WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93125 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

win32:sirefef-sm[trj] & win32:rootkit-gen[rtk] [Closed]

Started by portboy123 , May 08 2012 09:16 AM

Page 4 of 9
2
3
4
5
6

This topic is locked

134 replies to this topic

#46 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 11 May 2012 - 02:32 PM

Hi, Great Job! I was working up to that but you beat me to it.

Since you are able to get online (even just a little bit) download a new copy of ComboFix. When asked about the Recovery Console be sure to download that and then run a new scan.

Post the log made to your next reply.

Advertisements

Register to Remove

#47 portboy123

Authentic Member

Authentic Member
124 posts

Posted 11 May 2012 - 10:00 PM

hi jeff , sorry it took so long to replt but i have to spend time with the family. any way i ran combofix and it finished on this computer thats messed up , after it finished i had to restart the services in DHCP TO GET BACK ON LINE . combo fix said i had a ROOTKYT,ZERO ACCESSIT HAS INSERTED ITSELF INTO THE TCP/IP STACK hopefully we can figure it out . so here is the combofis ran from the infested desktop. ComboFix 12-05-11.03 - Frank 05/11/2012 23:01:15.4.1 - x86
Running from: c:\documents and settings\Frank\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-12 to 2012-05-12 )))))))))))))))))))))))))))))))
.
.
2012-05-11 19:25 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-05-09 00:42 . 2012-05-09 00:42 -------- d-----w- c:\program files\ERUNT
2012-05-08 23:24 . 2012-05-08 23:26 185 ----a-w- C:\RegExp.bat
2012-05-08 14:56 . 2012-05-08 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-05-08 14:56 . 2012-05-08 14:56 -------- d-----w- c:\documents and settings\Frank\Application Data\SpeedMaxPc
2012-05-08 02:06 . 2012-05-08 02:06 -------- d-----w- c:\documents and settings\Frank\Application Data\DriverCure
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:12 . 2006-02-28 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2006-02-28 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56 . 2010-04-09 00:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 15:17 . 2011-05-16 16:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-06 23:15 . 2011-01-08 17:30 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-01-08 17:30 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-04-16 04:20 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-01-08 17:30 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2011-01-08 17:30 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2011-01-08 17:30 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-01-08 17:30 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2011-01-08 17:30 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2011-01-08 17:30 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2011-01-08 17:30 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 11:01 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2006-02-28 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-09-05 20:27 203776 --sha-w- c:\windows\system32\unrar.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-11_02.36.27 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-12-14 14:22 . 2011-12-14 14:22 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-05-12 01:53 . 2012-05-12 01:53 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-05-12 02:24 . 2012-05-12 02:24 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\f121ccced1aa14badb316d8d9be5154d\UIAutomationProvider.ni.dll
+ 2012-05-12 03:11 . 2012-05-12 03:11 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\27f318fc876d81cd1c448f08c4dd2482\System.Windows.Presentation.ni.dll
+ 2012-05-12 03:08 . 2012-05-12 03:08 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\7aac1fe67890463655aeeb3b8e4f2884\System.Web.DynamicData.Design.ni.dll
+ 2012-05-12 02:54 . 2012-05-12 02:54 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\34c988dea48c291b4e648941207e83fb\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-05-12 02:54 . 2012-05-12 02:54 82944 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\7bb7e51275fa19f8b4894c772bdb1e10\System.AddIn.Contract.ni.dll
+ 2012-05-12 02:14 . 2012-05-12 02:14 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\f0c4a4528f130ef2ff1ae63dd7b39075\PresentationFontCache.ni.exe
+ 2012-05-12 02:11 . 2012-05-12 02:11 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\53931181e5a5e194da82605613cda6af\PresentationCFFRasterizer.ni.dll
+ 2012-05-12 02:54 . 2012-05-12 02:54 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Run#\56d4f3fa7cf0b6b995511c7921b318c3\Microsoft.WSMan.Runtime.ni.dll
+ 2012-05-12 02:53 . 2012-05-12 02:53 21504 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\d6cce654631e66ed23c528dd25e2c6bb\Microsoft.WSMan.Management.resources.ni.dll
+ 2012-05-12 03:04 . 2012-05-12 03:04 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\f2be3ad4cda6853d7959a84cec0414c5\Microsoft.Vsa.ni.dll
+ 2012-05-12 02:51 . 2012-05-12 02:51 38912 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\ff44727c69ac52995902c8d0076b7770\Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2012-05-12 02:51 . 2012-05-12 02:51 45568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\faaae12fe8604c93939645429f9c993c\Microsoft.PowerShell.Commands.Utility.resources.ni.dll
+ 2012-05-12 02:53 . 2012-05-12 02:53 24576 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\d624958f6f36e062d9e739565cdf1acd\Microsoft.PowerShell.GraphicalHost.resources.ni.dll
+ 2012-05-12 02:53 . 2012-05-12 02:53 16896 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\bc7722f128bf6129b88b757dbf32c85c\Microsoft.PowerShell.Security.resources.ni.dll
+ 2012-05-12 02:52 . 2012-05-12 02:52 36352 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\95113b5f39716bb72aea437307be9ede\Microsoft.PowerShell.GPowerShell.resources.ni.dll
+ 2012-05-12 02:52 . 2012-05-12 02:52 67072 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8886acd32b045e6d037e23986e022bf8\Microsoft.PowerShell.Editor.resources.ni.dll
+ 2012-05-12 02:50 . 2012-05-12 02:50 31744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1b4c80b94a56952d72315b51f89c2460\Microsoft.PowerShell.Commands.Management.resources.ni.dll
+ 2012-05-12 02:50 . 2012-05-12 02:50 18432 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1427b15319302a0d41009fc7ba42ff3d\Microsoft.PowerShell.Commands.Diagnostics.resources.ni.dll
+ 2012-05-12 02:49 . 2012-05-12 02:49 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\8fab9cd28bbc860a34feec119512664d\Microsoft.Build.Framework.ni.dll
+ 2012-05-12 02:48 . 2012-05-12 02:48 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\0eac132c7c36f1c100ae23c956b379e7\Microsoft.Build.Framework.ni.dll
+ 2012-05-12 02:49 . 2012-05-12 02:49 91648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Backgroun#\c9c2e468051fdf44b9c7623f7ae190a3\Microsoft.BackgroundIntelligentTransfer.Management.ni.dll
+ 2012-05-12 02:49 . 2012-05-12 02:49 14848 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Backgroun#\43db7f79bd9187b18a2cb33d38275049\Microsoft.BackgroundIntelligentTransfer.Management.resources.ni.dll
+ 2012-05-12 02:48 . 2012-05-12 02:48 14336 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\d66bc03eb7eae89b4dde2d09eda1414f\dfsvc.ni.exe
+ 2012-05-12 02:47 . 2012-05-12 02:47 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
+ 2012-05-12 02:04 . 2012-05-12 02:04 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-04-11 17:06 . 2012-04-11 17:06 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-04-11 17:06 . 2012-04-11 17:06 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-05-12 02