok
16:53:38.0093 1508 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
16:53:38.0140 1508 fdPHost - ok
16:53:38.0265 1508 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
16:53:38.0359 1508 FDResPub - ok
16:53:38.0765 1508 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:53:38.0796 1508 FileInfo - ok
16:53:39.0140 1508 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:53:39.0218 1508 Filetrace - ok
16:53:39.0531 1508 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:53:39.0578 1508 flpydisk - ok
16:53:40.0015 1508 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:53:40.0046 1508 FltMgr - ok
16:53:40.0468 1508 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
16:53:40.0515 1508 FontCache - ok
16:53:40.0843 1508 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:53:40.0906 1508 FontCache3.0.0.0 - ok
16:53:41.0250 1508 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:53:41.0265 1508 FsDepends - ok
16:53:41.0515 1508 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
16:53:41.0531 1508 Fs_Rec - ok
16:53:41.0843 1508 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
16:53:41.0875 1508 fvevol - ok
16:53:42.0125 1508 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:53:42.0156 1508 gagp30kx - ok
16:53:42.0406 1508 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
16:53:42.0453 1508 gpsvc - ok
16:53:42.0812 1508 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:53:42.0953 1508 gupdate - ok
16:53:43.0031 1508 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:53:43.0031 1508 gupdatem - ok
16:53:43.0265 1508 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:53:43.0328 1508 gusvc - ok
16:53:43.0578 1508 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:53:43.0609 1508 hcw85cir - ok
16:53:43.0968 1508 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
16:53:44.0046 1508 HdAudAddService - ok
16:53:44.0312 1508 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:53:44.0359 1508 HDAudBus - ok
16:53:44.0500 1508 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:53:44.0531 1508 HidBatt - ok
16:53:44.0718 1508 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:53:44.0765 1508 HidBth - ok
16:53:44.0984 1508 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:53:45.0031 1508 HidIr - ok
16:53:45.0171 1508 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
16:53:45.0265 1508 hidserv - ok
16:53:45.0625 1508 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
16:53:45.0671 1508 HidUsb - ok
16:53:45.0828 1508 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
16:53:45.0937 1508 hkmsvc - ok
16:53:46.0234 1508 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
16:53:46.0296 1508 HomeGroupListener - ok
16:53:46.0515 1508 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
16:53:46.0578 1508 HomeGroupProvider - ok
16:53:46.0937 1508 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:53:46.0968 1508 HpSAMD - ok
16:53:47.0406 1508 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
16:53:47.0453 1508 HTTP - ok
16:53:47.0640 1508 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
16:53:47.0640 1508 hwpolicy - ok
16:53:47.0906 1508 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
16:53:47.0937 1508 i8042prt - ok
16:53:48.0265 1508 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
16:53:48.0281 1508 iaStorV - ok
16:53:48.0593 1508 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:53:48.0625 1508 idsvc - ok
16:53:50.0203 1508 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:53:50.0531 1508 igfx - ok
16:53:50.0921 1508 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:53:50.0937 1508 iirsp - ok
16:53:51.0218 1508 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
16:53:51.0281 1508 IKEEXT - ok
16:53:51.0437 1508 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
16:53:51.0468 1508 intelide - ok
16:53:51.0703 1508 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:53:51.0734 1508 intelppm - ok
16:53:51.0921 1508 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
16:53:51.0984 1508 IPBusEnum - ok
16:53:52.0140 1508 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:53:52.0203 1508 IpFilterDriver - ok
16:53:52.0453 1508 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
16:53:52.0515 1508 iphlpsvc - ok
16:53:52.0640 1508 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:53:52.0687 1508 IPMIDRV - ok
16:53:52.0843 1508 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:53:52.0906 1508 IPNAT - ok
16:53:53.0093 1508 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:53:53.0140 1508 IRENUM - ok
16:53:53.0296 1508 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
16:53:53.0312 1508 isapnp - ok
16:53:53.0500 1508 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
16:53:53.0515 1508 iScsiPrt - ok
16:53:53.0812 1508 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:53:53.0828 1508 kbdclass - ok
16:53:54.0031 1508 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
16:53:54.0078 1508 kbdhid - ok
16:53:54.0234 1508 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
16:53:54.0250 1508 KeyIso - ok
16:53:54.0406 1508 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
16:53:54.0421 1508 KSecDD - ok
16:53:54.0578 1508 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
16:53:54.0593 1508 KSecPkg - ok
16:53:54.0765 1508 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
16:53:54.0828 1508 KtmRm - ok
16:53:55.0078 1508 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll
16:53:55.0125 1508 LanmanServer - ok
16:53:55.0328 1508 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
16:53:55.0359 1508 LanmanWorkstation - ok
16:53:55.0593 1508 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:53:55.0640 1508 lltdio - ok
16:53:55.0843 1508 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
16:53:55.0906 1508 lltdsvc - ok
16:53:56.0046 1508 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
16:53:56.0093 1508 lmhosts - ok
16:53:56.0312 1508 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:53:56.0343 1508 LSI_FC - ok
16:53:56.0484 1508 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:53:56.0500 1508 LSI_SAS - ok
16:53:56.0734 1508 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:53:56.0750 1508 LSI_SAS2 - ok
16:53:57.0015 1508 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:53:57.0046 1508 LSI_SCSI - ok
16:53:57.0296 1508 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:53:57.0359 1508 luafv - ok
16:53:57.0609 1508 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
16:53:59.0187 1508 MBAMProtector - ok
16:53:59.0437 1508 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:53:59.0500 1508 MBAMService - ok
16:54:00.0125 1508 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
16:54:00.0125 1508 MBAMSwissArmy - ok
16:54:00.0421 1508 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
16:54:00.0484 1508 Mcx2Svc - ok
16:54:01.0000 1508 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:54:01.0031 1508 megasas - ok
16:54:01.0375 1508 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:54:01.0406 1508 MegaSR - ok
16:54:01.0703 1508 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:54:01.0765 1508 MMCSS - ok
16:54:02.0171 1508 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:54:02.0234 1508 Modem - ok
16:54:02.0843 1508 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:54:02.0937 1508 monitor - ok
16:54:03.0281 1508 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
16:54:03.0281 1508 mouclass - ok
16:54:03.0593 1508 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:54:03.0703 1508 mouhid - ok
16:54:03.0953 1508 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
16:54:03.0968 1508 mountmgr - ok
16:54:04.0281 1508 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
16:54:04.0296 1508 MpFilter - ok
16:54:05.0140 1508 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
16:54:05.0156 1508 mpio - ok
16:54:05.0828 1508 MpKsl53b49644 - ok
16:54:06.0156 1508 MpNWMon (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:54:06.0171 1508 MpNWMon - ok
16:54:06.0765 1508 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:54:06.0875 1508 mpsdrv - ok
16:54:07.0234 1508 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
16:54:07.0296 1508 MpsSvc - ok
16:54:07.0890 1508 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
16:54:07.0968 1508 MRxDAV - ok
16:54:08.0531 1508 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:54:08.0703 1508 mrxsmb - ok
16:54:09.0187 1508 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:54:09.0250 1508 mrxsmb10 - ok
16:54:09.0359 1508 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:54:09.0406 1508 mrxsmb20 - ok
16:54:09.0515 1508 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
16:54:09.0546 1508 msahci - ok
16:54:09.0890 1508 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
16:54:09.0906 1508 msdsm - ok
16:54:10.0406 1508 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
16:54:10.0515 1508 MSDTC - ok
16:54:11.0359 1508 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:54:11.0406 1508 Msfs - ok
16:54:11.0625 1508 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:54:11.0671 1508 mshidkmdf - ok
16:54:12.0171 1508 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
16:54:12.0187 1508 msisadrv - ok
16:54:12.0281 1508 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
16:54:12.0312 1508 MSiSCSI - ok
16:54:12.0375 1508 msiserver - ok
16:54:12.0500 1508 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:54:12.0546 1508 MSKSSRV - ok
16:54:12.0921 1508 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:54:12.0984 1508 MSPCLOCK - ok
16:54:13.0718 1508 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:54:13.0828 1508 MSPQM - ok
16:54:14.0828 1508 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:54:14.0875 1508 MsRPC - ok
16:54:15.0578 1508 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
16:54:15.0593 1508 mssmbios - ok
16:54:16.0000 1508 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:54:16.0031 1508 MSTEE - ok
16:54:16.0250 1508 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:54:16.0343 1508 MTConfig - ok
16:54:17.0109 1508 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:54:17.0218 1508 Mup - ok
16:54:18.0109 1508 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
16:54:18.0281 1508 napagent - ok
16:54:19.0125 1508 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:54:19.0265 1508 NativeWifiP - ok
16:54:20.0500 1508 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
16:54:21.0000 1508 NDIS - ok
16:54:21.0421 1508 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:54:21.0468 1508 NdisCap - ok
16:54:21.0890 1508 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:54:22.0000 1508 NdisTapi - ok
16:54:22.0328 1508 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
16:54:22.0515 1508 Ndisuio - ok
16:54:23.0156 1508 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
16:54:23.0187 1508 NdisWan - ok
16:54:23.0890 1508 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
16:54:23.0984 1508 NDProxy - ok
16:54:24.0921 1508 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:54:24.0968 1508 NetBIOS - ok
16:54:25.0937 1508 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
16:54:26.0125 1508 NetBT - ok
16:54:26.0921 1508 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
16:54:26.0921 1508 Netlogon - ok
16:54:27.0718 1508 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
16:54:27.0843 1508 Netman - ok
16:54:28.0390 1508 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
16:54:28.0500 1508 netprofm - ok
16:54:29.0140 1508 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:54:29.0171 1508 NetTcpPortSharing - ok
16:54:30.0281 1508 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:54:30.0359 1508 nfrd960 - ok
16:54:31.0296 1508 NitroReaderDriverReadSpool2 (ccc9f57d8bdb89f0d0995131a656de31) C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
16:54:31.0531 1508 NitroReaderDriverReadSpool2 - ok
16:54:32.0531 1508 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
16:54:32.0687 1508 NlaSvc - ok
16:54:33.0562 1508 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:54:33.0750 1508 Npfs - ok
16:54:34.0515 1508 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
16:54:34.0656 1508 nsi - ok
16:54:35.0484 1508 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:54:35.0593 1508 nsiproxy - ok
16:54:36.0109 1508 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
16:54:36.0156 1508 Ntfs - ok
16:54:36.0453 1508 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:54:36.0500 1508 Null - ok
16:54:36.0984 1508 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
16:54:37.0031 1508 nvraid - ok
16:54:37.0406 1508 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
16:54:37.0406 1508 nvstor - ok
16:54:37.0703 1508 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
16:54:37.0734 1508 nv_agp - ok
16:54:38.0421 1508 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:54:38.0500 1508 odserv - ok
16:54:38.0843 1508 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
16:54:39.0015 1508 ohci1394 - ok
16:54:39.0484 1508 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:54:39.0640 1508 ose - ok
16:54:40.0218 1508 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:54:40.0265 1508 p2pimsvc - ok
16:54:40.0843 1508 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
16:54:40.0906 1508 p2psvc - ok
16:54:41.0515 1508 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:54:41.0578 1508 Parport - ok
16:54:41.0921 1508 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
16:54:41.0937 1508 partmgr - ok
16:54:42.0312 1508 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:54:42.0343 1508 Parvdm - ok
16:54:42.0671 1508 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
16:54:42.0703 1508 PcaSvc - ok
16:54:43.0406 1508 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
16:54:43.0437 1508 pci - ok
16:54:43.0703 1508 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
16:54:43.0718 1508 pciide - ok
16:54:44.0359 1508 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:54:44.0437 1508 pcmcia - ok
16:54:44.0921 1508 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:54:44.0953 1508 pcw - ok
16:54:45.0359 1508 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:54:45.0421 1508 PEAUTH - ok
16:54:45.0796 1508 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
16:54:45.0843 1508 PeerDistSvc - ok
16:54:46.0328 1508 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
16:54:46.0406 1508 pla - ok
16:54:46.0750 1508 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
16:54:46.0812 1508 PlugPlay - ok
16:54:47.0078 1508 PMEM (2b85237f904c5bdf7ad386f0ede19bd3) C:\Windows\system32\drivers\pmemnt.sys
16:54:47.0109 1508 PMEM ( UnsignedFile.Multi.Generic ) - warning
16:54:47.0109 1508 PMEM - detected UnsignedFile.Multi.Generic (1)
16:54:48.0062 1508 Pml Driver HPZ12 (379f7a0ec9fbe07629fd3f244d3e3e44) C:\Windows\system32\HPZipm12.dll
16:54:48.0140 1508 Pml Driver HPZ12 - ok
16:54:48.0343 1508 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
16:54:48.0375 1508 PNRPAutoReg - ok
16:54:48.0609 1508 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:54:48.0609 1508 PNRPsvc - ok
16:54:48.0937 1508 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
16:54:49.0000 1508 PolicyAgent - ok
16:54:49.0312 1508 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
16:54:49.0343 1508 Power - ok
16:54:49.0703 1508 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:54:49.0750 1508 PptpMiniport - ok
16:54:49.0953 1508 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:54:49.0968 1508 Processor - ok
16:54:50.0296 1508 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
16:54:50.0375 1508 ProfSvc - ok
16:54:50.0625 1508 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
16:54:50.0640 1508 ProtectedStorage - ok
16:54:51.0468 1508 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:54:51.0609 1508 Psched - ok
16:54:52.0359 1508 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
16:54:52.0593 1508 PSI_SVC_2 - ok
16:54:53.0062 1508 QBCFMonitorService (45ff9e4ec506fca0c263a3299809b73a) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
16:54:53.0250 1508 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
16:54:53.0250 1508 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
16:54:54.0078 1508 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
16:54:54.0234 1508 QBFCService ( UnsignedFile.Multi.Generic ) - warning
16:54:54.0234 1508 QBFCService - detected UnsignedFile.Multi.Generic (1)
16:54:55.0781 1508 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:54:55.0875 1508 ql2300 - ok
16:54:56.0406 1508 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:54:56.0453 1508 ql40xx - ok
16:54:56.0546 1508 QuickBooksDB18 - ok
16:54:56.0781 1508 QuickBooksDB20 - ok
16:54:57.0093 1508 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
16:54:57.0140 1508 QWAVE - ok
16:54:57.0375 1508 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:54:57.0406 1508 QWAVEdrv - ok
16:54:57.0468 1508 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:54:57.0515 1508 RasAcd - ok
16:54:57.0781 1508 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:54:57.0812 1508 RasAgileVpn - ok
16:54:58.0015 1508 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
16:54:58.0046 1508 RasAuto - ok
16:54:58.0359 1508 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:54:58.0421 1508 Rasl2tp - ok
16:54:59.0390 1508 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
16:54:59.0500 1508 RasMan - ok
16:55:00.0296 1508 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:55:00.0453 1508 RasPppoe - ok
16:55:01.0390 1508 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:55:01.0531 1508 RasSstp - ok
16:55:02.0390 1508 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
16:55:02.0468 1508 rdbss - ok
16:55:02.0828 1508 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:55:02.0875 1508 rdpbus - ok
16:55:03.0218 1508 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:55:03.0281 1508 RDPCDD - ok
16:55:03.0718 1508 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
16:55:03.0750 1508 RDPDR - ok
16:55:04.0046 1508 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:55:04.0078 1508 RDPENCDD - ok
16:55:04.0343 1508 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:55:04.0375 1508 RDPREFMP - ok
16:55:04.0765 1508 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
16:55:04.0796 1508 RDPWD - ok
16:55:05.0187 1508 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
16:55:05.0218 1508 rdyboost - ok
16:55:05.0437 1508 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
16:55:05.0484 1508 RemoteAccess - ok
16:55:05.0750 1508 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
16:55:05.0796 1508 RemoteRegistry - ok
16:55:06.0078 1508 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
16:55:06.0125 1508 RpcEptMapper - ok
16:55:06.0343 1508 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
16:55:06.0390 1508 RpcLocator - ok
16:55:06.0703 1508 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
16:55:06.0734 1508 RpcSs - ok
16:55:07.0828 1508 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:55:08.0109 1508 rspndr - ok
16:55:08.0750 1508 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
16:55:08.0812 1508 RTL8167 - ok
16:55:09.0531 1508 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
16:55:09.0718 1508 s3cap - ok
16:55:09.0968 1508 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
16:55:09.0984 1508 SamSs - ok
16:55:10.0328 1508 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
16:55:10.0343 1508 sbp2port - ok
16:55:10.0468 1508 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
16:55:10.0531 1508 SCardSvr - ok
16:55:10.0859 1508 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
16:55:10.0906 1508 scfilter - ok
16:55:11.0265 1508 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
16:55:11.0296 1508 Schedule - ok
16:55:11.0687 1508 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
16:55:11.0703 1508 SCPolicySvc - ok
16:55:12.0453 1508 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
16:55:12.0484 1508 SDRSVC - ok
16:55:12.0687 1508 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:55:12.0734 1508 secdrv - ok
16:55:12.0953 1508 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
16:55:13.0000 1508 seclogon - ok
16:55:13.0328 1508 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
16:55:13.0375 1508 SENS - ok
16:55:13.0437 1508 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
16:55:13.0484 1508 SensrSvc - ok
16:55:13.0781 1508 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:55:13.0812 1508 Serenum - ok
16:55:14.0187 1508 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
16:55:14.0218 1508 Serial - ok
16:55:14.0593 1508 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:55:14.0656 1508 sermouse - ok
16:55:14.0890 1508 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
16:55:14.0921 1508 SessionEnv - ok
16:55:15.0171 1508 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
16:55:15.0203 1508 sffdisk - ok
16:55:15.0468 1508 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:55:15.0500 1508 sffp_mmc - ok
16:55:15.0921 1508 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:55:15.0968 1508 sffp_sd - ok
16:55:16.0171 1508 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:55:16.0265 1508 sfloppy - ok
16:55:16.0390 1508 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
16:55:16.0437 1508 SharedAccess - ok
16:55:16.0500 1508 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
16:55:16.0546 1508 ShellHWDetection - ok
16:55:16.0890 1508 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
16:55:16.0921 1508 sisagp - ok
16:55:17.0265 1508 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:55:17.0281 1508 SiSRaid2 - ok
16:55:17.0468 1508 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:55:17.0484 1508 SiSRaid4 - ok
16:55:18.0125 1508 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:55:18.0218 1508 Smb - ok
16:55:18.0578 1508 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
16:55:18.0671 1508 SNMPTRAP - ok
16:55:18.0906 1508 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:55:18.0937 1508 spldr - ok
16:55:19.0203 1508 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
16:55:19.0218 1508 Spooler - ok
16:55:19.0937 1508 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
16:55:20.0000 1508 sppsvc - ok
16:55:20.0437 1508 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
16:55:20.0484 1508 sppuinotify - ok
16:55:20.0609 1508 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
16:55:20.0828 1508 srv - ok
16:55:21.0062 1508 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
16:55:21.0078 1508 srv2 - ok
16:55:21.0468 1508 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
16:55:21.0500 1508 srvnet - ok
16:55:21.0578 1508 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
16:55:21.0609 1508 SSDPSRV - ok
16:55:21.0671 1508 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
16:55:21.0718 1508 SstpSvc - ok
16:55:21.0796 1508 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:55:21.0828 1508 stexstor - ok
16:55:21.0890 1508 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
16:55:21.0921 1508 StiSvc - ok
16:55:22.0046 1508 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
16:55:22.0062 1508 storflt - ok
16:55:22.0171 1508 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
16:55:22.0203 1508 StorSvc - ok
16:55:22.0296 1508 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
16:55:22.0312 1508 storvsc - ok
16:55:22.0390 1508 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
16:55:22.0406 1508 swenum - ok
16:55:22.0500 1508 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
16:55:22.0546 1508 swprv - ok
16:55:22.0687 1508 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
16:55:22.0734 1508 SysMain - ok
16:55:22.0828 1508 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
16:55:22.0875 1508 TabletInputService - ok
16:55:22.0984 1508 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
16:55:23.0015 1508 TapiSrv - ok
16:55:23.0250 1508 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
16:55:23.0359 1508 TBS - ok
16:55:23.0937 1508 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
16:55:24.0046 1508 Tcpip - ok
16:55:24.0656 1508 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
16:55:24.0687 1508 TCPIP6 - ok
16:55:25.0109 1508 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
16:55:25.0140 1508 tcpipreg - ok
16:55:25.0281 1508 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
16:55:25.0328 1508 TDPIPE - ok
16:55:25.0765 1508 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
16:55:25.0828 1508 TDTCP - ok
16:55:26.0171 1508 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
16:55:26.0234 1508 tdx - ok
16:55:26.0671 1508 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
16:55:26.0671 1508 TermDD - ok
16:55:27.0968 1508 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
16:55:28.0156 1508 TermService - ok
16:55:29.0156 1508 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
16:55:29.0625 1508 Themes - ok
16:55:30.0203 1508 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:55:30.0234 1508 THREADORDER - ok
16:55:30.0390 1508 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
16:55:30.0453 1508 TrkWks - ok
16:55:30.0625 1508 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
16:55:30.0671 1508 TrustedInstaller - ok
16:55:30.0953 1508 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:55:30.0984 1508 tssecsrv - ok
16:55:31.0546 1508 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
16:55:31.0781 1508 tunnel - ok
16:55:32.0796 1508 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:55:32.0812 1508 uagp35 - ok
16:55:34.0101 1508 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
16:55:34.0328 1508 udfs - ok
16:55:34.0765 1508 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
16:55:34.0828 1508 UI0Detect - ok
16:55:35.0750 1508 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:55:35.0757 1508 uliagpkx - ok
16:55:36.0093 1508 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
16:55:36.0289 1508 umbus - ok
16:55:36.0921 1508 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:55:36.0992 1508 UmPass - ok
16:55:37.0843 1508 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
16:55:38.0101 1508 UmRdpService - ok
16:55:39.0226 1508 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
16:55:39.0328 1508 upnphost - ok
16:55:40.0085 1508 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
16:55:40.0195 1508 usbccgp - ok
16:55:41.0507 1508 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
16:55:41.0609 1508 usbcir - ok
16:55:42.0460 1508 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
16:55:42.0664 1508 usbehci - ok
16:55:43.0664 1508 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
16:55:43.0687 1508 usbhub - ok
16:55:44.0531 1508 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
16:55:44.0656 1508 usbohci - ok
16:55:45.0664 1508 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:55:45.0773 1508 usbprint - ok
16:55:47.0195 1508 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
16:55:47.0289 1508 usbscan - ok
16:55:48.0265 1508 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:55:48.0398 1508 USBSTOR - ok
16:55:49.0421 1508 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
16:55:49.0625 1508 usbuhci - ok
16:55:49.0734 1508 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
16:55:49.0820 1508 UxSms - ok
16:55:50.0570 1508 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
16:55:50.0585 1508 VaultSvc - ok
16:55:51.0273 1508 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:55:51.0281 1508 vdrvroot - ok
16:55:52.0265 1508 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
16:55:52.0421 1508 vds - ok
16:55:53.0382 1508 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:55:53.0578 1508 vga - ok
16:55:54.0445 1508 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:55:54.0554 1508 VgaSave - ok
16:55:55.0085 1508 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
16:55:55.0656 1508 vhdmp - ok
16:55:56.0304 1508 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
16:55:56.0320 1508 viaagp - ok
16:55:56.0359 1508 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
16:55:56.0390 1508 ViaC7 - ok
16:55:56.0406 1508 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
16:55:56.0414 1508 viaide - ok
16:55:56.0429 1508 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
16:55:56.0445 1508 vmbus - ok
16:55:56.0460 1508 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
16:55:56.0468 1508 VMBusHID - ok
16:55:56.0492 1508 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
16:55:56.0500 1508 volmgr - ok
16:55:56.0523 1508 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:55:56.0539 1508 volmgrx - ok
16:55:56.0554 1508 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
16:55:56.0562 1508 volsnap - ok
16:55:56.0609 1508 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
16:55:56.0617 1508 vsmraid - ok
16:55:56.0859 1508 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
16:55:56.0906 1508 VSS - ok
16:55:56.0960 1508 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
16:55:56.0984 1508 vwifibus - ok
16:55:57.0000 1508 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
16:55:57.0039 1508 W32Time - ok
16:55:57.0054 1508 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
16:55:57.0062 1508 WacomPen - ok
16:55:57.0109 1508 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
16:55:57.0132 1508 WANARP - ok
16:55:57.0140 1508 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
16:55:57.0156 1508 Wanarpv6 - ok
16:55:57.0234 1508 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
16:55:57.0265 1508 WatAdminSvc - ok
16:55:57.0304 1508 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
16:55:57.0335 1508 wbengine - ok
16:55:57.0382 1508 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
16:55:57.0429 1508 WbioSrvc - ok
16:55:57.0562 1508 wbjwqply - ok
16:55:57.0648 1508 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
16:55:57.0687 1508 wcncsvc - ok
16:55:57.0710 1508 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
16:55:57.0734 1508 WcsPlugInService - ok
16:55:57.0828 1508 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
16:55:57.0835 1508 Wd - ok
16:55:57.0851 1508 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:55:57.0867 1508 Wdf01000 - ok
16:55:57.0898 1508 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:55:57.0945 1508 WdiServiceHost - ok
16:55:57.0953 1508 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:55:57.0968 1508 WdiSystemHost - ok
16:55:58.0015 1508 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
16:55:58.0031 1508 WebClient - ok
16:55:58.0054 1508 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
16:55:58.0085 1508 Wecsvc - ok
16:55:58.0101 1508 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
16:55:58.0140 1508 wercplsupport - ok
16:55:58.0203 1508 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
16:55:58.0226 1508 WerSvc - ok
16:55:58.0265 1508 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:55:58.0289 1508 WfpLwf - ok
16:55:58.0304 1508 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:55:58.0312 1508 WIMMount - ok
16:55:58.0328 1508 WinHttpAutoProxySvc - ok
16:55:58.0375 1508 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
16:55:58.0398 1508 Winmgmt - ok
16:55:58.0445 1508 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
16:55:58.0500 1508 WinRM - ok
16:55:58.0703 1508 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
16:55:58.0718 1508 WinUsb - ok
16:55:58.0789 1508 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
16:55:58.0859 1508 Wlansvc - ok
16:55:58.0898 1508 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:55:58.0953 1508 WmiAcpi - ok
16:55:59.0007 1508 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
16:55:59.0015 1508 wmiApSrv - ok
16:55:59.0117 1508 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:55:59.0203 1508 WMPNetworkSvc - ok
16:55:59.0218 1508 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
16:55:59.0226 1508 WPCSvc - ok
16:55:59.0242 1508 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
16:55:59.0289 1508 WPDBusEnum - ok
16:55:59.0343 1508 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:55:59.0390 1508 ws2ifsl - ok
16:55:59.0398 1508 WSearch - ok
16:55:59.0515 1508 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
16:55:59.0593 1508 wuauserv - ok
16:55:59.0609 1508 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
16:55:59.0640 1508 WudfPf - ok
16:55:59.0742 1508 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:55:59.0812 1508 WUDFRd - ok
16:55:59.0882 1508 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
16:55:59.0914 1508 wudfsvc - ok
16:55:59.0945 1508 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
16:55:59.0968 1508 WwanSvc - ok
16:56:00.0007 1508 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
16:56:00.0031 1508 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
16:56:00.0031 1508 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
16:56:01.0070 1508 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:56:01.0070 1508 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:56:01.0078 1508 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk1\DR1
16:56:01.0156 1508 \Device\Harddisk1\DR1 - ok
16:56:01.0156 1508 Boot (0x1200) (20c40c621157a007205f7199c98a202b) \Device\Harddisk0\DR0\Partition0
16:56:01.0164 1508 \Device\Harddisk0\DR0\Partition0 - ok
16:56:01.0179 1508 Boot (0x1200) (759b1ec831012e6072b4444a2c17fd13) \Device\Harddisk0\DR0\Partition1
16:56:01.0179 1508 \Device\Harddisk0\DR0\Partition1 - ok
16:56:01.0179 1508 Boot (0x1200) (9e0ea69bb6921b05ca204d5db8f5e5f7) \Device\Harddisk1\DR1\Partition0
16:56:01.0187 1508 \Device\Harddisk1\DR1\Partition0 - ok
16:56:01.0195 1508 ============================================================
16:56:01.0195 1508 Scan finished
16:56:01.0195 1508 ============================================================
16:56:01.0210 0300 Detected object count: 6
16:56:01.0210 0300 Actual detected object count: 6
16:56:53.0708 0300 Agent ( UnsignedFile.Multi.Generic ) - skipped by user
16:56:53.0708 0300 Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:56:53.0708 0300 PMEM ( UnsignedFile.Multi.Generic ) - skipped by user
16:56:53.0708 0300 PMEM ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:56:53.0721 0300 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
16:56:53.0721 0300 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:56:53.0732 0300 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
16:56:53.0732 0300 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:56:53.0807 0300 \Device\Harddisk0\DR0\# - copied to quarantine
16:56:53.0808 0300 \Device\Harddisk0\DR0 - copied to quarantine
16:56:53.0828 0300 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
16:56:53.0833 0300 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
16:56:53.0837 0300 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
16:56:53.0840 0300 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
16:56:53.0843 0300 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
16:56:53.0852 0300 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
16:56:53.0858 0300 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
16:56:53.0859 0300 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
16:56:53.0877 0300 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
16:56:53.0879 0300 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
16:56:53.0880 0300 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
16:56:53.0882 0300 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
16:56:53.0918 0300 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
16:56:53.0919 0300 \Device\Harddisk0\DR0 - ok
16:56:59.0512 0300 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
16:56:59.0513 0300 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:56:59.0513 0300 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
16:57:01.0712 1592 Deinitialize success


Thank you
  • 0

#8
maliprog
Posted 28 March 2012 - 11:48 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi valgalvez,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\System32\drivers\feli.sys

Folder::

Registry::

Driver::
wbjwqply


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Make sure to restart your system after this fix.
  • 0

#9
valgalvez
Posted 29 March 2012 - 01:04 PM

valgalvez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Thank you sooo much, so far it is running way better :) Also, I tried disabling the Windows security essentials but it kept saying that it wasn't disabled when I first did the combo fix.

Here is the log:


ComboFix 12-03-27.03 - Valerie 03/29/2012 12:49:08.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3037.2030 [GMT -7:00]
Running from: c:\users\valerie\Desktop\ComboFix.exe
Command switches used :: c:\users\valerie\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\drivers\feli.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_wbjwqply
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-29 19:54 . 2012-03-29 19:54 -------- d-----w- c:\users\User\AppData\Local\temp
2012-03-29 19:54 . 2012-03-29 19:54 -------- d-----w- c:\users\QBDataServiceUser20\AppData\Local\temp
2012-03-29 19:54 . 2012-03-29 19:54 -------- d-----w- c:\users\QBDataServiceUser18\AppData\Local\temp
2012-03-29 19:54 . 2012-03-29 19:54 -------- d-----w- c:\users\drbressman\AppData\Local\temp
2012-03-29 19:54 . 2012-03-29 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-29 19:54 . 2012-03-29 19:54 -------- d-----w- c:\users\administrator\AppData\Local\temp
2012-03-28 10:00 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-28 10:00 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-28 00:03 . 2012-02-03 04:01 2341376 ----a-w- c:\windows\system32\win32k.sys
2012-03-28 00:03 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-03-28 00:03 . 2012-02-10 05:41 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-28 00:03 . 2012-02-10 05:41 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-28 00:03 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-28 00:03 . 2012-02-10 05:41 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-03-28 00:03 . 2012-01-25 05:44 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-28 00:03 . 2012-01-25 05:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-28 00:03 . 2012-01-25 05:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-28 00:03 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-28 00:03 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-28 00:03 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-27 23:56 . 2012-03-27 23:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-22 19:55 . 2012-03-22 20:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-22 19:53 . 2012-03-22 19:53 709968 ----a-w- c:\windows\is-LMSLK.exe
2012-03-21 01:44 . 2012-03-21 01:44 -------- d-----w- C:\_OTM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-28 20:34 . 2010-02-12 19:11 1682 --sha-w- c:\programdata\KGyGaAvL.sys
2012-02-21 11:02 . 2012-02-21 11:02 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-21 11:02 . 2012-02-21 11:02 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-21 11:02 . 2012-02-21 11:02 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-21 11:02 . 2012-02-21 11:02 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-21 11:02 . 2012-02-21 11:02 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-21 11:02 . 2012-02-21 11:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-21 11:02 . 2012-02-21 11:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-21 11:02 . 2012-02-21 11:02 367104 ----a-w- c:\windows\system32\html.iec
2012-02-21 11:02 . 2012-02-21 11:02 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-21 11:02 . 2012-02-21 11:02 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-21 11:02 . 2012-02-21 11:02 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-21 11:02 . 2012-02-21 11:02 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-21 11:02 . 2012-02-21 11:02 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-21 11:02 . 2012-02-21 11:02 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-21 11:02 . 2012-02-21 11:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-21 11:02 . 2012-02-21 11:02 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-21 11:02 . 2012-02-21 11:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-21 11:02 . 2012-02-21 11:02 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-21 11:02 . 2012-02-21 11:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-21 11:02 . 2012-02-21 11:02 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-21 11:02 . 2012-02-21 11:02 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-09 22:23 . 2011-07-06 19:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-11 11:20 . 2012-01-10 11:22 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A23654C7-D618-461D-9706-ECDF981017D7}\offreg.dll
2012-01-04 09:26 . 2010-01-04 23:01 236576 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 09:03 . 2012-02-15 02:17 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-03 05:44 . 2012-02-15 02:17 478208 ----a-w- c:\windows\system32\timedate.cpl
2011-08-24 01:42 . 2011-10-14 00:10 332144 ----a-w- c:\program files\Common Files\MediaOrganizer.dll
2011-08-24 01:35 . 2011-10-14 00:10 33136 ----a-w- c:\program files\Common Files\FlickrProvider.dll
2011-08-24 01:35 . 2011-10-14 00:10 402800 ----a-w- c:\program files\Common Files\facebook.dll
2011-08-24 01:35 . 2011-10-14 00:10 130416 ----a-w- c:\program files\Common Files\PluginCommon.dll
2011-08-24 01:34 . 2011-10-14 00:10 465264 ----a-w- c:\program files\Common Files\AppFramework.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-28_00.12.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-28 00:03 . 2012-01-25 05:38 57856 c:\windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.21136_none_a43e129f5a30a1d5\rdpwsx.dll
+ 2012-03-28 00:03 . 2012-01-25 05:44 57856 c:\windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.16952_none_a39afcb24126a14f\rdpwsx.dll
+ 2012-03-28 00:03 . 2012-02-17 04:09 24576 c:\windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.21924_none_de3273e8bc1f0f12\tdtcp.sys
+ 2012-03-28 00:03 . 2010-11-20 10:21 18432 c:\windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.21924_none_de3273e8bc1f0f12\tdpipe.sys
+ 2012-03-28 00:03 . 2012-02-17 04:13 24576 c:\windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.17779_none_dd77c70da3257c89\tdtcp.sys
+ 2012-03-28 00:03 . 2010-11-20 10:21 18432 c:\windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.17779_none_dd77c70da3257c89\tdpipe.sys
+ 2012-03-28 00:03 . 2012-02-17 04:16 24064 c:\windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.21151_none_dc287c7cbf13e10f\tdtcp.sys
+ 2012-03-28 00:03 . 2012-02-15 04:22 24064 c:\windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16963_none_db963837a5fc5ca2\tdtcp.sys
+ 2012-03-28 00:03 . 2010-11-20 10:21 15872 c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.21924_none_321467207f36f8cc\rdpvideominiport.sys
+ 2012-03-28 00:03 . 2010-11-20 10:21 15872 c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17779_none_3159ba45663d6643\rdpvideominiport.sys
+ 2009-07-14 04:55 . 2012-03-29 19:57 26000 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:34 . 2012-03-29 10:25 83416 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-11-22 05:31 . 2011-11-22 05:31 57616 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-02-15 11:01 . 2012-02-15 11:01 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\8dd565cc0b374e1eec73cf7eaba91e92\UIAutomationProvider.ni.dll
+ 2012-03-29 10:09 . 2012-03-29 10:09 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\077e75015456f75a0495f65cfcf140cb\System.Windows.Presentation.ni.dll
+ 2012-03-29 10:08 . 2012-03-29 10:08 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\22a9aa847a8e4e651a35b63270ce8999\System.Web.ApplicationServices.ni.dll
+ 2012-03-29 10:08 . 2012-03-29 10:08 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fdeb5ca04943da59f732d3001d6a0df0\System.ServiceModel.Channels.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\9688786618bf6390637c283b5bd1c9b3\System.AddIn.Contract.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\6ffc3ac04451b4978519218fd266403e\Microsoft.VisualC.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\8cbc15b63aa3f06453f1aaa8659cf809\Accessibility.ni.dll
+ 2012-03-28 00:03 . 2012-01-25 13:42 8192 c:\windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.21907_none_9cb016ace2622726\rdrmemptylst.exe
+ 2012-03-28 00:03 . 2012-01-25 05:27 8192 c:\windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17767_none_9be59873c97531db\rdrmemptylst.exe
+ 2012-03-28 00:03 . 2012-01-25 05:33 8192 c:\windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.21136_none_9aa81fd4e5552bd1\rdrmemptylst.exe
+ 2012-03-28 00:03 . 2012-01-25 05:40 8192 c:\windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.16952_none_9a0509e7cc4b2b4b\rdrmemptylst.exe
+ 2012-03-29 10:18 . 2012-03-29 19:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-27 23:58 . 2012-03-27 23:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-29 10:18 . 2012-03-29 19:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-27 23:58 . 2012-03-27 23:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-29 10:09 . 2012-03-29 10:09 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\6bafe185b3d23de57ec689035642fe43\System.Xml.Serialization.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\592252ee904bd41f99cd1d19909b548c\dfsvc.ni.exe
+ 2012-03-28 00:03 . 2012-02-17 04:16 152064 c:\windows\winsxs\x86_microsoft-windows-t..s-rdp-displaydriver_31bf3856ad364e35_6.1.7600.21151_none_e5081a03cf558ee4\rdpdd.dll
+ 2012-03-28 00:03 . 2012-01-25 05:38 129536 c:\windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.21136_none_a43e129f5a30a1d5\rdpcorekmts.dll
+ 2012-03-28 00:03 . 2012-01-25 05:44 129536 c:\windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.16952_none_a39afcb24126a14f\rdpcorekmts.dll
+ 2012-03-28 00:03 . 2012-02-17 04:09 183808 c:\windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.21924_none_4dfbc4c44c6a5495\rdpwd.sys
+ 2012-03-28 00:03 . 2012-02-17 04:14 183808 c:\windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17779_none_4d4117e93370c20c\rdpwd.sys
+ 2012-03-28 00:03 . 2012-02-17 04:16 178176 c:\windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.21151_none_4bf1cd584f5f2692\rdpwd.sys
+ 2012-03-28 00:03 . 2012-02-15 04:22 177152 c:\windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16963_none_4b5f89133647a225\rdpwd.sys
+ 2012-03-28 00:03 . 2012-02-17 05:30 826880 c:\windows\winsxs\x86_microsoft-windows-t..-collaboration-core_31bf3856ad364e35_6.1.7601.21924_none_bd9532d96d928465\rdpcore.dll
+ 2012-03-28 00:03 . 2012-02-17 05:34 826880 c:\windows\winsxs\x86_microsoft-windows-t..-collaboration-core_31bf3856ad364e35_6.1.7601.17779_none_bcda85fe5498f1dc\rdpcore.dll
+ 2012-03-28 00:03 . 2012-02-17 05:43 827904 c:\windows\winsxs\x86_microsoft-windows-t..-collaboration-core_31bf3856ad364e35_6.1.7600.21151_none_bb8b3b6d70875662\rdpcore.dll
+ 2012-03-28 00:03 . 2012-02-15 05:44 826368 c:\windows\winsxs\x86_microsoft-windows-t..-collaboration-core_31bf3856ad364e35_6.1.7600.16963_none_baf8f728576fd1f5\rdpcore.dll
+ 2012-03-28 00:03 . 2010-11-20 10:24 134656 c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.21924_none_321467207f36f8cc\rdpudd.dll
+ 2012-03-28 00:03 . 2012-02-17 05:30 919040 c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.21924_none_321467207f36f8cc\rdpcorets.dll
+ 2012-03-28 00:03 . 2010-11-20 10:24 134656 c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17779_none_3159ba45663d6643\rdpudd.dll
+ 2012-03-28 00:03 . 2012-02-17 05:34 919040 c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17779_none_3159ba45663d6643\rdpcorets.dll
+ 2012-03-28 00:03 . 2012-02-10 05:35 218624 c:\windows\winsxs\x86_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_6.1.7600.21148_none_50b7946823e04aa2\d3d10_1core.dll
+ 2012-03-28 00:03 . 2012-02-10 05:35 161792 c:\windows\winsxs\x86_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_6.1.7600.21148_none_50b7946823e04aa2\d3d10_1.dll
+ 2012-03-28 00:03 . 2012-02-10 05:41 218624 c:\windows\winsxs\x86_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_6.1.7600.16961_none_50117d9d0ad8fe17\d3d10_1core.dll
+ 2012-03-28 00:03 . 2012-02-10 05:41 161792 c:\windows\winsxs\x86_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_6.1.7600.16961_none_50117d9d0ad8fe17\d3d10_1.dll
+ 2012-03-28 00:03 . 2012-02-10 05:35 739840 c:\windows\winsxs\x86_microsoft-windows-d2d_31bf3856ad364e35_6.1.7600.21148_none_a82afdc6d63f2cda\d2d1.dll
+ 2012-03-28 00:03 . 2012-02-10 05:41 739840 c:\windows\winsxs\x86_microsoft-windows-d2d_31bf3856ad364e35_6.1.7600.16961_none_a784e6fbbd37e04f\d2d1.dll
+ 2010-01-05 18:44 . 2012-03-29 19:05 312638 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:05 . 2012-03-28 00:04 623940 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2012-03-29 10:22 623940 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2012-03-28 00:04 106316 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2012-03-29 10:22 106316 c:\windows\System32\perfc009.dat
- 2009-07-14 04:33 . 2012-02-15 11:21 371784 c:\windows\System32\FNTCACHE.DAT
+ 2009-07-14 04:33 . 2012-03-28 10:17 371784 c:\windows\System32\FNTCACHE.DAT
- 2010-01-05 12:19 . 2012-03-28 00:04 212992 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-05 12:19 . 2012-03-28 01:10 212992 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:47 . 2012-03-19 21:16 324300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2012-03-29 10:18 324300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-22 05:31 . 2011-11-22 05:31 518400 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-11-22 05:31 . 2011-11-22 05:31 957200 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-03-29 10:09 . 2012-03-29 10:09 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\d5a18f2355101b19f23ff2f31d1d1e17\WindowsFormsIntegration.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\9562374f940f41cdc64d88268d543f0b\UIAutomationTypes.ni.dll
+ 2012-03-29 10:09 . 2012-03-29 10:09 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\641eec5b274fe3972d02892607f9b650\UIAutomationClient.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\295b3156b838ca161a64a5456522438b\System.Xml.Linq.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\0b68854406b775365c6d91e87813c2dc\System.Windows.Input.Manipulations.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5e3cf00b80c0aecd8392f1702d2d0f28\System.Transactions.ni.dll
+ 2012-03-29 10:08 . 2012-03-29 10:08 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\bf0b3689dd5e261097f2feb2ed0103e8\System.ServiceProcess.ni.dll
+ 2012-03-29 10:08 . 2012-03-29 10:08 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d3d9c582c7cd77f17fd93167dc462242\System.ServiceModel.Routing.ni.dll
+ 2012-03-29 10:02 . 2012-03-29 10:02 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\c1127f26363bea39c40707b9ddb6bbb9\System.Security.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\7b17528dffe47d9b17be6086a575a516\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\533deafc53346179cd118acc874752a3\System.Runtime.Remoting.ni.dll
+ 2012-03-29 10:02 . 2012-03-29 10:02 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\3ce3d5b8126cda36b3dbd3535f249890\System.Numerics.ni.dll
+ 2012-03-29 10:08 . 2012-03-29 10:08 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\965e2749489298cc85387f44f76a40f2\System.Net.ni.dll
+ 2012-03-29 10:08 . 2012-03-29 10:08 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\f5333e6e06a2d476f93b0880c5e7fd14\System.Messaging.ni.dll
+ 2012-03-29 10:08 . 2012-03-29 10:08 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\1bff2d3e952c2160ba0c790d2342a601\System.Management.Instrumentation.ni.dll
+ 2012-03-29 10:08 . 2012-03-29 10:08 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\e6cb98078120266f5310adf0f45aa7df\System.IO.Log.ni.dll
+ 2012-03-29 10:08 . 2012-03-29 10:08 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\22dadf930ad449894633480562d6c913\System.IdentityModel.Selectors.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.Wrapper.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.ni.dll
+ 2012-03-29 10:02 . 2012-03-29 10:02 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\cbb6e9a9b075d9f6fa303e3eef4c0ffd\System.Dynamic.ni.dll
+ 2012-03-29 10:08 . 2012-03-29 10:08 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\e25cc7918b583b3beffcad52920eae29\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-03-29 10:08 . 2012-03-29 10:08 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\a3be39ae9813098aa81430dd507d22ca\System.DirectoryServices.Protocols.ni.dll
+ 2012-03-29 10:08 . 2012-03-29 10:08 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\4975f93d2055b33bd7a91d6f05628e2a\System.Device.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\42d3d301d2adef24edeb3b775fbe3a4b\System.Data.DataSetExtensions.ni.dll
+ 2012-03-29 10:02 . 2012-03-29 10:02 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\e844f0d4cf703c2e97515ed020331b76\System.Configuration.Install.ni.dll
+ 2012-03-29 10:02 . 2012-03-29 10:02 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\a92c1bd4d32fbbc54134fc40d2f97389\System.ComponentModel.Composition.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\9b418b211d6207feafcdc27027d26036\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\a4cfba8e3500f8387fe5924b940983be\System.AddIn.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\520d0ed9f48c121fbe79bda6fc176b74\System.Activities.DurableInstancing.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\98ec8a39382e6eee39845bd4759ecf04\SMSvcHost.ni.exe
+ 2012-03-29 10:07 . 2012-03-29 10:07 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3b905cdec5960d51e5bdc7030b005c09\SMDiagnostics.ni.dll
+ 2012-03-29 10:02 . 2012-03-29 10:02 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\94d89db071d382d9ba0bc6381669b85f\PresentationFramework.Classic.ni.dll
+ 2012-03-29 10:02 . 2012-03-29 10:02 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8b8a5c194aacfb2102d4e26b75a84e03\PresentationFramework.Aero.ni.dll
+ 2012-03-29 10:02 . 2012-03-29 10:02 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\443c3fae1f6f0588a542ddc1c02c1be1\PresentationFramework.Royale.ni.dll
+ 2012-03-29 10:02 . 2012-03-29 10:02 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\273034086c19b92034c9f2896724ac33\PresentationFramework.Luna.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\cdd04b14b9dd6ced2e2572a044c3c57e\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\5958d9610eb58adb2b62153492a7c27e\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\e3e1fd8ccf76e9eb0147484fb8dd773a\CustomMarshalers.ni.dll
+ 2012-03-28 00:03 . 2012-02-03 04:13 2351104 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21914_none_bb84862311e67a0a\win32k.sys
+ 2012-03-28 00:03 . 2012-02-03 03:54 2343424 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17772_none_bab80755f8fb5211\win32k.sys
+ 2012-03-28 00:03 . 2012-02-03 03:53 2350592 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21143_none_b97c8f4b14d97eb5\win32k.sys
+ 2012-03-28 00:03 . 2012-02-03 04:01 2341376 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16957_none_b8ec4b99fbc02cf6\win32k.sys
+ 2012-03-28 10:00 . 2011-11-19 11:11 3916656 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntoskrnl.exe
+ 2012-03-28 10:00 . 2011-11-19 11:11 3971440 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntkrnlpa.exe
+ 2012-03-28 10:00 . 2011-11-19 14:50 3913584 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntoskrnl.exe
+ 2012-03-28 10:00 . 2011-11-19 14:50 3968368 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntkrnlpa.exe
+ 2012-03-28 10:00 . 2011-11-19 11:24 3915632 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21094_none_6c8465f92e9d6f42\ntoskrnl.exe
+ 2012-03-28 10:00 . 2011-11-19 11:24 3971440 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21094_none_6c8465f92e9d6f42\ntkrnlpa.exe
+ 2012-03-28 10:00 . 2011-11-19 14:25 3902320 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_6c547330153c05da\ntoskrnl.exe
+ 2012-03-28 10:00 . 2011-11-19 14:25 3957616 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_6c547330153c05da\ntkrnlpa.exe
+ 2012-03-28 00:03 . 2012-02-10 05:35 1170944 c:\windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_6.1.7600.21148_none_eaf1bae6d0fa9229\d3d10warp.dll
+ 2012-03-28 00:03 . 2012-02-10 05:41 1170944 c:\windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_6.1.7600.16961_none_ea4ba41bb7f3459e\d3d10warp.dll
+ 2012-03-28 00:03 . 2012-02-10 05:27 1077248 c:\windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.21920_none_d51faa7676da7693\DWrite.dll
+ 2012-03-28 00:03 . 2012-02-10 05:38 1077248 c:\windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.17776_none_d465fde55ddffd61\DWrite.dll
+ 2012-03-28 00:03 . 2012-02-10 05:35 1077248 c:\windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7600.21148_none_d32b862479bd435c\DWrite.dll
+ 2012-03-28 00:03 . 2012-02-10 05:41 1074176 c:\windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7600.16961_none_d2856f5960b5f6d1\DWrite.dll
+ 2009-07-14 02:03 . 2012-03-29 18:13 7340032 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2012-03-28 00:02 7340032 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2010-01-05 12:19 . 2012-03-28 01:10 5554176 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-05 12:19 . 2012-03-28 00:04 5554176 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:34 . 2012-03-28 10:19 3894406 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:34 . 2012-03-19 22:52 3894406 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-11-22 05:31 . 2011-11-22 05:31 3512072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-11-22 05:31 . 2011-11-22 05:31 5201168 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-11-22 05:31 . 2011-11-22 05:31 1143568 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-11-22 05:31 . 2011-11-22 05:31 6727424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-15 11:01 . 2012-02-15 11:01 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-03-29 10:01 . 2012-03-29 10:01 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-02-15 11:02 . 2012-02-15 11:02 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-03-29 10:02 . 2012-03-29 10:02 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef8c44c3c8766f219f576faab54c8dc7\WindowsBase.ni.dll
+ 2012-03-29 10:09 . 2012-03-29 10:09 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\0f5df23e9f268e9ff4c8033f9865a12a\UIAutomationClientsideProviders.ni.dll
+ 2012-03-29 10:02 . 2012-03-29 10:02 9091584 c:\windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
+ 2012-03-29 10:02 . 2012-03-29 10:02 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
+ 2012-03-29 10:09 . 2012-03-29 10:09 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\d6c84e888c7f465844a8ae0e6470e05c\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-03-29 10:08 . 2012-03-29 10:08 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b60e888b3b9e41d46dcbd34d9fae80d6\System.Web.Services.ni.dll
+ 2012-03-29 10:08 . 2012-03-29 10:08 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\90de8ba8101001c8845439cd5f9a76eb\System.Speech.ni.dll
+ 2012-03-29 10:08 . 2012-03-29 10:08 1393152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8c12f469cbd6b8d9718c64a4b2c96d47\System.ServiceModel.Activities.ni.dll
+ 2012-03-29 10:08 . 2012-03-29 10:08 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\746651ce870c2f9cd43bc7246154f81a\System.ServiceModel.Discovery.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\a14816d568ee8c7cc9f9923d979d682d\System.Runtime.Serialization.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\d6b9e13a40ed53cfc10e04c023c62a49\System.Runtime.DurableInstancing.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\1141220aff69c63f638ab64e5b0186bc\System.Printing.ni.dll
+ 2012-03-29 10:08 . 2012-03-29 10:08 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll
+ 2012-03-29 10:08 . 2012-03-29 10:08 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\2a4589aeec877df58cbbcd633bc18fb6\System.IdentityModel.ni.dll
+ 2012-03-29 10:02 . 2012-03-29 10:02 1653248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\aa90407cafb9b4a0dc5e3fdff170fee9\System.Drawing.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6bd4a77663c0e708e0827be849906fdc\System.DirectoryServices.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\84d9ec8b14f9731797c51d31cae12d87\System.Deployment.ni.dll
+ 2012-03-29 10:02 . 2012-03-29 10:02 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\4a1e0e4ec906686357466a5881de605e\System.Data.ni.dll
+ 2012-03-29 10:02 . 2012-03-29 10:02 2549760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\67ccf8c95fb30e4dcbe3f1eae1f72d00\System.Data.SqlXml.ni.dll
+ 2012-03-29 10:08 . 2012-03-29 10:08 1344000 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\4b28434c73ac4229c7ae7c4f0598e25f\System.Data.Services.Client.ni.dll
+ 2012-03-29 10:02 . 2012-03-29 10:02 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\f5cc7fbaadd22a9278512102cd30eb3a\System.Data.Linq.ni.dll
+ 2012-03-29 10:02 . 2012-03-29 10:02 7069696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\7bbd2b637fbe2a5b17a16cd4fcc3c3ca\System.Activities.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\a479b22107e8fe08689d840a3a1a77e9\System.Activities.Presentation.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\819fccf9934ef29a6078d4accbf9ea0c\System.Activities.Core.Presentation.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\073c60e5566fdaab702636f1474233b0\ReachFramework.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\7194eb8e3da784ae30566a64569314a4\PresentationUI.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\9150a80d10ec86440aa59f6fe4b73f9d\Microsoft.VisualBasic.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\58d82530b88322f02da5d52d8aacc1fa\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1ae1a98af2c7d3e68c7525bf1395fa61\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-03-29 10:07 . 2012-03-29 10:07 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\fb09c8733a8ef9292079399b25d5d973\Microsoft.Transactions.Bridge.ni.dll
+ 2012-03-29 10:08 . 2012-03-29 10:08 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\8b1e797d9c7f5ef773c150e15b07a087\Microsoft.JScript.ni.dll
+ 2012-03-29 10:02 . 2012-03-29 10:02 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\a263b12a7f89cd41ef8ea216dcd1e854\Microsoft.CSharp.ni.dll
+ 2009-07-14 04:41 . 2012-03-28 01:10 13746176 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2012-03-28 00:04 13746176 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-28 11:18 . 2012-03-29 10:18 43579901 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3699689465-499021782-3584132684-1107-12288.dat
+ 2011-11-22 06:07 . 2011-11-22 06:07 17191936 c:\windows\Installer\51878f1.msp
+ 2012-03-29 10:02 . 2012-03-29 10:02 13138944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7390d789557549200e474b9bbeca3d1a\System.Windows.Forms.ni.dll
+ 2012-03-29 10:08 . 2012-03-29 10:08 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\c43869b44f633a3ad003a0ad9e79b273\System.ServiceModel.ni.dll
+ 2012-03-29 10:08 . 2012-03-29 10:08 13345792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\b642a4ad94ff1e027a128b9796878372\System.Data.Entity.ni.dll
+ 2012-03-29 10:02 . 2012-03-29 10:02 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e48a8a41e50ee180c6ca9c50e4575f42\PresentationFramework.ni.dll
+ 2012-03-29 10:02 . 2012-03-29 10:02 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9dee5fd0cf53fc233a7fc20edf8e66ed\PresentationCore.ni.dll
+ 2012-03-29 10:02 . 2012-03-29 10:02 14413824 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
+ 2011-05-20 10:00 . 2012-03-28 10:00 147919892 c:\windows\winsxs\ManifestCache\a786a517e28d5687_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2011-09-08 522752]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE" [2009-06-22 83232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"QuickBooksDB20"="c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe" [2009-08-18 678912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ScrewDrivers RDP Plugin"="c:\program files\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe" [2010-12-15 45384]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-12-02 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Lotus Organizer EasyClip.lnk - c:\lotus\organize\easyclip.exe [2002-8-8 87040]
Lotus QuickStart.lnk - c:\lotus\wordpro\ltsstart.exe [2002-8-7 32768]
Lotus SmartCenter.lnk - c:\lotus\smartctr\smartctr.exe [2002-7-23 204800]
Lotus SuiteStart.lnk - c:\lotus\smartctr\suitest.exe [2002-7-23 32768]
PathPoll - Shortcut.lnk - c:\streamlinemd\PathPoll\PathPoll.exe [2011-7-5 2089984]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-11 1155432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R1 MpKsl53b49644;MpKsl53b49644;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A8BB0D6-4ADB-4C7B-93A2-377B384ADF28}\MpKsl53b49644.sys [x]
R2 Agent;Agent;c:\windows\agent.exe [2011-08-24 155648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-02-09 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-02-09 136176]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-03-22 40776]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1343400]
R4 QuickBooksDB20;QuickBooksDB20;c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe [2009-08-18 678912]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2011-06-22 196912]
S2 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [2006-09-13 128536]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-09 22:23]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-09 22:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
Trusted Zone: mdsynergy.com\mdscapture
Trusted Zone: mdsynergy.com\mdsdocstore
Trusted Zone: mdsynergy.com\services
Trusted Zone: mdsynergy.com\www
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{6ADD6660-7DF5-44BF-8C4B-82CFCD74DF28}: NameServer = 192.168.1.2
DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://www2.mdsynergy.com/reports/ReportsTree/Reserved.ReportViewerWebControl.axd?ReportSession=klky5he2mkw2zo55uv1p5yqw&ControlID=96e6516b5c1e402f92c85567d11a498b&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
FF - ProfilePath - c:\users\valerie\AppData\Roaming\Mozilla\Firefox\Profiles\oz8hkpgg.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-03-29 13:02:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-29 20:01
ComboFix2.txt 2012-03-28 00:16
.
Pre-Run: 458,068,344,832 bytes free
Post-Run: 457,621,938,176 bytes free
.
- - End Of File - - 6C716DC3C7C04CDB750F3910C6C66049
  • 0

#10
maliprog
Posted 29 March 2012 - 11:10 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi valgalvez,

We did great job! Let's remove leftovers.

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post
  • 0

#11
valgalvez
Posted 30 March 2012 - 11:38 AM

valgalvez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi Maliprog,

I have another problem now, so my computer sleeps after about a half hour of inactivity, and yesterday I came back to my computer to log in and when I enter my password it says "The trust relationship between this workstation and the primary domain failed." wah. I dont know what happened but I can't even log in!!
  • 0

#12
maliprog
Posted 30 March 2012 - 12:56 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Your PC is part of domain. Sometimes it happens and it dosn't need to be malware related.

To solve this you need to contact your domain administrator. He will rejoin your PC do domain and hopefully this will be solved.

Please let me know when you get your account back.
  • 0

#13
maliprog
Posted 03 April 2012 - 11:10 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP