Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Security Guard 2012/Win32.Tracur.F cant open MBAM


  • This topic is locked This topic is locked

#1
StupidVirus

StupidVirus

    Member

  • Member
  • PipPip
  • 27 posts
My computer is being infected by Security Guard 2012 and Win32.Tracur.F which im guessing is the virus that is responsible for the google redirecting. My Anti Virus Microsoft Security Essentials is deactivated by the virus, MBAM isnt running and I used Rkill and Explorer they both ran but it didn't help. ESET isnt working either, but luckily OTL is working. The computer itself is running really slow and I get blue screened if I try to enter safe mode with networking. Please help. I use windows XP btw.


Here is the OTL log




OTL logfile created on: 10/5/2011 1:08:17 PM - Run 4
OTL by OldTimer - Version 3.2.26.0 Folder = C:\Documents and Settings\Christopher Nova\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.85 Mb Total Physical Memory | 12.50 Mb Available Physical Memory | 1.22% Memory free
2.40 Gb Paging File | 1.27 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.95 Gb Total Space | 73.72 Gb Free Space | 50.51% Space Free | Partition Type: NTFS

Computer Name: RECEPTION | User Name: Christopher Nova | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\WINDOWS\1934543457:2654318988.exe
PRC - [2011/09/28 09:57:39 | 004,611,456 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/08/30 10:06:44 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/07/06 14:22:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christopher Nova\Desktop\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/26 12:45:25 | 000,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
PRC - [2009/06/03 15:46:42 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/06/03 15:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006/10/12 13:48:48 | 000,921,707 | R--- | M] (Dell Inc.) -- C:\Program Files\Dell Wireless\PRISMCFG.exe
PRC - [2006/10/12 10:45:58 | 000,061,529 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVC.exe
PRC - [2006/10/12 10:44:48 | 000,385,113 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\PRISMSVR.exe
PRC - [2006/08/28 21:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/07/24 10:20:00 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/06 07:15:00 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2005/09/08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/03/24 16:56:50 | 000,151,552 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
PRC - [2004/04/06 06:28:46 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe


========== Modules (SafeList) ==========

MOD - [2011/07/06 14:22:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Christopher Nova\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/08/30 10:06:44 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/17 17:37:52 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/10/12 10:45:58 | 000,061,529 | R--- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\system32\PRISMSVC.exe -- (PRISMSVC)
SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2011/08/30 10:06:38 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/30 10:06:38 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/03/25 09:32:30 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/19 09:32:17 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/06/19 17:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/01/14 06:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2006/07/24 10:20:00 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/06/07 15:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/06/05 03:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/02/02 19:29:28 | 000,009,344 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpplsbulk.sys -- (HPPLSBULK)
DRV - [2003/11/17 14:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 14:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 14:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070509
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070509

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=5070509
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D7 31 61 15 92 0E E4 44 B6 04 A0 E8 D6 42 00 97 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {b838c57f-dc6d-4ddf-889c-07ecbe2379db}:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Christopher Nova\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Christopher Nova\Application Data\Move Networks\plugins\npqmp071502000008.dll (Move Networks)

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/05/29 09:10:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/26 12:58:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/26 12:58:03 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/05/29 09:10:52 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/26 12:58:03 | 000,000,000 | ---D | M]
FF - HKCU\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/26 12:58:03 | 000,000,000 | ---D | M]

[2010/01/27 09:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Extensions
[2011/10/04 12:05:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions
[2010/04/28 09:23:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/23 09:33:46 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/10/03 17:20:44 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}
[2011/10/05 13:02:51 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}
[2011/07/25 10:42:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/20 14:05:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2007/05/29 09:10:58 | 000,000,000 | ---D | M] (DivX Settings) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/04/30 11:11:00 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\CHRISTOPHER NOVA\APPLICATION DATA\MOVE NETWORKS
[2010/04/20 14:05:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/04/20 14:05:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/26 11:16:08 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml

Hosts file not found
O2 - BHO: (no name) - {156131D7-0E92-44E4-B604-A0E8D6420097} - C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\ShellUser.dll (Microsoft Corporation)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (I.R.I.S. Desktop Search) - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - C:\Program Files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll (Copernic Technologies Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (I.R.I.S. Desktop Search) - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - C:\Program Files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll (Copernic Technologies Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe (HP)
O4 - HKLM..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [qOOOBtxxP0cS8234A] C:\WINDOWS\system32\GdEEK88gRZ9YXkU.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DisplayNotifierNotifier] C:\Documents and Settings\All Users\Application Data\DisplayNotifierNotifier.dll (The Imaging Source Europe GmbH)
O4 - HKCU..\Run: [Emulators Update] C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\Apple\AppleUpdate\Appleupdt32.dll (Microsoft Corporation)
O4 - HKCU..\Run: [ORL Update] C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\Adobe\AdobeUpdate\Adobeupdt32.dll (The Imaging Source Europe GmbH)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk = C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {AAD32D2E-02C8-11D7-81B3-0050FC352236} http://192.168.1.244...ctiveXSetup.exe (Softwell_DVR_Monitor.monitor)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.237.161.12 71.243.0.12
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\PRISMAPI.DLL: DllName - PRISMAPI.DLL - C:\WINDOWS\System32\PRISMAPI.dll (Conexant Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/05 12:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Application Data\PekIBrzONx1v2b4
[2011/10/05 12:55:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Application Data\jfEL9gTXqY
[2011/10/05 12:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/10/05 10:28:26 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\ShellUser.dll
[2011/10/05 10:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Application Data\P5aQJ6dEKfZhXjV
[2011/10/05 10:10:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Application Data\nONtxA0uv
[2011/10/04 14:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Start Menu\Programs\Security Guard 2012
[2011/10/04 14:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Application Data\h2obF4pmGsJdKgZ
[2011/10/04 14:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Application Data\cP0ucS1ib3n4
[2011/10/04 13:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Application Data\rONNyxxA0uv2
[2011/10/04 13:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Application Data\mSSS2obbF3mG5Q6
[2011/10/04 13:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Application Data\deekkIVrr
[2011/10/04 13:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Application Data\ptzP0ycS1
[2011/10/04 13:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Application Data\DQJ6dEK8fZh
[2011/10/04 13:06:21 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/04 12:05:26 | 000,351,232 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\ExplorerWin32.dll
[2011/10/04 12:05:23 | 000,184,320 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Documents and Settings\All Users\Application Data\DisplayNotifierNotifier.dll
[2011/09/29 09:51:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/09/23 10:19:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\My Documents\T-Mobile_LEO My Documents
[2011/09/14 14:56:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\My Documents\Cross Fire
[2011/09/14 14:56:23 | 000,000,000 | ---D | C] -- C:\CFLog
[2003/04/09 23:44:06 | 000,229,376 | ---- | C] ( ) -- C:\WINDOWS\System32\mpeg4xvid.dll
[1 C:\Documents and Settings\Christopher Nova\Desktop\*.tmp files -> C:\Documents and Settings\Christopher Nova\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Christopher Nova\*.tmp files -> C:\Documents and Settings\Christopher Nova\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/05 13:13:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/05 12:55:08 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\Security Guard 2012.lnk
[2011/10/05 12:55:04 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/10/05 12:54:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\1934543457
[2011/10/05 12:54:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/05 12:54:33 | 1071,558,656 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/05 11:19:13 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\explorer.exe
[2011/10/05 10:56:30 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\rkill.com
[2011/10/04 13:06:21 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/10/04 13:05:51 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Application Data\3bf17dd3
[2011/10/04 13:05:41 | 000,001,213 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Application Data\ldr.ini
[2011/10/04 13:05:25 | 002,416,640 | ---- | M] () -- C:\WINDOWS\System32\GdEEK88gRZ9YXkU.exe
[2011/10/04 12:05:29 | 000,351,232 | ---- | M] (The Imaging Source Europe GmbH) -- C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\ExplorerWin32.dll
[2011/10/04 12:05:22 | 000,184,320 | ---- | M] (The Imaging Source Europe GmbH) -- C:\Documents and Settings\All Users\Application Data\DisplayNotifierNotifier.dll
[2011/10/03 11:55:34 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/10/03 11:30:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/01 16:05:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/27 13:14:11 | 000,682,935 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\Lion of Judah.jpg
[2011/09/23 10:20:31 | 000,292,209 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\DO-11A.pdf
[2011/09/23 10:09:24 | 000,496,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/23 10:09:24 | 000,092,376 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/23 09:46:32 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Application Data\$_hpcst$.hpc
[2011/09/15 14:56:54 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/09/15 10:02:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/14 16:05:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/07 10:58:30 | 000,429,701 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\127west170th invoice.jpg
[2011/09/07 10:55:59 | 000,483,662 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\1427Jesuplead2.jpg
[2011/09/07 10:54:07 | 000,522,620 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\1427Jesuplead1.jpg
[2011/09/07 10:52:45 | 000,507,148 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\127west170lead2.jpg
[2011/09/07 10:51:29 | 000,595,026 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\127west170lead1.jpg
[1 C:\Documents and Settings\Christopher Nova\Desktop\*.tmp files -> C:\Documents and Settings\Christopher Nova\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Christopher Nova\*.tmp files -> C:\Documents and Settings\Christopher Nova\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/05 11:19:06 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\explorer.exe
[2011/10/05 10:56:22 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\rkill.com
[2011/10/05 10:09:09 | 1071,558,656 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/04 14:20:59 | 000,001,771 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\Security Guard 2012.lnk
[2011/10/04 13:05:40 | 000,001,213 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Application Data\ldr.ini
[2011/10/04 13:05:25 | 002,416,640 | ---- | C] () -- C:\WINDOWS\System32\GdEEK88gRZ9YXkU.exe
[2011/10/04 13:01:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\1934543457
[2011/10/04 12:15:54 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Application Data\3bf17dd3
[2011/09/27 17:13:20 | 000,682,935 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\Lion of Judah.jpg
[2011/09/23 10:20:31 | 000,292,209 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\DO-11A.pdf
[2011/09/23 09:46:32 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Application Data\$_hpcst$.hpc
[2011/09/23 09:43:45 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft ActiveSync.lnk
[2011/09/07 14:57:18 | 000,429,701 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\127west170th invoice.jpg
[2011/09/07 14:54:19 | 000,483,662 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\1427Jesuplead2.jpg
[2011/09/07 14:53:04 | 000,522,620 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\1427Jesuplead1.jpg
[2011/09/07 14:51:46 | 000,507,148 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\127west170lead2.jpg
[2011/09/07 14:49:44 | 000,595,026 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\127west170lead1.jpg
[2011/08/16 10:43:11 | 000,018,414 | -HS- | C] () -- C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\f4u04pq6f7g8s82syh53601gp8v8ii
[2011/08/16 10:43:11 | 000,018,414 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\f4u04pq6f7g8s82syh53601gp8v8ii
[2011/07/07 10:57:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/07/07 10:57:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/07 10:57:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/07 10:57:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/07 10:57:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/01 14:53:20 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\6CD50CB597.sys
[2011/04/26 08:52:07 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\test
[2010/02/25 15:15:36 | 000,029,902 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Application Data\Tab Separated Values (Windows).ADR
[2010/01/26 12:46:02 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\compJNI.dll
[2010/01/26 12:46:01 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2010/01/26 12:46:01 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2010/01/26 12:29:23 | 000,053,990 | ---- | C] () -- C:\WINDOWS\hppins01.dat.temp
[2010/01/26 12:29:23 | 000,002,392 | ---- | C] () -- C:\WINDOWS\hppmdl01.dat.temp
[2010/01/26 12:15:16 | 000,002,392 | ---- | C] () -- C:\WINDOWS\hppmdl01.dat
[2010/01/19 14:27:25 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\StopSrvr.exe
[2009/11/04 13:55:11 | 000,000,074 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/07/24 11:26:18 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Application Data\dvd.bmk
[2009/05/05 11:53:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/08/22 11:52:48 | 000,003,042 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/08/20 11:04:33 | 000,000,262 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2008/07/14 16:16:20 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/30 13:22:22 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/30 13:18:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/11/29 15:36:59 | 000,000,138 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2007/10/18 10:10:01 | 000,009,386 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/05 11:32:26 | 000,000,314 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/09/05 11:32:02 | 000,001,606 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2007/09/05 11:31:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DLL
[2007/09/05 11:31:49 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\HPP2800V.DAT
[2007/08/02 09:06:52 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/07/31 10:49:33 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/16 13:52:01 | 000,094,289 | ---- | C] () -- C:\WINDOWS\HPHins03.dat
[2007/07/16 13:52:01 | 000,002,655 | ---- | C] () -- C:\WINDOWS\hphmdl03.dat
[2007/06/12 14:00:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/17 08:49:11 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\fusioncache.dat
[2007/05/09 12:21:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/09 12:15:43 | 000,001,347 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/05/09 11:50:31 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2007/05/09 11:50:28 | 000,129,112 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/05/09 11:49:20 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/12/27 16:34:00 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll
[2006/12/27 16:34:00 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll
[2006/08/03 02:52:21 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\DvrSetup.dll
[2005/11/10 01:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,305,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,496,928 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,092,376 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/06/07 00:32:52 | 000,009,505 | ---- | C] () -- C:\WINDOWS\System32\hphmon06.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/03/28 13:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini

========== LOP Check ==========

[2008/02/20 15:09:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/01/19 13:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2010/01/19 13:59:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/01/19 14:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2008/07/24 09:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/01/19 13:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/07/09 12:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/07/07 12:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\.minecraft
[2010/04/08 11:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/04 14:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\cP0ucS1ib3n4
[2011/10/04 13:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\deekkIVrr
[2011/10/04 13:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\DQJ6dEK8fZh
[2011/10/04 14:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\h2obF4pmGsJdKgZ
[2011/10/05 12:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\jfEL9gTXqY
[2010/04/14 12:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\ManyCam
[2011/10/04 13:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\mSSS2obbF3mG5Q6
[2011/10/05 10:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\nONtxA0uv
[2011/10/05 10:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\P5aQJ6dEKfZhXjV
[2011/10/05 12:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\PekIBrzONx1v2b4
[2011/10/04 13:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\ptzP0ycS1
[2011/10/04 13:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\rONNyxxA0uv2
[2010/04/21 08:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\Windows Desktop Search
[2010/05/13 10:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\Windows Search
[2011/10/03 11:55:34 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 784 bytes -> C:\WINDOWS\1934543457:2654318988.exe

< End of report >
  • 0

Advertisements


#2
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :yes:

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Looks like you're infected with an infection known as ZeroAccess.

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    [2011/10/03 17:20:44 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}
    [2011/10/05 13:02:51 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [qOOOBtxxP0cS8234A] C:\WINDOWS\system32\GdEEK88gRZ9YXkU.exe ()
    O4 - HKCU..\Run: [DisplayNotifierNotifier] C:\Documents and Settings\All Users\Application Data\DisplayNotifierNotifier.dll (The Imaging Source Europe GmbH)
    O4 - HKCU..\Run: [Emulators Update] C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\Apple\AppleUpdate\Appleupdt32.dll (Microsoft Corporation)
    O4 - HKCU..\Run: [ORL Update] C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\Adobe\AdobeUpdate\Adobeupdt32.dll (The Imaging Source Europe GmbH)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    [2011/10/05 12:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Application Data\PekIBrzONx1v2b4
    [2011/10/05 12:55:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Application Data\jfEL9gTXqY
    [2011/10/05 10:28:26 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\ShellUser.dll
    [2011/10/05 10:10:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Application Data\P5aQJ6dEKfZhXjV
    [2011/10/05 10:10:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Application Data\nONtxA0uv
    [2011/10/04 14:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Start Menu\Programs\Security Guard 2012
    [2011/10/04 14:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Application Data\h2obF4pmGsJdKgZ
    [2011/10/04 14:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Application Data\cP0ucS1ib3n4
    [2011/10/04 13:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Application Data\rONNyxxA0uv2
    [2011/10/04 13:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Application Data\mSSS2obbF3mG5Q6
    [2011/10/04 13:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Application Data\deekkIVrr
    [2011/10/04 13:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Application Data\ptzP0ycS1
    [2011/10/04 13:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Christopher Nova\Application Data\DQJ6dEK8fZh
    [2011/10/04 12:05:26 | 000,351,232 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\ExplorerWin32.dll
    [2011/10/04 12:05:23 | 000,184,320 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Documents and Settings\All Users\Application Data\DisplayNotifierNotifier.dll
    [1 C:\Documents and Settings\Christopher Nova\Desktop\*.tmp files -> C:\Documents and Settings\Christopher Nova\Desktop\*.tmp -> ]
    [1 C:\Documents and Settings\Christopher Nova\*.tmp files -> C:\Documents and Settings\Christopher Nova\*.tmp -> ]
    [2011/10/05 12:55:08 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Desktop\Security Guard 2012.lnk
    [2011/10/05 12:54:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\1934543457
    [2011/10/04 13:05:51 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Application Data\3bf17dd3
    [2011/10/04 13:05:41 | 000,001,213 | ---- | M] () -- C:\Documents and Settings\Christopher Nova\Application Data\ldr.ini
    [2011/10/04 13:05:25 | 002,416,640 | ---- | M] () -- C:\WINDOWS\System32\GdEEK88gRZ9YXkU.exe
    [2011/10/04 12:05:29 | 000,351,232 | ---- | M] (The Imaging Source Europe GmbH) -- C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\ExplorerWin32.dll
    [2011/10/04 12:05:22 | 000,184,320 | ---- | M] (The Imaging Source Europe GmbH) -- C:\Documents and Settings\All Users\Application Data\DisplayNotifierNotifier.dll
    [2011/10/04 14:20:59 | 000,001,771 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Desktop\Security Guard 2012.lnk
    [2011/10/04 13:05:40 | 000,001,213 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Application Data\ldr.ini
    [2011/10/04 13:05:25 | 002,416,640 | ---- | C] () -- C:\WINDOWS\System32\GdEEK88gRZ9YXkU.exe
    [2011/10/04 13:01:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\1934543457
    [2011/10/04 12:15:54 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Christopher Nova\Application Data\3bf17dd3
    [2011/08/16 10:43:11 | 000,018,414 | -HS- | C] () -- C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\f4u04pq6f7g8s82syh53601gp8v8ii
    [2011/08/16 10:43:11 | 000,018,414 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\f4u04pq6f7g8s82syh53601gp8v8ii
    [2011/06/01 14:53:20 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\6CD50CB597.sys
    [2011/10/04 14:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\cP0ucS1ib3n4
    [2011/10/04 13:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\deekkIVrr
    [2011/10/04 13:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\DQJ6dEK8fZh
    [2011/10/04 14:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\h2obF4pmGsJdKgZ
    [2011/10/05 12:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\jfEL9gTXqY
    [2011/10/04 13:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\mSSS2obbF3mG5Q6
    [2011/10/05 10:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\nONtxA0uv
    [2011/10/05 10:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\P5aQJ6dEKfZhXjV
    [2011/10/05 12:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\PekIBrzONx1v2b4
    [2011/10/04 13:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\ptzP0ycS1
    [2011/10/04 13:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Christopher Nova\Application Data\rONNyxxA0uv2
    
    :Reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\windows\\system32\\userinit.exe,"
    "Shell"="explorer.exe"
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Edited by SweetTech, 06 October 2011 - 11:16 AM.

  • 0

#3
StupidVirus

StupidVirus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi Agent ST and thank you for helping me. I tried to run GMER a couple of ways (in Safe mode and regular mode with and with out devices checked) but during the process it completely vanishes with out producing a log and when I try to run it again it says you may not have permission to access this file. I've tried re downloading and unzipping the file but the same thing happens it runs then stops then wont allow me to run it again. I haven't ran the OTL fix yet since the first step hasn't been completed, should I go ahead and run it anyways? I am leaving in about 40 minutes and I won't be back till tuesday morning so mods please don't lock the topic. Thank you again for your help Agent ST.
  • 0

#4
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Good Evening!

I had a strong suspicion that you might have issues with running GMER. When you return, please attempt to run the OTL fix.

I'll be sure to keep the thread open for you.

Kindest Regards,
Agent ST.
  • 0

#5
StupidVirus

StupidVirus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi , the OTL fix seemed to get rid of Security Guard 2012, but when the computer rebooted it blue screened on me, now it seems to be working a little better.



========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}\defaults folder moved successfully.
C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}\chrome folder moved successfully.
C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db} folder moved successfully.
C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}\defaults folder moved successfully.
C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}\chrome folder moved successfully.
C:\Documents and Settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\qOOOBtxxP0cS8234A deleted successfully.
C:\WINDOWS\system32\GdEEK88gRZ9YXkU.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DisplayNotifierNotifier deleted successfully.
C:\Documents and Settings\All Users\Application Data\DisplayNotifierNotifier.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Emulators Update deleted successfully.
C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\Apple\AppleUpdate\Appleupdt32.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ORL Update deleted successfully.
C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\Adobe\AdobeUpdate\Adobeupdt32.dll moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\Christopher Nova\Application Data\PekIBrzONx1v2b4 folder moved successfully.
C:\Documents and Settings\Christopher Nova\Application Data\jfEL9gTXqY folder moved successfully.
C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\ShellUser.dll moved successfully.
C:\Documents and Settings\Christopher Nova\Application Data\P5aQJ6dEKfZhXjV folder moved successfully.
C:\Documents and Settings\Christopher Nova\Application Data\nONtxA0uv folder moved successfully.
C:\Documents and Settings\Christopher Nova\Start Menu\Programs\Security Guard 2012 folder moved successfully.
C:\Documents and Settings\Christopher Nova\Application Data\h2obF4pmGsJdKgZ folder moved successfully.
C:\Documents and Settings\Christopher Nova\Application Data\cP0ucS1ib3n4 folder moved successfully.
C:\Documents and Settings\Christopher Nova\Application Data\rONNyxxA0uv2 folder moved successfully.
C:\Documents and Settings\Christopher Nova\Application Data\mSSS2obbF3mG5Q6 folder moved successfully.
C:\Documents and Settings\Christopher Nova\Application Data\deekkIVrr folder moved successfully.
C:\Documents and Settings\Christopher Nova\Application Data\ptzP0ycS1 folder moved successfully.
C:\Documents and Settings\Christopher Nova\Application Data\DQJ6dEK8fZh folder moved successfully.
C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\ExplorerWin32.dll moved successfully.
File C:\Documents and Settings\All Users\Application Data\DisplayNotifierNotifier.dll not found.
C:\Documents and Settings\Christopher Nova\Desktop\poolrqwpsq.tmp deleted successfully.
C:\Documents and Settings\Christopher Nova\poolrqwpsq.tmp deleted successfully.
C:\Documents and Settings\Christopher Nova\Desktop\Security Guard 2012.lnk moved successfully.
C:\WINDOWS\1934543457 moved successfully.
C:\Documents and Settings\Christopher Nova\Application Data\3bf17dd3 moved successfully.
C:\Documents and Settings\Christopher Nova\Application Data\ldr.ini moved successfully.
File C:\WINDOWS\System32\GdEEK88gRZ9YXkU.exe not found.
File C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\ExplorerWin32.dll not found.
File C:\Documents and Settings\All Users\Application Data\DisplayNotifierNotifier.dll not found.
File C:\Documents and Settings\Christopher Nova\Desktop\Security Guard 2012.lnk not found.
File C:\Documents and Settings\Christopher Nova\Application Data\ldr.ini not found.
File C:\WINDOWS\System32\GdEEK88gRZ9YXkU.exe not found.
File C:\WINDOWS\1934543457 not found.
File C:\Documents and Settings\Christopher Nova\Application Data\3bf17dd3 not found.
C:\Documents and Settings\Christopher Nova\Local Settings\Application Data\f4u04pq6f7g8s82syh53601gp8v8ii moved successfully.
C:\Documents and Settings\All Users\Application Data\f4u04pq6f7g8s82syh53601gp8v8ii moved successfully.
C:\WINDOWS\system32\6CD50CB597.sys moved successfully.
Folder C:\Documents and Settings\Christopher Nova\Application Data\cP0ucS1ib3n4\ not found.
Folder C:\Documents and Settings\Christopher Nova\Application Data\deekkIVrr\ not found.
Folder C:\Documents and Settings\Christopher Nova\Application Data\DQJ6dEK8fZh\ not found.
Folder C:\Documents and Settings\Christopher Nova\Application Data\h2obF4pmGsJdKgZ\ not found.
Folder C:\Documents and Settings\Christopher Nova\Application Data\jfEL9gTXqY\ not found.
Folder C:\Documents and Settings\Christopher Nova\Application Data\mSSS2obbF3mG5Q6\ not found.
Folder C:\Documents and Settings\Christopher Nova\Application Data\nONtxA0uv\ not found.
Folder C:\Documents and Settings\Christopher Nova\Application Data\P5aQJ6dEKfZhXjV\ not found.
Folder C:\Documents and Settings\Christopher Nova\Application Data\PekIBrzONx1v2b4\ not found.
Folder C:\Documents and Settings\Christopher Nova\Application Data\ptzP0ycS1\ not found.
Folder C:\Documents and Settings\Christopher Nova\Application Data\rONNyxxA0uv2\ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Userinit"|"C:\\windows\\system32\\userinit.exe," /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"explorer.exe" /E : value set successfully!
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?
C:\Documents and Settings\Christopher Nova\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Christopher Nova\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Christopher Nova\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Christopher Nova\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: Albania
->Flash cache emptied: 0 bytes

User: All Users

User: Brian
->Flash cache emptied: 0 bytes

User: Christine Martinez
->Flash cache emptied: 0 bytes

User: Christopher Nova
->Flash cache emptied: 509 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Esther Nova
->Flash cache emptied: 0 bytes

User: Hector Nova

User: LocalService
->Flash cache emptied: 11974 bytes

User: NetworkService
->Flash cache emptied: 28586 bytes

User: Owner

User: TEMP

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.0 log created on 10112011_100425

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#6
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay. Thanks for that information.

Could you please attempt to run GMER and see if it will run for you now that we've removed those malicious files?
  • 0

#7
StupidVirus

StupidVirus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I tried GMER but its still doing the same thing, it runs then closes then wont let me re try it unless i delete it then unzip it again.
  • 0

#8
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay.

Please run this tool:


Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#9
StupidVirus

StupidVirus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi, the computer seems to being running a little bit faster, but my anti virus still can't get into real time protection mode and MBAM won't load. You were right, Combofix said I am infected with ZeroAccess. Here is the log.


ComboFix 11-10-11.02 - Christopher Nova 10/11/2011 15:39:30.9.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.703 [GMT -4:00]
Running from: c:\documents and settings\Christopher Nova\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\documents and settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}
c:\documents and settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}\chrome\xulcache.jar
c:\documents and settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}\defaults\preferences\xulcache.js
c:\documents and settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}\install.rdf
c:\documents and settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}
c:\documents and settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}\chrome.manifest
c:\documents and settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}\chrome\xulcache.jar
c:\documents and settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}\defaults\preferences\xulcache.js
c:\documents and settings\Albania\Application Data\Mozilla\Firefox\Profiles\2dow3p8i.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}\install.rdf
c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}
c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}\chrome\xulcache.jar
c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}\defaults\preferences\xulcache.js
c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}\install.rdf
c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}
c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}\chrome.manifest
c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}\chrome\xulcache.jar
c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}\defaults\preferences\xulcache.js
c:\documents and settings\Brian\Application Data\Mozilla\Firefox\Profiles\n96sl6hx.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}\install.rdf
c:\documents and settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}
c:\documents and settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}\chrome\xulcache.jar
c:\documents and settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}\defaults\preferences\xulcache.js
c:\documents and settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}\install.rdf
c:\documents and settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}
c:\documents and settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}\chrome.manifest
c:\documents and settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}\chrome\xulcache.jar
c:\documents and settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}\defaults\preferences\xulcache.js
c:\documents and settings\Christine Martinez\Application Data\Mozilla\Firefox\Profiles\s500alsb.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}\install.rdf
c:\documents and settings\Christopher Nova\Application Data\cP0ucS1ib3n4Security Guard 2012.ico
c:\documents and settings\Christopher Nova\Application Data\DD3pnG4aQ6W7R9TSecurity Guard 2012.ico
c:\documents and settings\Christopher Nova\Application Data\fzP0ycS1iDSecurity Guard 2012.ico
c:\documents and settings\Christopher Nova\Application Data\g4amH6sWJfLSecurity Guard 2012.ico
c:\documents and settings\Christopher Nova\Application Data\maQH6dWK7R9TqUeSecurity Guard 2012.ico
c:\documents and settings\Christopher Nova\Application Data\O9hTXwjUClBzNc1Security Guard 2012.ico
c:\documents and settings\Christopher Nova\Application Data\P5aQJ6dEKfZhXjVSecurity Guard 2012.ico
c:\documents and settings\Christopher Nova\Application Data\PekIBrzONx1v2b4Security Guard 2012.ico
c:\documents and settings\Christopher Nova\Application Data\ptzP0ycS1Security Guard 2012.ico
c:\documents and settings\Christopher Nova\Application Data\rONNyxxA0uv2Security Guard 2012.ico
c:\documents and settings\Christopher Nova\Application Data\RqjYCekIBzNx1vSecurity Guard 2012.ico
c:\documents and settings\Christopher Nova\Application Data\XpnG4aQH6W7R9TqSecurity Guard 2012.ico
c:\documents and settings\Christopher Nova\Application Data\YH6dWK8fR9Security Guard 2012.ico
c:\documents and settings\Christopher Nova\Application Data\yTXwjUVelBz0c1vSecurity Guard 2012.ico
c:\documents and settings\Christopher Nova\Application Data\z2obF4pmGsJdKgZSecurity Guard 2012.ico
c:\documents and settings\Christopher Nova\Start Menu\Programs\1964.lnk
c:\documents and settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}
c:\documents and settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}\chrome\xulcache.jar
c:\documents and settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}\defaults\preferences\xulcache.js
c:\documents and settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{b838c57f-dc6d-4ddf-889c-07ecbe2379db}\install.rdf
c:\documents and settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}
c:\documents and settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}\chrome.manifest
c:\documents and settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}\chrome\xulcache.jar
c:\documents and settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}\defaults\preferences\xulcache.js
c:\documents and settings\Esther Nova\Application Data\Mozilla\Firefox\Profiles\rg3s1fuo.default\extensions\{bb86a469-0cdb-487e-bdb0-2700f3fc0237}\install.rdf
c:\windows\$NtUninstallKB53318$
c:\windows\$NtUninstallKB53318$\1640648307\@
c:\windows\$NtUninstallKB53318$\1640648307\bckfg.tmp
c:\windows\$NtUninstallKB53318$\1640648307\cfg.ini
c:\windows\$NtUninstallKB53318$\1640648307\Desktop.ini
c:\windows\$NtUninstallKB53318$\1640648307\keywords
c:\windows\$NtUninstallKB53318$\1640648307\kwrd.dll
c:\windows\$NtUninstallKB53318$\1640648307\L\odetmngk
c:\windows\$NtUninstallKB53318$\1640648307\lsflt7.ver
c:\windows\$NtUninstallKB53318$\1640648307\U\00000001.@
c:\windows\$NtUninstallKB53318$\1640648307\U\00000002.@
c:\windows\$NtUninstallKB53318$\1640648307\U\80000000.@
c:\windows\$NtUninstallKB53318$\1640648307\U\80000032.@
c:\windows\$NtUninstallKB53318$\2947173307
.
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\cdrom.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_61ca4e73
.
.
((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 )))))))))))))))))))))))))))))))
.
.
2011-10-11 18:16 . 2011-10-11 18:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-10-11 17:46 . 2011-10-11 17:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-10-11 13:49 . 2011-10-11 13:49 -------- d-----w- c:\documents and settings\Christopher Nova\Application Data\XpnG4aQH6W7R9Tq
2011-10-11 13:49 . 2011-10-11 13:49 -------- d-----w- c:\documents and settings\Christopher Nova\Application Data\bXwkUVrlOtPuSiD
2011-10-07 19:25 . 2011-10-07 19:25 -------- d-----w- c:\documents and settings\Christopher Nova\Application Data\O9hTXwjUClBzNc1
2011-10-07 19:25 . 2011-10-07 19:25 -------- d-----w- c:\documents and settings\Christopher Nova\Application Data\JhYCwkIVrOtAuSi
2011-10-07 19:08 . 2011-10-07 19:09 -------- d-----w- c:\documents and settings\Administrator
2011-10-07 18:54 . 2011-10-07 18:54 -------- d-----w- c:\documents and settings\Christopher Nova\Application Data\maQH6dWK7R9TqUe
2011-10-07 18:54 . 2011-10-07 18:54 -------- d-----w- c:\documents and settings\Christopher Nova\Application Data\UF4amH5sW7E8TqY
2011-10-07 18:25 . 2011-10-07 18:25 -------- d-----w- c:\documents and settings\Christopher Nova\Application Data\YH6dWK8fR9
2011-10-07 18:25 . 2011-10-07 18:25 -------- d-----w- c:\documents and settings\Christopher Nova\Application Data\HNtxP0ucSiDpGa
2011-10-07 17:06 . 2011-10-07 17:06 -------- d-----w- c:\documents and settings\Christopher Nova\Application Data\g4amH6sWJfL
2011-10-07 17:06 . 2011-10-07 17:06 -------- d-----w- c:\documents and settings\Christopher Nova\Application Data\belIBtzP0c1v3n
2011-10-07 15:46 . 2011-10-07 15:52 -------- d-----w- c:\documents and settings\Christopher Nova\Application Data\DD3pnG4aQ6W7R9T
2011-10-07 15:46 . 2011-10-07 15:46 -------- d-----w- c:\documents and settings\Christopher Nova\Application Data\xRZqhYXwkVlBx0c
2011-10-06 19:45 . 2011-10-06 19:45 -------- d-----w- c:\documents and settings\Christopher Nova\Application Data\yTXwjUVelBz0c1v
2011-10-06 19:45 . 2011-10-06 19:45 -------- d-----w- c:\documents and settings\Christopher Nova\Application Data\OibF3pnG5Q6W8R9
2011-10-06 17:04 . 2011-10-06 17:04 -------- d-----w- c:\documents and settings\Christopher Nova\Application Data\z2obF4pmGsJdKgZ
2011-10-06 17:04 . 2011-10-06 17:04 -------- d-----w- c:\documents and settings\Christopher Nova\Application Data\VTXqjYCekBzNx1v
2011-10-06 13:59 . 2011-10-06 13:59 -------- d-----w- c:\documents and settings\Christopher Nova\Application Data\RqjYCekIBzNx1v
2011-10-06 13:59 . 2011-10-06 13:59 -------- d-----w- c:\documents and settings\Christopher Nova\Application Data\JK7fEL9gT
2011-10-05 18:39 . 2011-10-05 18:39 -------- d-----w- c:\documents and settings\Christopher Nova\Application Data\idEK8fRZ9YwUe
2011-10-05 18:39 . 2011-10-05 18:39 -------- d-----w- c:\documents and settings\Christopher Nova\Application Data\fzP0ycS1iD
2011-10-04 17:06 . 2011-10-04 17:06 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-04 16:05 . 2011-10-04 16:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-04 16:00 . 2011-10-04 16:00 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{71D3F924-CDB7-4143-A394-C07FD2CDA337}\offreg.dll
2011-10-04 16:00 . 2011-09-12 23:14 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{71D3F924-CDB7-4143-A394-C07FD2CDA337}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 18:23 . 2007-05-09 15:52 98304 ----a-w- c:\windows\DUMP5a45.tmp
2011-10-11 17:22 . 2007-05-09 15:52 98304 ----a-w- c:\windows\DUMP5880.tmp
2011-09-12 23:14 . 2010-08-23 13:16 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-09 09:12 . 2004-08-10 16:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 21:00 . 2009-09-23 19:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-20 13:44 . 2011-08-17 14:12 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-15 13:29 . 2004-08-10 16:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-07_15.06.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-11 19:55 . 2011-10-11 19:55 16384 c:\windows\Temp\Perflib_Perfdata_7d0.dat
+ 2007-05-09 16:02 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
- 2007-05-09 16:02 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
+ 2004-08-10 16:51 . 2011-09-23 14:09 92376 c:\windows\system32\perfc009.dat
- 2004-08-10 16:51 . 2011-04-25 16:11 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-10 16:51 . 2011-06-23 18:36 66560 c:\windows\system32\mshtmled.dll
+ 2006-11-08 01:03 . 2011-06-23 18:36 55296 c:\windows\system32\msfeedsbs.dll
- 2006-11-08 01:03 . 2011-04-25 16:11 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-10 16:51 . 2011-06-23 18:36 43520 c:\windows\system32\licmgr10.dll
- 2004-08-10 16:51 . 2011-04-25 16:11 43520 c:\windows\system32\licmgr10.dll
+ 2004-08-10 16:51 . 2011-06-23 18:36 25600 c:\windows\system32\jsproxy.dll
- 2004-08-10 16:51 . 2011-04-25 16:11 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-10 16:51 . 2011-07-08 14:02 10496 c:\windows\system32\drivers\ndistapi.sys
+ 2009-10-07 18:34 . 2011-06-23 18:36 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-10-07 18:34 . 2011-04-25 16:11 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2011-08-10 15:11 . 2011-07-08 14:02 10496 c:\windows\system32\dllcache\ndistapi.sys
- 2007-05-09 16:01 . 2011-04-25 16:11 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-05-09 16:01 . 2011-06-23 18:36 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-04-25 08:41 . 2011-06-23 18:36 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-04-25 08:41 . 2011-04-25 16:11 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2006-10-17 16:05 . 2011-06-23 18:36 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2006-10-17 16:05 . 2011-04-25 16:11 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2007-05-09 16:01 . 2011-04-25 16:11 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-05-09 16:01 . 2011-06-23 18:36 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2004-08-10 16:50 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
+ 2004-08-10 16:50 . 2011-04-26 11:07 33280 c:\windows\system32\csrsrv.dll
+ 2011-09-09 17:51 . 2011-10-11 20:00 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-05-16 20:59 . 2011-10-11 20:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-05-16 20:59 . 2011-05-26 16:58 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-10-11 18:16 . 2011-10-11 18:16 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2011-09-09 17:51 . 2011-10-11 20:00 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-11-13 17:38 . 2006-11-13 17:38 22824 c:\windows\system32\ceutil.dll
+ 2011-10-04 16:05 . 2011-10-04 16:05 81920 c:\windows\Installer\{E24A0015-C73F-4B57-B8DF-5EB84D2E9685}\ARPPRODUCTICON.exe
+ 2011-09-23 13:43 . 2011-09-23 13:43 22486 c:\windows\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\WCESMgrIcon.exe
+ 2011-09-23 13:43 . 2011-09-23 13:43 22486 c:\windows\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\ARPPRODUCTICON.exe
- 2007-08-02 13:18 . 2011-06-16 14:09 35088 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-08-02 13:18 . 2011-09-15 14:07 35088 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-08-02 13:18 . 2011-06-16 14:09 18704 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-08-02 13:18 . 2011-09-15 14:07 18704 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-08-02 13:18 . 2011-09-15 14:07 20240 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-08-02 13:18 . 2011-06-16 14:09 20240 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-08-02 13:05 . 2011-06-16 14:13 35088 c:\windows\Installer\{91120000-0016-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-08-02 13:05 . 2011-09-15 14:05 35088 c:\windows\Installer\{91120000-0016-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-08-02 13:05 . 2011-06-16 14:13 18704 c:\windows\Installer\{91120000-0016-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-08-02 13:05 . 2011-09-15 14:05 18704 c:\windows\Installer\{91120000-0016-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-08-02 13:05 . 2011-06-16 14:13 20240 c:\windows\Installer\{91120000-0016-0000-0000-0000000FF1CE}\cagicon.exe
+ 2007-08-02 13:05 . 2011-09-15 14:05 20240 c:\windows\Installer\{91120000-0016-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-06-12 18:00 . 2011-06-16 14:07 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-06-12 18:00 . 2011-09-15 14:06 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-06-12 18:00 . 2011-09-15 14:06 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-06-12 18:00 . 2011-06-16 14:07 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-06-12 18:00 . 2011-09-15 14:06 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-06-12 18:00 . 2011-06-16 14:07 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-06-12 18:00 . 2011-06-16 14:07 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-06-12 18:00 . 2011-09-15 14:06 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-06-12 18:00 . 2011-09-15 14:06 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-06-12 18:00 . 2011-06-16 14:07 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-06-12 18:00 . 2011-06-16 14:07 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-06-12 18:00 . 2011-09-15 14:06 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-08-17 14:05 . 2011-04-25 16:11 12800 c:\windows\ie8updates\KB2559049-IE8\xpshims.dll
+ 2011-08-17 14:05 . 2011-04-25 16:11 66560 c:\windows\ie8updates\KB2559049-IE8\mshtmled.dll
+ 2011-08-17 14:05 . 2011-04-25 16:11 55296 c:\windows\ie8updates\KB2559049-IE8\msfeedsbs.dll
+ 2011-08-17 14:05 . 2011-04-25 16:11 43520 c:\windows\ie8updates\KB2559049-IE8\licmgr10.dll
+ 2011-08-17 14:05 . 2011-04-25 16:11 25600 c:\windows\ie8updates\KB2559049-IE8\jsproxy.dll
+ 2011-08-17 15:50 . 2011-08-17 15:50 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\343c52b741531ce9ae874ea7508831a7\System.Windows.Presentation.ni.dll
+ 2011-08-17 15:50 . 2011-08-17 15:50 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\246110974e3c48733458819b07464b23\System.Web.DynamicData.Design.ni.dll
+ 2011-08-17 15:48 . 2011-08-17 15:48 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ace861fe8dbf146c3e449abaa7691e9f\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-08-17 14:18 . 2011-08-17 14:18 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\40ee65aacd9d7472cd6f8dddbfca604b\PresentationFontCache.ni.exe
+ 2011-08-17 14:18 . 2011-08-17 14:18 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\12c424eed7ee0e9c017bf72ff09eb78c\PresentationCFFRasterizer.ni.dll
+ 2011-08-17 15:50 . 2011-08-17 15:50 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f9c514544c8e23220493cd42a0e20678\Microsoft.Vsa.ni.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-08-24 21:29 . 2010-11-03 13:12 46080 c:\windows\$NtUninstallKB2570791$\tzchange.exe
+ 2011-08-24 21:29 . 2011-07-09 00:32 16896 c:\windows\$NtUninstallKB2570791$\spuninst\tzchange.dll
+ 2011-08-17 14:05 . 2008-04-13 18:57 10112 c:\windows\$NtUninstallKB2566454$\ndistapi.sys
+ 2011-07-13 14:04 . 2010-12-09 14:30 33280 c:\windows\$NtUninstallKB2507938$\csrsrv.dll
+ 2011-09-07 20:24 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2607712\update\spcustom.dll
+ 2011-09-07 20:24 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2607712\spmsg.dll
+ 2011-08-17 14:11 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2570222\update\spcustom.dll
+ 2011-08-17 14:11 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2570222\spmsg.dll
+ 2011-08-17 14:13 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2567680\update\spcustom.dll
+ 2011-08-17 14:13 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2567680\spmsg.dll
+ 2011-08-17 14:05 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2566454\update\spcustom.dll
+ 2011-08-17 14:05 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2566454\spmsg.dll
+ 2011-08-10 15:11 . 2011-07-08 13:51 10496 c:\windows\$hf_mig$\KB2566454\SP3QFE\ndistapi.sys
+ 2011-08-17 14:04 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2562937\update\spcustom.dll
+ 2011-08-17 14:04 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2562937\spmsg.dll
+ 2011-08-17 14:05 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2559049-IE8\update\spcustom.dll
+ 2011-08-17 14:05 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2559049-IE8\spmsg.dll
+ 2011-08-10 15:15 . 2011-06-23 18:33 12800 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\xpshims.dll
+ 2011-08-10 15:15 . 2011-06-23 18:33 66560 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtmled.dll
+ 2011-08-10 15:15 . 2011-06-23 18:33 55296 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\msfeedsbs.dll
+ 2011-08-10 15:15 . 2011-06-23 18:33 43520 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\licmgr10.dll
+ 2011-08-10 15:15 . 2011-06-23 18:33 25600 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\jsproxy.dll
+ 2011-07-13 14:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2555917\update\spcustom.dll
+ 2011-07-13 14:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2555917\spmsg.dll
+ 2011-08-17 14:13 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2536276-v2\update\spcustom.dll
+ 2011-08-17 14:13 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2536276-v2\spmsg.dll
+ 2011-07-13 14:04 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2507938\update\spcustom.dll
+ 2011-07-13 14:04 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2507938\spmsg.dll
+ 2011-04-26 11:02 . 2011-04-26 11:02 33280 c:\windows\$hf_mig$\KB2507938\SP3QFE\csrsrv.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2007-06-12 18:00 . 2011-09-15 14:06 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-06-12 18:00 . 2011-06-16 14:07 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-08-17 14:16 . 2011-08-17 14:16 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-06-20 14:06 . 2011-06-20 14:06 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2004-08-10 16:51 . 2010-06-18 17:45 293376 c:\windows\system32\winsrv.dll
+ 2004-08-10 16:51 . 2011-06-20 17:44 293376 c:\windows\system32\winsrv.dll
+ 2004-08-10 16:51 . 2011-06-23 18:36 916480 c:\windows\system32\wininet.dll
- 2004-08-10 16:51 . 2011-04-25 16:11 916480 c:\windows\system32\wininet.dll
+ 2004-08-10 16:51 . 2011-04-25 16:11 916480 c:\windows\system32\wininet(3).dll
+ 2004-08-10 16:51 . 2011-06-23 18:36 105984 c:\windows\system32\url.dll
- 2004-08-10 16:51 . 2009-03-08 08:34 105984 c:\windows\system32\url.dll
+ 2004-08-10 16:51 . 2009-03-08 08:34 105984 c:\windows\system32\url(3).dll
+ 2009-09-21 17:30 . 2011-10-04 17:23 217308 c:\windows\system32\Restore\rstrlog.dat
+ 2006-11-13 17:39 . 2006-11-13 17:39 138024 c:\windows\system32\rapi.dll
+ 2004-08-10 16:51 . 2011-09-23 14:09 496928 c:\windows\system32\perfh009.dat
+ 2004-08-10 16:51 . 2011-06-23 18:36 206848 c:\windows\system32\occache.dll
- 2004-08-10 16:51 . 2011-04-25 16:11 206848 c:\windows\system32\occache.dll
+ 2004-08-10 16:51 . 2011-06-23 18:36 611840 c:\windows\system32\mstime.dll
- 2004-08-10 16:51 . 2011-04-25 16:11 611840 c:\windows\system32\mstime.dll
- 2006-11-08 01:03 . 2011-04-25 16:11 602112 c:\windows\system32\msfeeds.dll
+ 2006-11-08 01:03 . 2011-06-23 18:36 602112 c:\windows\system32\msfeeds.dll
+ 2011-10-04 16:05 . 2011-10-04 16:05 243360 c:\windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe
+ 2011-10-04 16:05 . 2011-10-04 16:05 328864 c:\windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.dll
- 2004-08-10 16:51 . 2011-04-25 16:11 184320 c:\windows\system32\iepeers.dll
+ 2004-08-10 16:51 . 2011-06-23 18:36 184320 c:\windows\system32\iepeers.dll
- 2004-08-10 16:51 . 2011-04-25 16:11 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-10 16:51 . 2011-06-23 18:36 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-10 16:51 . 2011-04-25 12:01 173568 c:\windows\system32\ie4uinit.exe
+ 2004-08-10 16:51 . 2011-06-23 12:05 173568 c:\windows\system32\ie4uinit.exe
+ 2004-08-10 16:57 . 2011-07-14 14:21 305216 c:\windows\system32\FNTCACHE.DAT
- 2004-08-10 16:57 . 2011-07-06 13:47 305216 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-10 17:01 . 2011-06-24 14:10 139656 c:\windows\system32\drivers\rdpwd.sys
- 2004-08-10 17:01 . 2008-04-14 00:13 139656 c:\windows\system32\drivers\rdpwd.sys
+ 2010-03-26 01:30 . 2011-04-18 17:18 165648 c:\windows\system32\drivers\MpFilter.sys
+ 2010-06-18 17:45 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
- 2010-06-18 17:45 . 2010-06-18 17:45 293376 c:\windows\system32\dllcache\winsrv.dll
+ 2007-05-09 16:01 . 2011-06-23 18:36 916480 c:\windows\system32\dllcache\wininet.dll
- 2007-05-09 16:01 . 2011-04-25 16:11 916480 c:\windows\system32\dllcache\wininet.dll
+ 2006-10-17 16:05 . 2011-06-23 18:36 105984 c:\windows\system32\dllcache\url.dll
- 2006-10-17 16:05 . 2009-03-08 08:34 105984 c:\windows\system32\dllcache\url.dll
+ 2011-08-10 15:16 . 2011-06-24 14:10 139656 c:\windows\system32\dllcache\rdpwd.sys
+ 2006-10-17 16:04 . 2011-06-23 18:36 206848 c:\windows\system32\dllcache\occache.dll
- 2006-10-17 16:04 . 2011-04-25 16:11 206848 c:\windows\system32\dllcache\occache.dll
- 2007-05-09 16:01 . 2011-04-25 16:11 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-05-09 16:01 . 2011-06-23 18:36 611840 c:\windows\system32\dllcache\mstime.dll
+ 2007-04-25 08:41 . 2011-06-23 18:36 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2007-04-25 08:41 . 2011-04-25 16:11 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-11-12 14:09 . 2011-07-15 13:29 456320 c:\windows\system32\dllcache\mrxsmb.sys
- 2008-11-12 14:09 . 2011-04-29 16:19 456320 c:\windows\system32\dllcache\mrxsmb.sys
+ 2009-10-07 18:34 . 2011-06-23 18:36 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-10-07 18:34 . 2011-04-25 16:11 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2007-05-09 16:01 . 2011-06-23 18:36 184320 c:\windows\system32\dllcache\iepeers.dll
- 2007-05-09 16:01 . 2011-04-25 16:11 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-11 13:18 . 2011-04-25 16:11 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-11 13:18 . 2011-06-23 18:36 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2006-11-07 07:27 . 2011-06-23 18:36 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2006-11-07 07:27 . 2011-04-25 16:11 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2006-11-07 07:26 . 2011-06-23 12:05 173568 c:\windows\system32\dllcache\ie4uinit.exe
- 2006-11-07 07:26 . 2011-04-25 12:01 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-09-03 10:17 . 2011-09-09 09:12 599040 c:\windows\system32\dllcache\crypt32.dll
+ 2011-09-23 13:43 . 2011-09-23 13:43 912384 c:\windows\Installer\a101f.msi
+ 2011-08-17 14:12 . 2011-08-17 14:12 785920 c:\windows\Installer\8aea7.msi
+ 2011-08-17 14:11 . 2011-08-17 14:11 483840 c:\windows\Installer\8ae8a.msi
+ 2011-08-17 14:11 . 2011-08-17 14:11 301056 c:\windows\Installer\8ae82.msi
- 2007-08-02 13:18 . 2011-06-16 14:09 888080 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-08-02 13:18 . 2011-09-15 14:07 888080 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-08-02 13:18 . 2011-09-15 14:07 217864 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\misc.exe
- 2007-08-02 13:18 . 2011-06-16 14:09 217864 c:\windows\Installer\{91120000-001B-0000-0000-0000000FF1CE}\misc.exe
- 2007-08-02 13:05 . 2011-06-16 14:13 217864 c:\windows\Installer\{91120000-0016-0000-0000-0000000FF1CE}\misc.exe
+ 2007-08-02 13:05 . 2011-09-15 14:05 217864 c:\windows\Installer\{91120000-0016-0000-0000-0000000FF1CE}\misc.exe
- 2007-06-12 18:00 . 2011-06-16 14:07 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-06-12 18:00 . 2011-09-15 14:06 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-06-12 18:00 . 2011-09-15 14:06 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-06-12 18:00 . 2011-06-16 14:07 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-06-12 18:00 . 2011-09-15 14:06 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-06-12 18:00 . 2011-06-16 14:07 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-06-12 18:00 . 2011-09-15 14:06 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-06-12 18:00 . 2011-06-16 14:07 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-06-12 18:00 . 2011-09-15 14:06 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-06-12 18:00 . 2011-06-16 14:07 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-06-12 18:00 . 2011-09-15 14:06 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-06-12 18:00 . 2011-06-16 14:07 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2011-08-17 14:05 . 2011-04-25 16:11 916480 c:\windows\ie8updates\KB2559049-IE8\wininet.dll
+ 2011-08-17 14:05 . 2009-03-08 08:34 105984 c:\windows\ie8updates\KB2559049-IE8\url.dll
+ 2011-08-17 14:05 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2559049-IE8\spuninst\updspapi.dll
+ 2011-08-17 14:05 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2559049-IE8\spuninst\spuninst.exe
+ 2011-08-17 14:05 . 2011-04-25 16:11 206848 c:\windows\ie8updates\KB2559049-IE8\occache.dll
+ 2011-08-17 14:05 . 2011-04-25 16:11 611840 c:\windows\ie8updates\KB2559049-IE8\mstime.dll
+ 2011-08-17 14:05 . 2011-04-25 16:11 602112 c:\windows\ie8updates\KB2559049-IE8\msfeeds.dll
+ 2011-08-17 14:05 . 2011-04-25 16:11 247808 c:\windows\ie8updates\KB2559049-IE8\ieproxy.dll
+ 2011-08-17 14:05 . 2011-04-25 16:11 184320 c:\windows\ie8updates\KB2559049-IE8\iepeers.dll
+ 2011-08-17 14:05 . 2011-04-25 16:11 743424 c:\windows\ie8updates\KB2559049-IE8\iedvtool.dll
+ 2011-08-17 14:05 . 2011-04-25 16:11 387584 c:\windows\ie8updates\KB2559049-IE8\iedkcs32.dll
+ 2011-08-17 14:05 . 2011-04-25 12:01 173568 c:\windows\ie8updates\KB2559049-IE8\ie4uinit.exe
- 2008-11-12 14:09 . 2011-04-29 16:19 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-11-12 14:09 . 2011-07-15 13:29 456320 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2011-08-17 15:48 . 2011-08-17 15:48 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\cc14c69205b984edba1db26fd5e421ac\WsatConfig.ni.exe
+ 2011-08-17 14:22 . 2011-08-17 14:22 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\39ce0c9c9cc294c0ee26c4ff01522961\WindowsFormsIntegration.ni.dll
+ 2011-08-17 14:22 . 2011-08-17 14:22 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\431e918aee8da919f5b9e3a5195ccf93\UIAutomationClient.ni.dll
+ 2011-08-17 15:51 . 2011-08-17 15:51 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\946eefb99bc116ee68e0e7c69a5a8a5c\System.Xml.Linq.ni.dll
+ 2011-08-17 15:50 . 2011-08-17 15:50 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\a82eef3128b9527dc05b3c8667e713bc\System.Web.Routing.ni.dll
+ 2011-08-17 15:50 . 2011-08-17 15:50 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\203c148c913357bfc2ae9d209101f2b3\System.Web.RegularExpressions.ni.dll
+ 2011-08-17 15:50 . 2011-08-17 15:50 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f89fe39468ea6faf71c4257c89cf3c54\System.Web.Extensions.Design.ni.dll
+ 2011-08-17 15:50 . 2011-08-17 15:50 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\2314ff800782dc85224e69e802a073f7\System.Web.Entity.ni.dll
+ 2011-08-17 15:50 . 2011-08-17 15:50 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f690a8f5d784a5bb20f2cbaa7277eb6c\System.Web.Entity.Design.ni.dll
+ 2011-08-17 15:50 . 2011-08-17 15:50 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\c5c96400424b85536443623f96f64581\System.Web.DynamicData.ni.dll
+ 2011-08-17 15:50 . 2011-08-17 15:50 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5f8e87b47465a038403e73012c6d102a\System.Web.Abstractions.ni.dll
+ 2011-08-17 15:50 . 2011-08-17 15:50 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\846dd505f97805f00999ee26aec9bf75\System.Transactions.ni.dll
+ 2011-08-17 15:50 . 2011-08-17 15:50 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
+ 2011-08-17 15:48 . 2011-08-17 15:48 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\de9cd25ccb24bcf8a0316756e766721f\System.Security.ni.dll
+ 2011-08-17 15:50 . 2011-08-17 15:50 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\21248037960cf6dfa2ce401d355bd6c9\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-08-17 15:50 . 2011-08-17 15:50 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\480ea914e13fe41cdd8fb542bb1f7e81\System.Net.ni.dll
+ 2011-08-17 15:50 . 2011-08-17 15:50 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll
+ 2011-08-17 15:50 . 2011-08-17 15:50 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\dc72c7581f1b3794c0ea595ba02ff7ad\System.Management.Instrumentation.ni.dll
+ 2011-08-17 15:47 . 2011-08-17 15:47 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\fcf8612a210d1f76e0b37dc8467b4696\System.IO.Log.ni.dll
+ 2011-08-17 15:47 . 2011-08-17 15:47 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\ec017b5a95d02fccaefd835490ef1e14\System.IdentityModel.Selectors.ni.dll
+ 2011-08-17 15:49 . 2011-08-17 15:49 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.Wrapper.dll
+ 2011-08-17 15:49 . 2011-08-17 15:49 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll
+ 2011-08-17 14:21 . 2011-08-17 14:21 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\f7cd3d07c15366b76fe4c38d24455d6b\System.Drawing.Design.ni.dll
+ 2011-08-17 15:49 . 2011-08-17 15:49 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\822c996e6ad4901219b7de399a6f78bf\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-08-17 15:49 . 2011-08-17 15:49 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\1ffe911e62f482e42be2c4428bd08c10\System.DirectoryServices.Protocols.ni.dll
+ 2011-08-17 15:49 . 2011-08-17 15:49 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e1c009b2c9becdb732a2ea45f32a46b8\System.Data.Services.Design.ni.dll
+ 2011-08-17 15:49 . 2011-08-17 15:49 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\1defd94e1662a4478ccf2cd0b1b4e6a6\System.Data.Services.Client.ni.dll
+ 2011-08-17 15:49 . 2011-08-17 15:49 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04267c1dbdcdd8ec37e1518126767ead\System.Data.Entity.Design.ni.dll
+ 2011-08-17 15:48 . 2011-08-17 15:48 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\f2a6d41b3f6e26eea6dcac9298aa637b\System.Data.DataSetExtensions.ni.dll
+ 2011-08-17 15:48 . 2011-08-17 15:48 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
+ 2011-08-17 15:50 . 2011-08-17 15:50 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\585e68739b2a8aff61ee6b2786513245\System.Configuration.Install.ni.dll
+ 2011-08-17 15:48 . 2011-08-17 15:48 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\fbf6ef12d1456058acde29f2640092fb\System.AddIn.ni.dll
+ 2011-08-17 15:48 . 2011-08-17 15:48 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\896e42071939e038008b0bbbfed1213c\SMSvcHost.ni.exe
+ 2011-08-17 15:48 . 2011-08-17 15:48 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ca07e9cf488af1290d2340d682574a24\SMDiagnostics.ni.dll
+ 2011-08-17 15:48 . 2011-08-17 15:48 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\a5aa977dd575a6beb3a416bd480b98a7\ServiceModelReg.ni.exe
+ 2011-08-17 14:19 . 2011-08-17 14:19 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f52e48f55258d0a04fbab3a1f93752e9\PresentationFramework.Classic.ni.dll
+ 2011-08-17 14:19 . 2011-08-17 14:19 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\cf812b99f587ab514afb36fa9d4c1567\PresentationFramework.Aero.ni.dll
+ 2011-08-17 14:19 . 2011-08-17 14:19 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b7795999cc67f3a6cec40f5b24005e00\PresentationFramework.Luna.ni.dll
+ 2011-08-17 14:20 . 2011-08-17 14:20 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09f5af61ea2af04eb32c04b3091ffc86\PresentationFramework.Royale.ni.dll
+ 2011-08-17 15:48 . 2011-08-17 15:48 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\2d89c7b72bc8e527b26d5b6f3b931012\MSBuild.ni.exe
+ 2011-08-17 15:48 . 2011-08-17 15:48 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\39e9d172f0cf5eec30b1b67212cc032b\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-08-17 15:48 . 2011-08-17 15:48 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\f1b0ec3ccde9142e67ac681fb521ac66\Microsoft.Build.Utilities.ni.dll
+ 2011-08-17 15:48 . 2011-08-17 15:48 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\9250f038410f0d6432e3ccb0b046862b\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-08-17 15:48 . 2011-08-17 15:48 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a4672179aba638cd78bdfe268391b47b\Microsoft.Build.Engine.ni.dll
+ 2011-08-17 15:48 . 2011-08-17 15:48 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\37db660a84ee52b61a7ca55812581bbd\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-08-17 15:48 . 2011-08-17 15:48 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\fe9a21b94803f74697bb42b9d1fdea5b\ComSvcConfig.ni.exe
+ 2011-08-17 15:47 . 2011-08-17 15:47 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\f160c8e40b60edd47ae74b0b911fece1\AspNetMMCExt.ni.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-09-07 20:24 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2607712$\spuninst\updspapi.dll
+ 2011-09-07 20:24 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2607712$\spuninst\spuninst.exe
+ 2011-09-07 20:24 . 2008-04-14 00:11 599040 c:\windows\$NtUninstallKB2607712$\crypt32.dll
+ 2011-08-24 21:29 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2570791$\spuninst\updspapi.dll
+ 2011-08-24 21:29 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2570791$\spuninst\spuninst.exe
+ 2011-08-17 14:11 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2570222$\spuninst\updspapi.dll
+ 2011-08-17 14:11 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2570222$\spuninst\spuninst.exe
+ 2011-08-17 14:11 . 2008-04-14 00:13 139656 c:\windows\$NtUninstallKB2570222$\rdpwd.sys
+ 2011-08-17 14:13 . 2011-04-26 11:07 293376 c:\windows\$NtUninstallKB2567680$\winsrv.dll
+ 2011-08-17 14:13 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2567680$\spuninst\updspapi.dll
+ 2011-08-17 14:13 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2567680$\spuninst\spuninst.exe
+ 2011-08-17 14:05 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2566454$\spuninst\updspapi.dll
+ 2011-08-17 14:05 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2566454$\spuninst\spuninst.exe
+ 2011-08-17 14:04 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2562937$\spuninst\updspapi.dll
+ 2011-08-17 14:04 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2562937$\spuninst\spuninst.exe
+ 2011-07-13 14:01 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2555917$\spuninst\updspapi.dll
+ 2011-07-13 14:01 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2555917$\spuninst\spuninst.exe
+ 2011-08-17 14:13 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2536276-v2$\spuninst\updspapi.dll
+ 2011-08-17 14:13 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe
+ 2011-08-17 14:13 . 2011-04-29 16:19 456320 c:\windows\$NtUninstallKB2536276-v2$\mrxsmb.sys
+ 2011-07-13 14:04 . 2010-06-18 17:45 293376 c:\windows\$NtUninstallKB2507938$\winsrv.dll
+ 2011-07-13 14:04 . 2010-07-05 13:16 382840 c:\windows\$NtUninstallKB2507938$\spuninst\updspapi.dll
+ 2011-07-13 14:04 . 2010-07-05 13:15 231288 c:\windows\$NtUninstallKB2507938$\spuninst\spuninst.exe
+ 2011-09-07 20:24 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2607712\update\updspapi.dll
+ 2011-09-07 20:24 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2607712\update\update.exe
+ 2011-09-07 20:24 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2607712\spuninst.exe
+ 2011-09-03 10:16 . 2011-09-03 10:16 599552 c:\windows\$hf_mig$\KB2607712\SP3QFE\crypt32.dll
+ 2011-08-17 14:11 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2570222\update\updspapi.dll
+ 2011-08-17 14:11 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2570222\update\update.exe
+ 2011-08-17 14:11 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2570222\spuninst.exe
+ 2011-08-10 15:16 . 2011-06-24 14:09 139656 c:\windows\$hf_mig$\KB2570222\SP3QFE\rdpwd.sys
+ 2011-08-17 14:13 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2567680\update\updspapi.dll
+ 2011-08-17 14:13 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2567680\update\update.exe
+ 2011-08-17 14:13 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2567680\spuninst.exe
+ 2011-06-20 17:43 . 2011-06-20 17:43 293376 c:\windows\$hf_mig$\KB2567680\SP3QFE\winsrv.dll
+ 2011-08-17 14:05 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2566454\update\updspapi.dll
+ 2011-08-17 14:05 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2566454\update\update.exe
+ 2011-08-17 14:05 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2566454\spuninst.exe
+ 2011-08-17 14:04 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2562937\update\updspapi.dll
+ 2011-08-17 14:04 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2562937\update\update.exe
+ 2011-08-17 14:04 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2562937\spuninst.exe
+ 2011-08-17 14:05 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2559049-IE8\update\updspapi.dll
+ 2011-08-17 14:05 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2559049-IE8\update\update.exe
+ 2011-08-17 14:05 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2559049-IE8\spuninst.exe
+ 2011-08-10 15:15 . 2011-06-23 18:33 919552 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
+ 2011-08-10 15:15 . 2011-06-23 18:33 105984 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\url.dll
+ 2011-08-10 15:15 . 2011-06-23 18:33 206848 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\occache.dll
+ 2011-08-10 15:15 . 2011-06-23 18:33 611840 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mstime.dll
+ 2011-08-10 15:15 . 2011-06-23 18:33 602112 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\msfeeds.dll
+ 2011-08-10 15:15 . 2011-06-23 18:33 247808 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\ieproxy.dll
+ 2011-08-10 15:15 . 2011-06-23 18:33 184320 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iepeers.dll
+ 2011-08-10 15:15 . 2011-06-23 18:33 743424 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iedvtool.dll
+ 2011-08-10 15:15 . 2011-06-23 18:33 387584 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iedkcs32.dll
+ 2011-08-10 15:15 . 2011-06-23 12:19 173568 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\ie4uinit.exe
+ 2011-07-13 14:01 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2555917\update\updspapi.dll
+ 2011-07-13 14:01 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2555917\update\update.exe
+ 2011-07-13 14:01 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2555917\spuninst.exe
+ 2011-08-17 14:13 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2536276-v2\update\updspapi.dll
+ 2011-08-17 14:13 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2536276-v2\update\update.exe
+ 2011-08-17 14:13 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2536276-v2\spuninst.exe
+ 2011-08-10 15:17 . 2011-07-15 13:29 457856 c:\windows\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys
+ 2011-07-13 14:04 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2507938\update\updspapi.dll
+ 2011-07-13 14:04 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2507938\update\update.exe
+ 2011-07-13 14:04 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2507938\spuninst.exe
+ 2011-04-26 11:02 . 2011-04-26 11:02 293376 c:\windows\$hf_mig$\KB2507938\SP3QFE\winsrv.dll
+ 2004-08-10 16:51 . 2011-06-02 14:02 1858944 c:\windows\system32\win32k.sys
+ 2004-08-10 16:51 . 2011-06-23 18:36 1212416 c:\windows\system32\urlmon.dll
+ 2004-08-10 16:51 . 2011-04-25 16:11 1211904 c:\windows\system32\urlmon(3).dll
+ 2004-08-10 16:51 . 2011-07-25 15:17 5969920 c:\windows\system32\mshtml.dll
+ 2006-10-17 15:57 . 2011-06-23 18:36 1991680 c:\windows\system32\iertutil.dll
- 2006-10-17 15:57 . 2011-04-25 16:11 1991680 c:\windows\system32\iertutil.dll
+ 2008-10-16 12:57 . 2011-06-02 14:02 1858944 c:\windows\system32\dllcache\win32k.sys
+ 2007-05-09 16:01 . 2011-06-23 18:36 1212416 c:\windows\system32\dllcache\urlmon.dll
+ 2007-05-09 16:01 . 2011-07-25 15:17 5969920 c:\windows\system32\dllcache\mshtml.dll
+ 2007-04-25 08:41 . 2011-06-23 18:36 1991680 c:\windows\system32\dllcache\iertutil.dll
- 2007-04-25 08:41 . 2011-04-25 16:11 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-04-29 01:50 . 2011-04-29 01:50 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2011-01-18 08:39 . 2011-01-18 08:39 3182592 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-05-02 04:06 . 2011-05-02 04:06 2705920 c:\windows\Installer\8aeae.msp
+ 2011-07-26 17:50 . 2011-07-26 17:50 5522432 c:\windows\Installer\8ae7b.msp
+ 2011-10-04 16:05 . 2011-10-04 16:05 1093632 c:\windows\Installer\534d612.msi
+ 2011-08-10 21:43 . 2011-08-10 21:43 3795968 c:\windows\Installer\3feb575.msp
+ 2011-07-26 12:17 . 2011-07-26 12:17 6824960 c:\windows\Installer\3feb552.msp
+ 2011-08-16 16:35 . 2011-08-16 16:35 5519872 c:\windows\Installer\3feb53e.msp
+ 2011-09-07 01:46 . 2011-09-07 01:46 9006080 c:\windows\Installer\3feb529.msp
+ 2011-08-10 21:42 . 2011-08-10 21:42 7070208 c:\windows\Installer\3feb510.msp
+ 2011-09-07 01:48 . 2011-09-07 01:48 8181248 c:\windows\Installer\3feb502.msp
+ 2011-07-27 11:39 . 2011-07-27 11:39 9892352 c:\windows\Installer\3feb4e9.msp
+ 2011-05-23 18:15 . 2011-05-23 18:15 3617792 c:\windows\Installer\215073.msp
+ 2011-05-02 04:06 . 2011-05-02 04:06 2705920 c:\windows\Installer\161b730.msp
+ 2011-07-26 17:50 . 2011-07-26 17:50 5522432 c:\windows\Installer\161b729.msp
- 2007-08-02 13:05 . 2011-06-16 14:13 1172240 c:\windows\Installer\{91120000-0016-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-08-02 13:05 . 2011-09-15 14:05 1172240 c:\windows\Installer\{91120000-0016-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-04-03 22:21 . 2009-04-03 22:21 8543096 c:\windows\Installer\$PatchCache$\Managed\00002119B10000000000000000F01FEC\12.0.6425\OARTCONV.DLL
+ 2011-08-17 14:05 . 2011-04-25 16:11 1211904 c:\windows\ie8updates\KB2559049-IE8\urlmon.dll
+ 2011-08-17 14:05 . 2011-05-30 22:19 5964800 c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
+ 2011-08-17 14:05 . 2011-04-25 16:11 1991680 c:\windows\ie8updates\KB2559049-IE8\iertutil.dll
+ 2011-09-18 16:28 . 2011-09-18 16:28 3126944 c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2011-08-17 14:18 . 2011-08-17 14:18 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd6e0cd6f124a6d041ef1b4c9a5f080b\WindowsBase.ni.dll
+ 2011-08-17 14:22 . 2011-08-17 14:22 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\162600dde59fbaa0c048a949158ecba3\UIAutomationClientsideProviders.ni.dll
+ 2011-08-17 14:17 . 2011-08-17 14:17 7950848 c:\windows\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
+ 2011-08-17 14:22 . 2011-08-17 14:22 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
+ 2011-08-17 15:51 . 2011-08-17 15:51 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\22229a30650a9afbac984e1093898b13\System.WorkflowServices.ni.dll
+ 2011-08-17 15:51 . 2011-08-17 15:51 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\4d6b3cc1fc7a4788612241af7966715a\System.Workflow.Runtime.ni.dll
+ 2011-08-17 15:51 . 2011-08-17 15:51 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\e4c9853af945c9cfede19f3faf18af6e\System.Workflow.ComponentModel.ni.dll
+ 2011-08-17 15:51 . 2011-08-17 15:51 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\ab4b50c7c789e46a485903365765fde8\System.Workflow.Activities.ni.dll
+ 2011-08-17 15:50 . 2011-08-17 15:50 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a2392c995b1bb6b63079091259222357\System.Web.Services.ni.dll
+ 2011-08-17 15:50 . 2011-08-17 15:50 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\3da92a0b9b8ac97e11ca8bf4df671a78\System.Web.Mobile.ni.dll
+ 2011-08-17 15:50 . 2011-08-17 15:50 2405376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\01f4d6aa3299a41b8578b7e96afdcfb1\System.Web.Extensions.ni.dll
+ 2011-08-17 14:21 . 2011-08-17 14:21 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e1208f0d981c420fc59f806bfbaa713b\System.Speech.ni.dll
+ 2011-08-17 15:50 . 2011-08-17 15:50 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\27e1b8dfd5e1ccf2c5b9efc51f674c69\System.ServiceModel.Web.ni.dll
+ 2011-08-17 15:47 . 2011-08-17 15:47 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\dece01bd9e9c32e47630fdfc78d3bd32\System.Runtime.Serialization.ni.dll
+ 2011-08-17 14:21 . 2011-08-17 14:21 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\90b444d02047ef27921153d46967ef0e\System.Printing.ni.dll
+ 2011-08-17 15:47 . 2011-08-17 15:47 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a50e2fc92db32751857fb8d297f9d7bc\System.IdentityModel.ni.dll
+ 2011-08-17 14:21 . 2011-08-17 14:21 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
+ 2011-08-17 15:49 . 2011-08-17 15:49 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\259ecf480769f4e60514b7ae2abaa6f1\System.DirectoryServices.ni.dll
+ 2011-08-17 15:49 . 2011-08-17 15:49 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\71cf3eb40fc38e6ac8fba09e872d2878\System.Deployment.ni.dll
+ 2011-08-17 14:20 . 2011-08-17 14:20 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\db2d84e279807592a680ef4135e9fe9a\System.Data.ni.dll
+ 2011-08-17 15:48 . 2011-08-17 15:48 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0b16305773369cf740c6a2b1f1d785b2\System.Data.SqlXml.ni.dll
+ 2011-08-17 15:49 . 2011-08-17 15:49 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\c1b9b8ce390548dcca661a5e6a908408\System.Data.Services.ni.dll
+ 2011-08-17 14:20 . 2011-08-17 14:20 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\571af34939797a7c1cd05b0b925a45bf\System.Data.Linq.ni.dll
+ 2011-08-17 15:49 . 2011-08-17 15:49 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\2b58cc071d6bf0c741e91f86c09de5d7\System.Data.Entity.ni.dll
+ 2011-08-17 14:20 . 2011-08-17 14:20 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e54e013315849f5e34d8f2a8e7fdb450\System.Core.ni.dll
+ 2011-08-17 14:20 . 2011-08-17 14:20 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\24ab0cacc77e8696ceff3157942a2de4\ReachFramework.ni.dll
+ 2011-08-17 14:20 . 2011-08-17 14:20 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\fac1ca86f4fea17de40d7fdaba38563e\PresentationUI.ni.dll
+ 2011-08-17 14:18 . 2011-08-17 14:18 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b187becbc388c4ce7f33ede4da76e7b1\PresentationBuildTasks.ni.dll
+ 2011-08-17 15:48 . 2011-08-17 15:48 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c6b19db2534042d435ede580f92bc75c\Microsoft.VisualBasic.ni.dll
+ 2011-08-17 15:48 . 2011-08-17 15:48 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\08594c4ba9ea0253a836fe1d8d341984\Microsoft.Transactions.Bridge.ni.dll
+ 2011-08-17 15:50 . 2011-08-17 15:50 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\345abd035c9378667b1cac54c1f21c97\Microsoft.JScript.ni.dll
+ 2011-08-17 15:48 . 2011-08-17 15:48 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\906cd5555b79e4e0486dc8ef2a748b13\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-08-17 15:48 . 2011-08-17 15:48 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\7baff7d694394aaba490082c88d48fd2\Microsoft.Build.Tasks.ni.dll
+ 2011-08-17 15:48 . 2011-08-17 15:48 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\235a22e1ae9742bb724d411629dd99d5\Microsoft.Build.Engine.ni.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-08-17 14:15 . 2011-08-17 14:15 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-08-17 14:16 . 2011-08-17 14:16 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-06-20 14:06 . 2011-06-20 14:06 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-07-13 14:01 . 2011-03-03 13:21 1857920 c:\windows\$NtUninstallKB2555917$\win32k.sys
+ 2011-08-10 15:15 . 2011-06-23 18:33 1214464 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\urlmon.dll
+ 2011-08-10 15:15 . 2011-07-25 15:15 5971456 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
+ 2011-08-10 15:15 . 2011-06-23 18:33 1992192 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\iertutil.dll
+ 2011-06-02 14:07 . 2011-06-02 14:07 1867904 c:\windows\$hf_mig$\KB2555917\SP3QFE\win32k.sys
+ 2009-04-17 13:04 . 2011-09-28 14:01 47369160 c:\windows\system32\MRT.exe
+ 2006-11-08 01:03 . 2011-06-23 18:36 11081728 c:\windows\system32\ieframe.dll
- 2006-11-08 01:03 . 2011-04-26 14:11 11081728 c:\windows\system32\ieframe.dll
+ 2007-04-25 08:41 . 2011-06-23 18:36 11081728 c:\windows\system32\dllcache\ieframe.dll
- 2007-04-25 08:41 . 2011-04-26 14:11 11081728 c:\windows\system32\dllcache\ieframe.dll
+ 2011-07-26 20:33 . 2011-07-26 20:33 10984448 c:\windows\Installer\3feb567.msp
+ 2009-04-03 22:21 . 2009-04-03 22:21 16037736 c:\windows\Installer\$PatchCache$\Managed\00002119610000000000000000F01FEC\12.0.6425\OART.DLL
+ 2011-08-17 14:05 . 2011-04-26 14:11 11081728 c:\windows\ie8updates\KB2559049-IE8\ieframe.dll
+ 2011-08-17 14:22 . 2011-08-17 14:22 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
+ 2011-08-17 15:50 . 2011-08-17 15:50 11800576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll
+ 2011-08-17 15:48 . 2011-08-17 15:48 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e3a0205acab2215fbad7927d9d483aeb\System.ServiceModel.ni.dll
+ 2011-08-17 14:21 . 2011-08-17 14:21 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\63ad0cd9b5e038c8e2e41415657db8fc\System.Design.ni.dll
+ 2011-08-17 14:19 . 2011-08-17 14:19 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\704556e34128441ea9f1a81cc89f8a79\PresentationFramework.ni.dll
+ 2011-08-17 14:18 . 2011-08-17 14:18 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\5f332c48d03eca57419c4f0e884092ee\PresentationCore.ni.dll
+ 2011-06-25 05:03 . 2011-06-25 05:03 11083776 c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-28 4611456]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2010-1-19 921707]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-30 113024]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2006-10-12 14:42 450649 ----a-r- c:\windows\system32\PRISMAPI.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2006-08-14 18:20 462336 ----a-w- c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-05-09 16:16 169984 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I.R.I.S. Desktop Search]
2006-01-11 13:37 5193512 ----a-w- c:\program files\IRIS Desktop Search\IRISDesktopSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-01-15 08:22 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-30 13:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqgalry.exe"=
"c:\\Documents and Settings\\Christopher Nova\\Desktop\\nes\\VirtuaNES.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/13/2009 8:48 AM 28544]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/25/2011 8:49 AM 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/12/2009 9:24 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/2/2010 8:35 AM 116608]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [1/19/2010 2:27 PM 61529]
R3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [9/5/2007 11:30 AM 9344]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 6:06 AM 21632]
S1 MpKsl348a0138;MpKsl348a0138;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{425DB155-C825-4CD2-8696-CFA42DB50DBF}\MpKsl348a0138.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{425DB155-C825-4CD2-8696-CFA42DB50DBF}\MpKsl348a0138.sys [?]
S1 MpKsl4a861a9e;MpKsl4a861a9e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{11CEB32F-3F2E-4B10-900D-4B7E25029816}\MpKsl4a861a9e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{11CEB32F-3F2E-4B10-900D-4B7E25029816}\MpKsl4a861a9e.sys [?]
S1 MpKsl587ae904;MpKsl587ae904;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0DDDBCC-27EE-4A7C-AA0D-C623596B7323}\MpKsl587ae904.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0DDDBCC-27EE-4A7C-AA0D-C623596B7323}\MpKsl587ae904.sys [?]
S1 MpKsl7cd5c4b0;MpKsl7cd5c4b0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E1294D3-77FA-473F-AFCF-EAC03B262390}\MpKsl7cd5c4b0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E1294D3-77FA-473F-AFCF-EAC03B262390}\MpKsl7cd5c4b0.sys [?]
S1 MpKsl8c05965a;MpKsl8c05965a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98E544DF-F6F3-4658-AC67-014C9465481B}\MpKsl8c05965a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98E544DF-F6F3-4658-AC67-014C9465481B}\MpKsl8c05965a.sys [?]
S1 MpKsl995b3c26;MpKsl995b3c26;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3DED232-1984-43F5-B1E8-131F4F8C063E}\MpKsl995b3c26.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3DED232-1984-43F5-B1E8-131F4F8C063E}\MpKsl995b3c26.sys [?]
S1 MpKsl9a7cda48;MpKsl9a7cda48;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E1294D3-77FA-473F-AFCF-EAC03B262390}\MpKsl9a7cda48.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E1294D3-77FA-473F-AFCF-EAC03B262390}\MpKsl9a7cda48.sys [?]
S1 MpKsla0e20273;MpKsla0e20273;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CFCB3CFE-4EC5-454F-8F32-1C5E150EB9E2}\MpKsla0e20273.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CFCB3CFE-4EC5-454F-8F32-1C5E150EB9E2}\MpKsla0e20273.sys [?]
S1 MpKslb4638dd0;MpKslb4638dd0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C106391-F796-4F48-B6BD-110837462DB5}\MpKslb4638dd0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C106391-F796-4F48-B6BD-110837462DB5}\MpKslb4638dd0.sys [?]
S1 MpKslf837ab25;MpKslf837ab25;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{16F2659B-730B-47FA-A691-122483152B2D}\MpKslf837ab25.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{16F2659B-730B-47FA-A691-122483152B2D}\MpKslf837ab25.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 12872]
S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys --> c:\windows\system32\XDva390.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
.
2011-10-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070509
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070509
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.237.161.12 71.243.0.12
FF - ProfilePath - c:\documents and settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Christopher Nova\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{156131D7-0E92-44E4-B604-A0E8D6420097} - c:\documents and settings\Christopher Nova\Local Settings\Application Data\ShellUser.dll
HKCU-Run-DisplayNotifierNotifier - c:\documents and settings\All Users\Application Data\DisplayNotifierNotifier.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-11 15:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
c:\program files\Internet Explorer\iexplore.exe [3316] 0x851BDBF8
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(4056)
c:\windows\system32\WININET.dll
c:\program files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\PRISMSVR.EXE
c:\windows\stsystra.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
c:\windows\system32\SearchProtocolHost.exe
.
**************************************************************************
.
Completion time: 2011-10-11 16:02:53 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-11 20:02
ComboFix2.txt 2011-07-07 15:08
.
Pre-Run: 78,589,788,160 bytes free
Post-Run: 79,195,271,168 bytes free
.
- - End Of File - - 49C38DD6A91E27A11CF16AA317122D98
  • 0

#10
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Hi, the computer seems to being running a little bit faster, but my anti virus still can't get into real time protection mode and MBAM won't load. You were right, Combofix said I am infected with ZeroAccess. Here is the log.

We seem to be making some progress.


ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
Folder::
c:\documents and settings\Christopher Nova\Application Data\XpnG4aQH6W7R9Tq
c:\documents and settings\Christopher Nova\Application Data\bXwkUVrlOtPuSiD
c:\documents and settings\Christopher Nova\Application Data\O9hTXwjUClBzNc1
c:\documents and settings\Christopher Nova\Application Data\JhYCwkIVrOtAuSi
c:\documents and settings\Christopher Nova\Application Data\maQH6dWK7R9TqUe
c:\documents and settings\Christopher Nova\Application Data\UF4amH5sW7E8TqY
c:\documents and settings\Christopher Nova\Application Data\YH6dWK8fR9
c:\documents and settings\Christopher Nova\Application Data\HNtxP0ucSiDpGa
c:\documents and settings\Christopher Nova\Application Data\g4amH6sWJfL
c:\documents and settings\Christopher Nova\Application Data\belIBtzP0c1v3n
c:\documents and settings\Christopher Nova\Application Data\DD3pnG4aQ6W7R9T
c:\documents and settings\Christopher Nova\Application Data\xRZqhYXwkVlBx0c
c:\documents and settings\Christopher Nova\Application Data\yTXwjUVelBz0c1v
c:\documents and settings\Christopher Nova\Application Data\OibF3pnG5Q6W8R9
c:\documents and settings\Christopher Nova\Application Data\z2obF4pmGsJdKgZ
c:\documents and settings\Christopher Nova\Application Data\VTXqjYCekBzNx1v
c:\documents and settings\Christopher Nova\Application Data\RqjYCekIBzNx1v
c:\documents and settings\Christopher Nova\Application Data\JK7fEL9gT
c:\documents and settings\Christopher Nova\Application Data\idEK8fRZ9YwUe
c:\documents and settings\Christopher Nova\Application Data\fzP0ycS1iD

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:


Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

Advertisements


#11
StupidVirus

StupidVirus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi, here is the combofix log I will have to other one in a few minutes.



ComboFix 11-10-11.05 - Christopher Nova 10/12/2011 10:48:40.10.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.532 [GMT -4:00]
Running from: c:\documents and settings\Christopher Nova\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Christopher Nova\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Christopher Nova\Application Data\belIBtzP0c1v3n
c:\documents and settings\Christopher Nova\Application Data\bXwkUVrlOtPuSiD
c:\documents and settings\Christopher Nova\Application Data\DD3pnG4aQ6W7R9T
c:\documents and settings\Christopher Nova\Application Data\DD3pnG4aQ6W7R9T\oc453609_w32.bat
c:\documents and settings\Christopher Nova\Application Data\fzP0ycS1iD
c:\documents and settings\Christopher Nova\Application Data\g4amH6sWJfL
c:\documents and settings\Christopher Nova\Application Data\HNtxP0ucSiDpGa
c:\documents and settings\Christopher Nova\Application Data\idEK8fRZ9YwUe
c:\documents and settings\Christopher Nova\Application Data\JhYCwkIVrOtAuSi
c:\documents and settings\Christopher Nova\Application Data\JK7fEL9gT
c:\documents and settings\Christopher Nova\Application Data\maQH6dWK7R9TqUe
c:\documents and settings\Christopher Nova\Application Data\O9hTXwjUClBzNc1
c:\documents and settings\Christopher Nova\Application Data\OibF3pnG5Q6W8R9
c:\documents and settings\Christopher Nova\Application Data\RqjYCekIBzNx1v
c:\documents and settings\Christopher Nova\Application Data\UF4amH5sW7E8TqY
c:\documents and settings\Christopher Nova\Application Data\VTXqjYCekBzNx1v
c:\documents and settings\Christopher Nova\Application Data\XpnG4aQH6W7R9Tq
c:\documents and settings\Christopher Nova\Application Data\xRZqhYXwkVlBx0c
c:\documents and settings\Christopher Nova\Application Data\YH6dWK8fR9
c:\documents and settings\Christopher Nova\Application Data\yTXwjUVelBz0c1v
c:\documents and settings\Christopher Nova\Application Data\z2obF4pmGsJdKgZ
.
.
((((((((((((((((((((((((( Files Created from 2011-09-12 to 2011-10-12 )))))))))))))))))))))))))))))))
.
.
2011-10-11 18:16 . 2011-10-11 18:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-10-11 17:46 . 2011-10-11 17:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-10-07 19:08 . 2011-10-07 19:09 -------- d-----w- c:\documents and settings\Administrator
2011-10-04 17:06 . 2011-10-04 17:06 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-04 16:05 . 2011-10-04 16:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-04 16:00 . 2011-10-04 16:00 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{71D3F924-CDB7-4143-A394-C07FD2CDA337}\offreg.dll
2011-10-04 16:00 . 2011-09-12 23:14 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{71D3F924-CDB7-4143-A394-C07FD2CDA337}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 18:23 . 2007-05-09 15:52 98304 ----a-w- c:\windows\DUMP5a45.tmp
2011-10-11 17:22 . 2007-05-09 15:52 98304 ----a-w- c:\windows\DUMP5880.tmp
2011-09-12 23:14 . 2010-08-23 13:16 7269712 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-09 09:12 . 2004-08-10 16:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 21:00 . 2009-09-23 19:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-20 13:44 . 2011-08-17 14:12 6881616 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-15 13:29 . 2004-08-10 16:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-10-11_19.56.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-12 14:57 . 2011-10-12 14:57 16384 c:\windows\temp\Perflib_Perfdata_7a4.dat
- 2011-09-09 17:51 . 2011-10-11 20:00 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-09 17:51 . 2011-10-12 15:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-05-16 20:59 . 2011-10-12 15:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-05-16 20:59 . 2011-10-11 20:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-09-09 17:51 . 2011-10-12 15:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-09-09 17:51 . 2011-10-11 20:00 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-28 4611456]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-10 385024]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 245760]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe [2010-1-19 921707]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-30 113024]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2006-10-12 14:42 450649 ----a-r- c:\windows\system32\PRISMAPI.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2006-08-14 18:20 462336 ----a-w- c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-05-09 16:16 169984 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I.R.I.S. Desktop Search]
2006-01-11 13:37 5193512 ----a-w- c:\program files\IRIS Desktop Search\IRISDesktopSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-01-15 08:22 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-30 13:15 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqgalry.exe"=
"c:\\Documents and Settings\\Christopher Nova\\Desktop\\nes\\VirtuaNES.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/13/2009 8:48 AM 28544]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/25/2011 8:49 AM 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/12/2009 9:24 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/2/2010 8:35 AM 116608]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [1/19/2010 2:27 PM 61529]
R3 HPPLSBULK;HPPLSBULK;c:\windows\system32\drivers\hpplsbulk.sys [9/5/2007 11:30 AM 9344]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 6:06 AM 21632]
S1 MpKsl348a0138;MpKsl348a0138;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{425DB155-C825-4CD2-8696-CFA42DB50DBF}\MpKsl348a0138.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{425DB155-C825-4CD2-8696-CFA42DB50DBF}\MpKsl348a0138.sys [?]
S1 MpKsl4a861a9e;MpKsl4a861a9e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{11CEB32F-3F2E-4B10-900D-4B7E25029816}\MpKsl4a861a9e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{11CEB32F-3F2E-4B10-900D-4B7E25029816}\MpKsl4a861a9e.sys [?]
S1 MpKsl587ae904;MpKsl587ae904;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0DDDBCC-27EE-4A7C-AA0D-C623596B7323}\MpKsl587ae904.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A0DDDBCC-27EE-4A7C-AA0D-C623596B7323}\MpKsl587ae904.sys [?]
S1 MpKsl7cd5c4b0;MpKsl7cd5c4b0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E1294D3-77FA-473F-AFCF-EAC03B262390}\MpKsl7cd5c4b0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E1294D3-77FA-473F-AFCF-EAC03B262390}\MpKsl7cd5c4b0.sys [?]
S1 MpKsl8c05965a;MpKsl8c05965a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98E544DF-F6F3-4658-AC67-014C9465481B}\MpKsl8c05965a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{98E544DF-F6F3-4658-AC67-014C9465481B}\MpKsl8c05965a.sys [?]
S1 MpKsl995b3c26;MpKsl995b3c26;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3DED232-1984-43F5-B1E8-131F4F8C063E}\MpKsl995b3c26.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C3DED232-1984-43F5-B1E8-131F4F8C063E}\MpKsl995b3c26.sys [?]
S1 MpKsl9a7cda48;MpKsl9a7cda48;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E1294D3-77FA-473F-AFCF-EAC03B262390}\MpKsl9a7cda48.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E1294D3-77FA-473F-AFCF-EAC03B262390}\MpKsl9a7cda48.sys [?]
S1 MpKsla0e20273;MpKsla0e20273;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CFCB3CFE-4EC5-454F-8F32-1C5E150EB9E2}\MpKsla0e20273.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CFCB3CFE-4EC5-454F-8F32-1C5E150EB9E2}\MpKsla0e20273.sys [?]
S1 MpKslb4638dd0;MpKslb4638dd0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C106391-F796-4F48-B6BD-110837462DB5}\MpKslb4638dd0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2C106391-F796-4F48-B6BD-110837462DB5}\MpKslb4638dd0.sys [?]
S1 MpKslf837ab25;MpKslf837ab25;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{16F2659B-730B-47FA-A691-122483152B2D}\MpKslf837ab25.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{16F2659B-730B-47FA-A691-122483152B2D}\MpKslf837ab25.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 12872]
S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys --> c:\windows\system32\XDva390.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
.
2011-10-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070509
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070509
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.237.161.12 71.243.0.12
FF - ProfilePath - c:\documents and settings\Christopher Nova\Application Data\Mozilla\Firefox\Profiles\ntuzg8xd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Christopher Nova\Application Data\Move Networks
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-12 11:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
c:\program files\Internet Explorer\iexplore.exe [2824] 0x853B7020
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(708)
c:\windows\system32\WININET.dll
c:\program files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\PRISMSVR.EXE
c:\windows\stsystra.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\progra~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\windows\system32\hpbpro.exe
.
**************************************************************************
.
Completion time: 2011-10-12 11:04:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-12 15:04
ComboFix2.txt 2011-10-11 20:02
ComboFix3.txt 2011-07-07 15:08
.
Pre-Run: 79,207,604,224 bytes free
Post-Run: 79,182,983,168 bytes free
.
- - End Of File - - 01260801470A4AD125DABFD148B2314A
  • 0

#12
StupidVirus

StupidVirus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Here is the TDSS log.



11:48:01.0046 0464 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54
11:48:01.0343 0464 ============================================================
11:48:01.0343 0464 Current date / time: 2011/10/12 11:48:01.0343
11:48:01.0343 0464 SystemInfo:
11:48:01.0343 0464
11:48:01.0343 0464 OS Version: 5.1.2600 ServicePack: 3.0
11:48:01.0343 0464 Product type: Workstation
11:48:01.0343 0464 ComputerName: RECEPTION
11:48:01.0343 0464 UserName: Christopher Nova
11:48:01.0343 0464 Windows directory: C:\WINDOWS
11:48:01.0343 0464 System windows directory: C:\WINDOWS
11:48:01.0343 0464 Processor architecture: Intel x86
11:48:01.0343 0464 Number of processors: 2
11:48:01.0343 0464 Page size: 0x1000
11:48:01.0343 0464 Boot type: Normal boot
11:48:01.0343 0464 ============================================================
11:48:02.0109 0464 Initialize success
11:48:40.0593 0592 ============================================================
11:48:40.0593 0592 Scan started
11:48:40.0593 0592 Mode: Manual; SigCheck; TDLFS;
11:48:40.0593 0592 ============================================================
11:48:40.0812 0592 Abiosdsk - ok
11:48:40.0875 0592 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:48:41.0453 0592 abp480n5 - ok
11:48:41.0578 0592 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:48:41.0718 0592 ACPI - ok
11:48:41.0781 0592 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:48:41.0875 0592 ACPIEC - ok
11:48:41.0921 0592 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:48:42.0031 0592 adpu160m - ok
11:48:42.0078 0592 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:48:42.0203 0592 aec - ok
11:48:42.0234 0592 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:48:42.0265 0592 AegisP ( UnsignedFile.Multi.Generic ) - warning
11:48:42.0265 0592 AegisP - detected UnsignedFile.Multi.Generic (1)
11:48:42.0312 0592 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
11:48:42.0343 0592 AFD - ok
11:48:42.0406 0592 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:48:42.0531 0592 agp440 - ok
11:48:42.0609 0592 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:48:42.0718 0592 agpCPQ - ok
11:48:42.0796 0592 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:48:42.0859 0592 Aha154x - ok
11:48:42.0921 0592 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:48:43.0015 0592 aic78u2 - ok
11:48:43.0078 0592 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:48:43.0187 0592 aic78xx - ok
11:48:43.0281 0592 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:48:43.0375 0592 AliIde - ok
11:48:43.0468 0592 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:48:43.0593 0592 alim1541 - ok
11:48:43.0671 0592 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:48:43.0796 0592 amdagp - ok
11:48:43.0890 0592 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:48:43.0937 0592 amsint - ok
11:48:43.0968 0592 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:48:44.0078 0592 Arp1394 - ok
11:48:44.0140 0592 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:48:44.0250 0592 asc - ok
11:48:44.0328 0592 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:48:44.0390 0592 asc3350p - ok
11:48:44.0421 0592 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:48:44.0515 0592 asc3550 - ok
11:48:44.0609 0592 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:48:44.0718 0592 AsyncMac - ok
11:48:44.0796 0592 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:48:44.0906 0592 atapi - ok
11:48:44.0953 0592 Atdisk - ok
11:48:45.0015 0592 ati2mtag (f5fc6ac1e7bc776871361d463fc86be2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:48:45.0125 0592 ati2mtag - ok
11:48:45.0187 0592 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:48:45.0312 0592 Atmarpc - ok
11:48:45.0359 0592 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:48:45.0453 0592 audstub - ok
11:48:45.0515 0592 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:48:45.0625 0592 Beep - ok
11:48:45.0703 0592 bvrp_pci - ok
11:48:45.0703 0592 catchme - ok
11:48:45.0750 0592 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:48:45.0875 0592 cbidf - ok
11:48:45.0937 0592 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:48:46.0046 0592 cbidf2k - ok
11:48:46.0125 0592 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:48:46.0250 0592 CCDECODE - ok
11:48:46.0343 0592 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:48:46.0375 0592 cd20xrnt - ok
11:48:46.0421 0592 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:48:46.0531 0592 Cdaudio - ok
11:48:46.0625 0592 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:48:46.0734 0592 Cdfs - ok
11:48:46.0859 0592 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:48:46.0968 0592 Cdrom - ok
11:48:47.0000 0592 Changer - ok
11:48:47.0062 0592 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:48:47.0187 0592 CmdIde - ok
11:48:47.0265 0592 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:48:47.0390 0592 Cpqarray - ok
11:48:47.0484 0592 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:48:47.0609 0592 dac2w2k - ok
11:48:47.0671 0592 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:48:47.0796 0592 dac960nt - ok
11:48:47.0875 0592 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:48:47.0984 0592 Disk - ok
11:48:48.0078 0592 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
11:48:48.0093 0592 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
11:48:48.0093 0592 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
11:48:48.0171 0592 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
11:48:48.0171 0592 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
11:48:48.0171 0592 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
11:48:48.0203 0592 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
11:48:48.0218 0592 DLADResN ( UnsignedFile.Multi.Generic ) - warning
11:48:48.0218 0592 DLADResN - detected UnsignedFile.Multi.Generic (1)
11:48:48.0265 0592 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
11:48:48.0281 0592 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
11:48:48.0281 0592 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
11:48:48.0312 0592 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
11:48:48.0312 0592 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
11:48:48.0312 0592 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
11:48:48.0328 0592 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
11:48:48.0343 0592 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
11:48:48.0343 0592 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
11:48:48.0375 0592 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
11:48:48.0390 0592 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
11:48:48.0390 0592 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
11:48:48.0421 0592 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
11:48:48.0421 0592 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
11:48:48.0421 0592 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
11:48:48.0453 0592 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
11:48:48.0453 0592 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
11:48:48.0453 0592 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
11:48:48.0562 0592 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:48:48.0734 0592 dmboot - ok
11:48:48.0828 0592 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:48:48.0921 0592 dmio - ok
11:48:49.0046 0592 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:48:49.0140 0592 dmload - ok
11:48:49.0203 0592 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:48:49.0312 0592 DMusic - ok
11:48:49.0406 0592 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
11:48:49.0500 0592 Dot4Scan - ok
11:48:49.0578 0592 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:48:49.0703 0592 dpti2o - ok
11:48:49.0781 0592 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:48:49.0890 0592 drmkaud - ok
11:48:49.0968 0592 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
11:48:49.0968 0592 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
11:48:49.0968 0592 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
11:48:50.0031 0592 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
11:48:50.0046 0592 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
11:48:50.0046 0592 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
11:48:50.0187 0592 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
11:48:50.0203 0592 DSproct ( UnsignedFile.Multi.Generic ) - warning
11:48:50.0203 0592 DSproct - detected UnsignedFile.Multi.Generic (1)
11:48:50.0250 0592 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:48:50.0375 0592 E100B - ok
11:48:50.0421 0592 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
11:48:50.0468 0592 e1express - ok
11:48:50.0546 0592 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:48:50.0656 0592 Fastfat - ok
11:48:50.0718 0592 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:48:50.0812 0592 Fdc - ok
11:48:50.0906 0592 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:48:51.0031 0592 Fips - ok
11:48:51.0078 0592 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:48:51.0187 0592 Flpydisk - ok
11:48:51.0265 0592 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:48:51.0375 0592 FltMgr - ok
11:48:51.0437 0592 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:48:51.0546 0592 Fs_Rec - ok
11:48:51.0609 0592 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:48:51.0703 0592 Ftdisk - ok
11:48:51.0781 0592 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
11:48:51.0812 0592 GEARAspiWDM - ok
11:48:51.0906 0592 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:48:52.0015 0592 Gpc - ok
11:48:52.0078 0592 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:48:52.0203 0592 HDAudBus - ok
11:48:52.0281 0592 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:48:52.0390 0592 HidUsb - ok
11:48:52.0546 0592 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:48:52.0640 0592 hpn - ok
11:48:52.0718 0592 HPPLSBULK (32fe92018e28df54bf94d41fc7ff92ac) C:\WINDOWS\system32\drivers\hpplsbulk.sys
11:48:52.0781 0592 HPPLSBULK - ok
11:48:52.0828 0592 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:48:52.0921 0592 HPZid412 - ok
11:48:52.0953 0592 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:48:52.0984 0592 HPZipr12 - ok
11:48:53.0015 0592 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:48:53.0062 0592 HPZius12 - ok
11:48:53.0093 0592 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
11:48:53.0156 0592 HSFHWBS2 - ok
11:48:53.0203 0592 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
11:48:53.0265 0592 HSF_DP - ok
11:48:53.0312 0592 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:48:53.0390 0592 HTTP - ok
11:48:53.0437 0592 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:48:53.0546 0592 i2omgmt - ok
11:48:53.0625 0592 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:48:53.0750 0592 i2omp - ok
11:48:53.0828 0592 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:48:53.0937 0592 i8042prt - ok
11:48:54.0000 0592 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iaStor.sys
11:48:54.0031 0592 iaStor - ok
11:48:54.0156 0592 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:48:54.0265 0592 Imapi - ok
11:48:54.0359 0592 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:48:54.0453 0592 ini910u - ok
11:48:54.0531 0592 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:48:54.0656 0592 IntelIde - ok
11:48:54.0734 0592 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:48:54.0859 0592 intelppm - ok
11:48:54.0921 0592 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:48:55.0031 0592 Ip6Fw - ok
11:48:55.0125 0592 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:48:55.0218 0592 IpFilterDriver - ok
11:48:55.0312 0592 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:48:55.0421 0592 IpInIp - ok
11:48:55.0468 0592 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:48:55.0593 0592 IpNat - ok
11:48:55.0656 0592 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:48:55.0750 0592 IPSec - ok
11:48:55.0843 0592 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:48:55.0921 0592 IRENUM - ok
11:48:55.0953 0592 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:48:56.0062 0592 isapnp - ok
11:48:56.0093 0592 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:48:56.0187 0592 Kbdclass - ok
11:48:56.0250 0592 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:48:56.0343 0592 kbdhid - ok
11:48:56.0421 0592 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:48:56.0531 0592 kmixer - ok
11:48:56.0625 0592 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:48:56.0687 0592 KSecDD - ok
11:48:56.0734 0592 lbrtfdc - ok
11:48:56.0796 0592 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
11:48:56.0843 0592 ManyCam - ok
11:48:56.0921 0592 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:48:56.0953 0592 mdmxsdk - ok
11:48:57.0000 0592 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:48:57.0109 0592 mnmdd - ok
11:48:57.0187 0592 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:48:57.0281 0592 Modem - ok
11:48:57.0359 0592 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
11:48:57.0453 0592 MODEMCSA - ok
11:48:57.0546 0592 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:48:57.0656 0592 Mouclass - ok
11:48:57.0765 0592 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:48:57.0859 0592 mouhid - ok
11:48:57.0937 0592 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:48:58.0046 0592 MountMgr - ok
11:48:58.0093 0592 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:48:58.0125 0592 MpFilter - ok
11:48:58.0203 0592 MpKsl348a0138 - ok
11:48:58.0218 0592 MpKsl4a861a9e - ok
11:48:58.0234 0592 MpKsl587ae904 - ok
11:48:58.0234 0592 MpKsl7cd5c4b0 - ok
11:48:58.0234 0592 MpKsl8c05965a - ok
11:48:58.0250 0592 MpKsl995b3c26 - ok
11:48:58.0250 0592 MpKsl9a7cda48 - ok
11:48:58.0250 0592 MpKsla0e20273 - ok
11:48:58.0265 0592 MpKslb4638dd0 - ok
11:48:58.0265 0592 MpKslf837ab25 - ok
11:48:58.0328 0592 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:48:58.0421 0592 mraid35x - ok
11:48:58.0500 0592 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:48:58.0609 0592 MRxDAV - ok
11:48:58.0703 0592 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:48:58.0765 0592 MRxSmb - ok
11:48:58.0812 0592 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:48:58.0921 0592 Msfs - ok
11:48:58.0984 0592 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:48:59.0109 0592 MSKSSRV - ok
11:48:59.0187 0592 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:48:59.0296 0592 MSPCLOCK - ok
11:48:59.0390 0592 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:48:59.0500 0592 MSPQM - ok
11:48:59.0578 0592 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:48:59.0687 0592 mssmbios - ok
11:48:59.0781 0592 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:48:59.0906 0592 MSTEE - ok
11:49:00.0015 0592 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:49:00.0046 0592 Mup - ok
11:49:00.0109 0592 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:49:00.0234 0592 NABTSFEC - ok
11:49:00.0281 0592 NAL (1e59aaed42a5e3a5ed86ec403f9c0776) C:\WINDOWS\system32\Drivers\iqvw32.sys
11:49:00.0296 0592 NAL ( UnsignedFile.Multi.Generic ) - warning
11:49:00.0296 0592 NAL - detected UnsignedFile.Multi.Generic (1)
11:49:00.0343 0592 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:49:00.0468 0592 NDIS - ok
11:49:00.0515 0592 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:49:00.0640 0592 NdisIP - ok
11:49:00.0718 0592 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:49:00.0765 0592 NdisTapi - ok
11:49:00.0812 0592 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:49:00.0921 0592 Ndisuio - ok
11:49:00.0968 0592 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:49:01.0062 0592 NdisWan - ok
11:49:01.0171 0592 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:49:01.0203 0592 NDProxy - ok
11:49:01.0250 0592 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:49:01.0359 0592 NetBIOS - ok
11:49:01.0421 0592 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:49:01.0531 0592 NetBT - ok
11:49:01.0625 0592 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:49:01.0750 0592 NIC1394 - ok
11:49:01.0812 0592 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:49:01.0906 0592 Npfs - ok
11:49:02.0062 0592 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:49:02.0171 0592 Ntfs - ok
11:49:02.0203 0592 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:49:02.0296 0592 Null - ok
11:49:02.0390 0592 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:49:02.0609 0592 nv - ok
11:49:02.0703 0592 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:49:02.0796 0592 NwlnkFlt - ok
11:49:02.0875 0592 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:49:02.0968 0592 NwlnkFwd - ok
11:49:03.0046 0592 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:49:03.0156 0592 ohci1394 - ok
11:49:03.0250 0592 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:49:03.0359 0592 Parport - ok
11:49:03.0421 0592 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:49:03.0515 0592 PartMgr - ok
11:49:03.0593 0592 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:49:03.0718 0592 ParVdm - ok
11:49:03.0796 0592 pavboot (210a628a0d7b3f45257850efbff27538) C:\WINDOWS\system32\drivers\pavboot.sys
11:49:03.0812 0592 pavboot - ok
11:49:03.0859 0592 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:49:03.0953 0592 PCI - ok
11:49:04.0031 0592 PCIDump - ok
11:49:04.0078 0592 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:49:04.0203 0592 PCIIde - ok
11:49:04.0250 0592 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:49:04.0343 0592 Pcmcia - ok
11:49:04.0390 0592 PDCOMP - ok
11:49:04.0421 0592 PDFRAME - ok
11:49:04.0453 0592 PDRELI - ok
11:49:04.0468 0592 PDRFRAME - ok
11:49:04.0531 0592 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:49:04.0640 0592 perc2 - ok
11:49:04.0703 0592 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:49:04.0828 0592 perc2hib - ok
11:49:04.0906 0592 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:49:05.0015 0592 PptpMiniport - ok
11:49:05.0031 0592 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:49:05.0140 0592 PSched - ok
11:49:05.0203 0592 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:49:05.0296 0592 Ptilink - ok
11:49:05.0375 0592 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:49:05.0375 0592 PxHelp20 - ok
11:49:05.0421 0592 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:49:05.0546 0592 ql1080 - ok
11:49:05.0625 0592 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:49:05.0734 0592 Ql10wnt - ok
11:49:05.0812 0592 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:49:05.0921 0592 ql12160 - ok
11:49:05.0984 0592 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:49:06.0078 0592 ql1240 - ok
11:49:06.0156 0592 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:49:06.0250 0592 ql1280 - ok
11:49:06.0312 0592 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:49:06.0406 0592 RasAcd - ok
11:49:06.0531 0592 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:49:06.0640 0592 Rasl2tp - ok
11:49:06.0703 0592 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:49:06.0796 0592 RasPppoe - ok
11:49:06.0859 0592 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:49:06.0953 0592 Raspti - ok
11:49:07.0046 0592 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:49:07.0140 0592 Rdbss - ok
11:49:07.0281 0592 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:49:07.0375 0592 RDPCDD - ok
11:49:07.0453 0592 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:49:07.0578 0592 rdpdr - ok
11:49:07.0671 0592 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:49:07.0703 0592 RDPWD - ok
11:49:07.0765 0592 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:49:07.0875 0592 redbook - ok
11:49:07.0968 0592 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:49:07.0984 0592 SASDIFSV - ok
11:49:08.0015 0592 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
11:49:08.0015 0592 SASENUM - ok
11:49:08.0046 0592 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
11:49:08.0046 0592 SASKUTIL - ok
11:49:08.0187 0592 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:49:08.0265 0592 Secdrv - ok
11:49:08.0343 0592 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:49:08.0468 0592 serenum - ok
11:49:08.0515 0592 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:49:08.0625 0592 Serial - ok
11:49:08.0718 0592 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
11:49:08.0828 0592 Sfloppy - ok
11:49:08.0890 0592 Simbad - ok
11:49:08.0968 0592 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:49:09.0062 0592 sisagp - ok
11:49:09.0140 0592 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:49:09.0234 0592 SLIP - ok
11:49:09.0328 0592 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:49:09.0390 0592 Sparrow - ok
11:49:09.0453 0592 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:49:09.0562 0592 splitter - ok
11:49:09.0671 0592 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
11:49:09.0671 0592 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
11:49:09.0671 0592 sptd ( LockedFile.Multi.Generic ) - warning
11:49:09.0671 0592 sptd - detected LockedFile.Multi.Generic (1)
11:49:09.0703 0592 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:49:09.0765 0592 sr - ok
11:49:09.0859 0592 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:49:09.0906 0592 Srv - ok
11:49:10.0031 0592 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
11:49:10.0140 0592 STHDA - ok
11:49:10.0234 0592 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:49:10.0359 0592 streamip - ok
11:49:10.0406 0592 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:49:10.0515 0592 swenum - ok
11:49:10.0578 0592 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:49:10.0671 0592 swmidi - ok
11:49:10.0796 0592 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:49:10.0906 0592 symc810 - ok
11:49:10.0937 0592 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:49:11.0046 0592 symc8xx - ok
11:49:11.0109 0592 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:49:11.0203 0592 sym_hi - ok
11:49:11.0296 0592 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:49:11.0390 0592 sym_u3 - ok
11:49:11.0453 0592 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:49:11.0562 0592 sysaudio - ok
11:49:11.0656 0592 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:49:11.0703 0592 Tcpip - ok
11:49:11.0796 0592 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:49:11.0906 0592 TDPIPE - ok
11:49:11.0937 0592 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:49:12.0031 0592 TDTCP - ok
11:49:12.0093 0592 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:49:12.0187 0592 TermDD - ok
11:49:12.0281 0592 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:49:12.0375 0592 TosIde - ok
11:49:12.0453 0592 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:49:12.0562 0592 Udfs - ok
11:49:12.0640 0592 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:49:12.0687 0592 ultra - ok
11:49:12.0765 0592 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:49:12.0890 0592 Update - ok
11:49:12.0984 0592 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:49:13.0015 0592 USBAAPL - ok
11:49:13.0078 0592 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:49:13.0187 0592 usbccgp - ok
11:49:13.0250 0592 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:49:13.0343 0592 usbehci - ok
11:49:13.0406 0592 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:49:13.0515 0592 usbhub - ok
11:49:13.0593 0592 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:49:13.0703 0592 usbprint - ok
11:49:13.0781 0592 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:49:13.0875 0592 usbscan - ok
11:49:13.0953 0592 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:49:14.0062 0592 USBSTOR - ok
11:49:14.0109 0592 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:49:14.0203 0592 usbuhci - ok
11:49:14.0296 0592 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
11:49:14.0390 0592 usb_rndisx - ok
11:49:14.0437 0592 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:49:14.0546 0592 VgaSave - ok
11:49:14.0640 0592 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:49:14.0750 0592 viaagp - ok
11:49:14.0828 0592 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:49:14.0937 0592 ViaIde - ok
11:49:15.0000 0592 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:49:15.0093 0592 VolSnap - ok
11:49:15.0218 0592 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:49:15.0328 0592 Wanarp - ok
11:49:15.0390 0592 WDICA - ok
11:49:15.0406 0592 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:49:15.0531 0592 wdmaud - ok
11:49:15.0640 0592 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:49:15.0703 0592 winachsf - ok
11:49:15.0828 0592 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:49:15.0921 0592 WSTCODEC - ok
11:49:16.0000 0592 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:49:16.0015 0592 WudfPf - ok
11:49:16.0156 0592 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:49:16.0171 0592 WudfRd - ok
11:49:16.0203 0592 XDva390 - ok
11:49:16.0250 0592 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0
11:49:16.0281 0592 \Device\Harddisk0\DR0 ( Trojan-Clicker.Win32.Wistler.c ) - infected
11:49:16.0281 0592 \Device\Harddisk0\DR0 - detected Trojan-Clicker.Win32.Wistler.c (0)
11:49:16.0281 0592 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:49:16.0281 0592 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:49:16.0312 0592 Boot (0x1200) (4a8e79d330dc720de4a2c4c0fde5eb96) \Device\Harddisk0\DR0\Partition0
11:49:16.0312 0592 \Device\Harddisk0\DR0\Partition0 - ok
11:49:16.0312 0592 ============================================================
11:49:16.0312 0592 Scan finished
11:49:16.0312 0592 ============================================================
11:49:16.0421 3068 Detected object count: 17
11:49:16.0421 3068 Actual detected object count: 17
11:49:51.0343 3068 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:51.0343 3068 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:49:51.0343 3068 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:51.0343 3068 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:49:51.0343 3068 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:51.0343 3068 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:49:51.0343 3068 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:51.0343 3068 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:49:51.0343 3068 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:51.0343 3068 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:49:51.0343 3068 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:51.0343 3068 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:49:51.0343 3068 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:51.0343 3068 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:49:51.0343 3068 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:51.0343 3068 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:49:51.0343 3068 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:51.0343 3068 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:49:51.0359 3068 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:51.0359 3068 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:49:51.0359 3068 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:51.0359 3068 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:49:51.0359 3068 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:51.0359 3068 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:49:51.0359 3068 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:51.0359 3068 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:49:51.0359 3068 NAL ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:51.0359 3068 NAL ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:49:51.0359 3068 sptd ( LockedFile.Multi.Generic ) - skipped by user
11:49:51.0359 3068 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
11:49:51.0359 3068 \Device\Harddisk0\DR0 ( Trojan-Clicker.Win32.Wistler.c ) - will be cured on reboot
11:49:51.0359 3068 \Device\Harddisk0\DR0 - ok
11:49:51.0359 3068 \Device\Harddisk0\DR0 ( Trojan-Clicker.Win32.Wistler.c ) - User select action: Cure
11:49:51.0359 3068 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:49:51.0375 3068 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
11:49:55.0015 0176 Deinitialize success
  • 0

#13
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Please reboot your computer, and run TDSSKiller again using the instructions previously provided.
  • 0

#14
StupidVirus

StupidVirus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
13:49:06.0593 2560 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54
13:49:07.0250 2560 ============================================================
13:49:07.0250 2560 Current date / time: 2011/10/12 13:49:07.0250
13:49:07.0250 2560 SystemInfo:
13:49:07.0250 2560
13:49:07.0250 2560 OS Version: 5.1.2600 ServicePack: 3.0
13:49:07.0250 2560 Product type: Workstation
13:49:07.0250 2560 ComputerName: RECEPTION
13:49:07.0250 2560 UserName: Christopher Nova
13:49:07.0250 2560 Windows directory: C:\WINDOWS
13:49:07.0250 2560 System windows directory: C:\WINDOWS
13:49:07.0250 2560 Processor architecture: Intel x86
13:49:07.0250 2560 Number of processors: 2
13:49:07.0250 2560 Page size: 0x1000
13:49:07.0250 2560 Boot type: Normal boot
13:49:07.0250 2560 ============================================================
13:49:08.0015 2560 Initialize success
13:49:14.0953 2200 ============================================================
13:49:14.0953 2200 Scan started
13:49:14.0953 2200 Mode: Manual; SigCheck; TDLFS;
13:49:14.0953 2200 ============================================================
13:49:15.0218 2200 Abiosdsk - ok
13:49:15.0265 2200 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:49:17.0406 2200 abp480n5 - ok
13:49:17.0515 2200 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:49:17.0734 2200 ACPI - ok
13:49:17.0843 2200 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:49:17.0937 2200 ACPIEC - ok
13:49:18.0031 2200 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:49:18.0156 2200 adpu160m - ok
13:49:18.0218 2200 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:49:18.0328 2200 aec - ok
13:49:18.0453 2200 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
13:49:18.0468 2200 AegisP ( UnsignedFile.Multi.Generic ) - warning
13:49:18.0468 2200 AegisP - detected UnsignedFile.Multi.Generic (1)
13:49:18.0515 2200 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
13:49:18.0593 2200 AFD - ok
13:49:18.0625 2200 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:49:18.0765 2200 agp440 - ok
13:49:18.0781 2200 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:49:18.0875 2200 agpCPQ - ok
13:49:18.0953 2200 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:49:19.0031 2200 Aha154x - ok
13:49:19.0078 2200 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:49:19.0171 2200 aic78u2 - ok
13:49:19.0296 2200 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:49:19.0421 2200 aic78xx - ok
13:49:19.0437 2200 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:49:19.0531 2200 AliIde - ok
13:49:19.0609 2200 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:49:19.0718 2200 alim1541 - ok
13:49:19.0765 2200 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:49:19.0921 2200 amdagp - ok
13:49:19.0984 2200 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
13:49:20.0031 2200 amsint - ok
13:49:20.0125 2200 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:49:20.0250 2200 Arp1394 - ok
13:49:20.0328 2200 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
13:49:20.0437 2200 asc - ok
13:49:20.0468 2200 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:49:20.0546 2200 asc3350p - ok
13:49:20.0593 2200 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:49:20.0687 2200 asc3550 - ok
13:49:20.0765 2200 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:49:20.0875 2200 AsyncMac - ok
13:49:20.0984 2200 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:49:21.0078 2200 atapi - ok
13:49:21.0140 2200 Atdisk - ok
13:49:21.0234 2200 ati2mtag (f5fc6ac1e7bc776871361d463fc86be2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:49:21.0421 2200 ati2mtag - ok
13:49:21.0500 2200 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:49:21.0609 2200 Atmarpc - ok
13:49:21.0687 2200 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:49:21.0796 2200 audstub - ok
13:49:21.0843 2200 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:49:21.0953 2200 Beep - ok
13:49:22.0015 2200 bvrp_pci - ok
13:49:22.0015 2200 catchme - ok
13:49:22.0078 2200 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:49:22.0187 2200 cbidf - ok
13:49:22.0250 2200 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:49:22.0359 2200 cbidf2k - ok
13:49:22.0406 2200 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:49:22.0531 2200 CCDECODE - ok
13:49:22.0578 2200 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:49:22.0625 2200 cd20xrnt - ok
13:49:22.0687 2200 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:49:22.0796 2200 Cdaudio - ok
13:49:22.0890 2200 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:49:22.0984 2200 Cdfs - ok
13:49:23.0078 2200 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:49:23.0171 2200 Cdrom - ok
13:49:23.0281 2200 Changer - ok
13:49:23.0328 2200 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:49:23.0468 2200 CmdIde - ok
13:49:23.0500 2200 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:49:23.0625 2200 Cpqarray - ok
13:49:23.0703 2200 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:49:23.0828 2200 dac2w2k - ok
13:49:23.0921 2200 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:49:24.0015 2200 dac960nt - ok
13:49:24.0109 2200 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:49:24.0218 2200 Disk - ok
13:49:24.0328 2200 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
13:49:24.0343 2200 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
13:49:24.0343 2200 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
13:49:24.0421 2200 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
13:49:24.0421 2200 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
13:49:24.0421 2200 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
13:49:24.0453 2200 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
13:49:24.0468 2200 DLADResN ( UnsignedFile.Multi.Generic ) - warning
13:49:24.0468 2200 DLADResN - detected UnsignedFile.Multi.Generic (1)
13:49:24.0515 2200 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
13:49:24.0531 2200 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
13:49:24.0531 2200 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
13:49:24.0562 2200 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
13:49:24.0562 2200 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
13:49:24.0562 2200 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
13:49:24.0578 2200 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
13:49:24.0593 2200 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
13:49:24.0593 2200 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
13:49:24.0625 2200 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
13:49:24.0640 2200 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
13:49:24.0640 2200 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
13:49:24.0687 2200 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
13:49:24.0718 2200 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
13:49:24.0718 2200 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
13:49:24.0765 2200 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
13:49:24.0781 2200 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
13:49:24.0781 2200 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
13:49:24.0875 2200 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:49:25.0031 2200 dmboot - ok
13:49:25.0125 2200 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:49:25.0234 2200 dmio - ok
13:49:25.0312 2200 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:49:25.0406 2200 dmload - ok
13:49:25.0515 2200 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:49:25.0656 2200 DMusic - ok
13:49:25.0734 2200 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
13:49:25.0828 2200 Dot4Scan - ok
13:49:25.0921 2200 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:49:26.0031 2200 dpti2o - ok
13:49:26.0125 2200 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:49:26.0250 2200 drmkaud - ok
13:49:26.0390 2200 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
13:49:26.0406 2200 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
13:49:26.0406 2200 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
13:49:26.0437 2200 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
13:49:26.0468 2200 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
13:49:26.0468 2200 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
13:49:26.0593 2200 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
13:49:26.0609 2200 DSproct ( UnsignedFile.Multi.Generic ) - warning
13:49:26.0609 2200 DSproct - detected UnsignedFile.Multi.Generic (1)
13:49:26.0671 2200 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:49:26.0781 2200 E100B - ok
13:49:26.0843 2200 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
13:49:26.0906 2200 e1express - ok
13:49:26.0984 2200 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:49:27.0093 2200 Fastfat - ok
13:49:27.0140 2200 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:49:27.0250 2200 Fdc - ok
13:49:27.0328 2200 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:49:27.0453 2200 Fips - ok
13:49:27.0484 2200 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:49:27.0593 2200 Flpydisk - ok
13:49:27.0640 2200 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:49:27.0750 2200 FltMgr - ok
13:49:27.0828 2200 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:49:27.0937 2200 Fs_Rec - ok
13:49:28.0015 2200 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:49:28.0109 2200 Ftdisk - ok
13:49:28.0203 2200 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
13:49:28.0234 2200 GEARAspiWDM - ok
13:49:28.0250 2200 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:49:28.0375 2200 Gpc - ok
13:49:28.0437 2200 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:49:28.0546 2200 HDAudBus - ok
13:49:28.0593 2200 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:49:28.0718 2200 HidUsb - ok
13:49:28.0765 2200 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
13:49:28.0859 2200 hpn - ok
13:49:28.0937 2200 HPPLSBULK (32fe92018e28df54bf94d41fc7ff92ac) C:\WINDOWS\system32\drivers\hpplsbulk.sys
13:49:29.0000 2200 HPPLSBULK - ok
13:49:29.0046 2200 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:49:29.0171 2200 HPZid412 - ok
13:49:29.0250 2200 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:49:29.0265 2200 HPZipr12 - ok
13:49:29.0312 2200 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:49:29.0359 2200 HPZius12 - ok
13:49:29.0406 2200 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
13:49:29.0500 2200 HSFHWBS2 - ok
13:49:29.0562 2200 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
13:49:29.0671 2200 HSF_DP - ok
13:49:29.0734 2200 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:49:29.0812 2200 HTTP - ok
13:49:29.0875 2200 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:49:29.0968 2200 i2omgmt - ok
13:49:30.0046 2200 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:49:30.0171 2200 i2omp - ok
13:49:30.0234 2200 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:49:30.0343 2200 i8042prt - ok
13:49:30.0437 2200 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iaStor.sys
13:49:30.0468 2200 iaStor - ok
13:49:30.0546 2200 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:49:30.0656 2200 Imapi - ok
13:49:30.0703 2200 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:49:30.0796 2200 ini910u - ok
13:49:30.0859 2200 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:49:30.0984 2200 IntelIde - ok
13:49:31.0046 2200 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:49:31.0156 2200 intelppm - ok
13:49:31.0234 2200 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:49:31.0343 2200 Ip6Fw - ok
13:49:31.0468 2200 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:49:31.0562 2200 IpFilterDriver - ok
13:49:31.0640 2200 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:49:31.0734 2200 IpInIp - ok
13:49:31.0781 2200 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:49:31.0921 2200 IpNat - ok
13:49:32.0000 2200 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:49:32.0109 2200 IPSec - ok
13:49:32.0234 2200 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:49:32.0312 2200 IRENUM - ok
13:49:32.0359 2200 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:49:32.0468 2200 isapnp - ok
13:49:32.0546 2200 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:49:32.0640 2200 Kbdclass - ok
13:49:32.0734 2200 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:49:32.0828 2200 kbdhid - ok
13:49:32.0890 2200 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:49:33.0000 2200 kmixer - ok
13:49:33.0093 2200 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:49:33.0187 2200 KSecDD - ok
13:49:33.0234 2200 lbrtfdc - ok
13:49:33.0312 2200 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
13:49:33.0359 2200 ManyCam - ok
13:49:33.0468 2200 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:49:33.0500 2200 mdmxsdk - ok
13:49:33.0531 2200 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:49:33.0640 2200 mnmdd - ok
13:49:33.0718 2200 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:49:33.0812 2200 Modem - ok
13:49:33.0843 2200 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
13:49:33.0953 2200 MODEMCSA - ok
13:49:34.0031 2200 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:49:34.0140 2200 Mouclass - ok
13:49:34.0234 2200 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:49:34.0328 2200 mouhid - ok
13:49:34.0421 2200 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:49:34.0531 2200 MountMgr - ok
13:49:34.0593 2200 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
13:49:34.0625 2200 MpFilter - ok
13:49:34.0703 2200 MpKsl348a0138 - ok
13:49:34.0703 2200 MpKsl4a861a9e - ok
13:49:34.0718 2200 MpKsl587ae904 - ok
13:49:34.0734 2200 MpKsl7cd5c4b0 - ok
13:49:34.0734 2200 MpKsl8c05965a - ok
13:49:34.0734 2200 MpKsl995b3c26 - ok
13:49:34.0750 2200 MpKsl9a7cda48 - ok
13:49:34.0750 2200 MpKsla0e20273 - ok
13:49:34.0750 2200 MpKslb4638dd0 - ok
13:49:34.0765 2200 MpKslf837ab25 - ok
13:49:34.0828 2200 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:49:34.0921 2200 mraid35x - ok
13:49:34.0984 2200 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:49:35.0093 2200 MRxDAV - ok
13:49:35.0187 2200 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:49:35.0296 2200 MRxSmb - ok
13:49:35.0359 2200 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:49:35.0468 2200 Msfs - ok
13:49:35.0500 2200 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:49:35.0625 2200 MSKSSRV - ok
13:49:35.0703 2200 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:49:35.0812 2200 MSPCLOCK - ok
13:49:35.0890 2200 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:49:36.0015 2200 MSPQM - ok
13:49:36.0093 2200 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:49:36.0203 2200 mssmbios - ok
13:49:36.0281 2200 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:49:36.0390 2200 MSTEE - ok
13:49:36.0484 2200 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:49:36.0531 2200 Mup - ok
13:49:36.0609 2200 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:49:36.0734 2200 NABTSFEC - ok
13:49:36.0828 2200 NAL (1e59aaed42a5e3a5ed86ec403f9c0776) C:\WINDOWS\system32\Drivers\iqvw32.sys
13:49:36.0828 2200 NAL ( UnsignedFile.Multi.Generic ) - warning
13:49:36.0828 2200 NAL - detected UnsignedFile.Multi.Generic (1)
13:49:36.0906 2200 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:49:37.0015 2200 NDIS - ok
13:49:37.0078 2200 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:49:37.0187 2200 NdisIP - ok
13:49:37.0250 2200 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:49:37.0296 2200 NdisTapi - ok
13:49:37.0328 2200 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:49:37.0437 2200 Ndisuio - ok
13:49:37.0468 2200 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:49:37.0578 2200 NdisWan - ok
13:49:37.0625 2200 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:49:37.0656 2200 NDProxy - ok
13:49:37.0703 2200 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:49:37.0796 2200 NetBIOS - ok
13:49:37.0890 2200 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:49:38.0000 2200 NetBT - ok
13:49:38.0078 2200 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:49:38.0187 2200 NIC1394 - ok
13:49:38.0234 2200 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:49:38.0359 2200 Npfs - ok
13:49:38.0406 2200 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:49:38.0531 2200 Ntfs - ok
13:49:38.0625 2200 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:49:38.0718 2200 Null - ok
13:49:38.0859 2200 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:49:39.0078 2200 nv - ok
13:49:39.0218 2200 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:49:39.0312 2200 NwlnkFlt - ok
13:49:39.0375 2200 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:49:39.0484 2200 NwlnkFwd - ok
13:49:39.0562 2200 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:49:39.0687 2200 ohci1394 - ok
13:49:39.0781 2200 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:49:39.0875 2200 Parport - ok
13:49:40.0000 2200 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:49:40.0093 2200 PartMgr - ok
13:49:40.0171 2200 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:49:40.0296 2200 ParVdm - ok
13:49:40.0375 2200 pavboot (210a628a0d7b3f45257850efbff27538) C:\WINDOWS\system32\drivers\pavboot.sys
13:49:40.0390 2200 pavboot - ok
13:49:40.0453 2200 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:49:40.0562 2200 PCI - ok
13:49:40.0609 2200 PCIDump - ok
13:49:40.0671 2200 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:49:40.0781 2200 PCIIde - ok
13:49:40.0875 2200 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:49:40.0984 2200 Pcmcia - ok
13:49:41.0078 2200 PDCOMP - ok
13:49:41.0093 2200 PDFRAME - ok
13:49:41.0109 2200 PDRELI - ok
13:49:41.0125 2200 PDRFRAME - ok
13:49:41.0171 2200 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
13:49:41.0281 2200 perc2 - ok
13:49:41.0343 2200 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:49:41.0468 2200 perc2hib - ok
13:49:41.0515 2200 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:49:41.0609 2200 PptpMiniport - ok
13:49:41.0687 2200 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:49:41.0796 2200 PSched - ok
13:49:41.0843 2200 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:49:41.0937 2200 Ptilink - ok
13:49:42.0015 2200 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:49:42.0015 2200 PxHelp20 - ok
13:49:42.0093 2200 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:49:42.0203 2200 ql1080 - ok
13:49:42.0234 2200 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:49:42.0343 2200 Ql10wnt - ok
13:49:42.0375 2200 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:49:42.0500 2200 ql12160 - ok
13:49:42.0531 2200 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:49:42.0625 2200 ql1240 - ok
13:49:42.0703 2200 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:49:42.0796 2200 ql1280 - ok
13:49:42.0859 2200 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:49:42.0953 2200 RasAcd - ok
13:49:43.0062 2200 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:49:43.0171 2200 Rasl2tp - ok
13:49:43.0234 2200 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:49:43.0328 2200 RasPppoe - ok
13:49:43.0390 2200 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:49:43.0484 2200 Raspti - ok
13:49:43.0562 2200 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:49:43.0671 2200 Rdbss - ok
13:49:43.0812 2200 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:49:43.0906 2200 RDPCDD - ok
13:49:44.0015 2200 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:49:44.0109 2200 rdpdr - ok
13:49:44.0234 2200 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:49:44.0265 2200 RDPWD - ok
13:49:44.0328 2200 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:49:44.0437 2200 redbook - ok
13:49:44.0546 2200 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:49:44.0562 2200 SASDIFSV - ok
13:49:44.0593 2200 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
13:49:44.0593 2200 SASENUM - ok
13:49:44.0625 2200 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
13:49:44.0640 2200 SASKUTIL - ok
13:49:44.0765 2200 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:49:44.0843 2200 Secdrv - ok
13:49:44.0921 2200 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:49:45.0015 2200 serenum - ok
13:49:45.0093 2200 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:49:45.0203 2200 Serial - ok
13:49:45.0296 2200 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
13:49:45.0406 2200 Sfloppy - ok
13:49:45.0468 2200 Simbad - ok
13:49:45.0531 2200 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:49:45.0625 2200 sisagp - ok
13:49:45.0703 2200 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:49:45.0828 2200 SLIP - ok
13:49:45.0921 2200 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:49:45.0984 2200 Sparrow - ok
13:49:46.0015 2200 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:49:46.0125 2200 splitter - ok
13:49:46.0218 2200 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
13:49:46.0218 2200 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
13:49:46.0234 2200 sptd ( LockedFile.Multi.Generic ) - warning
13:49:46.0234 2200 sptd - detected LockedFile.Multi.Generic (1)
13:49:46.0250 2200 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:49:46.0312 2200 sr - ok
13:49:46.0359 2200 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:49:46.0421 2200 Srv - ok
13:49:46.0500 2200 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
13:49:46.0625 2200 STHDA - ok
13:49:46.0703 2200 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:49:46.0828 2200 streamip - ok
13:49:46.0890 2200 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:49:47.0000 2200 swenum - ok
13:49:47.0093 2200 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:49:47.0187 2200 swmidi - ok
13:49:47.0265 2200 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
13:49:47.0359 2200 symc810 - ok
13:49:47.0468 2200 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:49:47.0562 2200 symc8xx - ok
13:49:47.0656 2200 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:49:47.0750 2200 sym_hi - ok
13:49:47.0796 2200 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:49:47.0921 2200 sym_u3 - ok
13:49:47.0984 2200 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:49:48.0093 2200 sysaudio - ok
13:49:48.0187 2200 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:49:48.0250 2200 Tcpip - ok
13:49:48.0343 2200 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:49:48.0468 2200 TDPIPE - ok
13:49:48.0531 2200 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:49:48.0625 2200 TDTCP - ok
13:49:48.0703 2200 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:49:48.0796 2200 TermDD - ok
13:49:48.0921 2200 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
13:49:49.0015 2200 TosIde - ok
13:49:49.0093 2200 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:49:49.0203 2200 Udfs - ok
13:49:49.0281 2200 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
13:49:49.0328 2200 ultra - ok
13:49:49.0406 2200 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:49:49.0531 2200 Update - ok
13:49:49.0609 2200 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:49:49.0671 2200 USBAAPL - ok
13:49:49.0750 2200 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:49:49.0859 2200 usbccgp - ok
13:49:49.0953 2200 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:49:50.0046 2200 usbehci - ok
13:49:50.0140 2200 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:49:50.0250 2200 usbhub - ok
13:49:50.0328 2200 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:49:50.0421 2200 usbprint - ok
13:49:50.0515 2200 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:49:50.0609 2200 usbscan - ok
13:49:50.0718 2200 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:49:50.0828 2200 USBSTOR - ok
13:49:50.0906 2200 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:49:51.0000 2200 usbuhci - ok
13:49:51.0093 2200 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
13:49:51.0187 2200 usb_rndisx - ok
13:49:51.0234 2200 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:49:51.0343 2200 VgaSave - ok
13:49:51.0359 2200 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:49:51.0453 2200 viaagp - ok
13:49:51.0578 2200 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:49:51.0703 2200 ViaIde - ok
13:49:51.0765 2200 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:49:51.0875 2200 VolSnap - ok
13:49:51.0968 2200 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:49:52.0093 2200 Wanarp - ok
13:49:52.0140 2200 WDICA - ok
13:49:52.0187 2200 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:49:52.0281 2200 wdmaud - ok
13:49:52.0406 2200 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
13:49:52.0484 2200 winachsf - ok
13:49:52.0609 2200 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:49:52.0703 2200 WSTCODEC - ok
13:49:52.0812 2200 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:49:52.0828 2200 WudfPf - ok
13:49:52.0890 2200 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:49:52.0906 2200 WudfRd - ok
13:49:52.0921 2200 XDva390 - ok
13:49:52.0953 2200 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
13:49:52.0984 2200 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:49:52.0984 2200 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:49:53.0015 2200 Boot (0x1200) (4a8e79d330dc720de4a2c4c0fde5eb96) \Device\Harddisk0\DR0\Partition0
13:49:53.0015 2200 \Device\Harddisk0\DR0\Partition0 - ok
13:49:53.0015 2200 ============================================================
13:49:53.0015 2200 Scan finished
13:49:53.0015 2200 ============================================================
13:49:53.0156 2956 Detected object count: 16
13:49:53.0156 2956 Actual detected object count: 16
13:55:34.0765 2956 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:34.0765 2956 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:34.0765 2956 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:34.0765 2956 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:34.0765 2956 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:34.0765 2956 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:34.0765 2956 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:34.0765 2956 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:34.0765 2956 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:34.0765 2956 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:34.0765 2956 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:34.0765 2956 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:34.0765 2956 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:34.0765 2956 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:34.0765 2956 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:34.0765 2956 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:34.0765 2956 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:34.0765 2956 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:34.0765 2956 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:34.0765 2956 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:34.0781 2956 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:34.0781 2956 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:34.0781 2956 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:34.0781 2956 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:34.0781 2956 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:34.0781 2956 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:34.0781 2956 NAL ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:34.0781 2956 NAL ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:34.0781 2956 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:55:34.0781 2956 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
13:55:34.0781 2956 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:55:34.0781 2956 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
13:55:41.0156 0644 Deinitialize success
  • 0

#15
StupidVirus

StupidVirus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi, just a quick update on the computer, there seems to be no more google redirect nor Security Guard 2012 on my computer but MBAM and MSE don't seem to be working still.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP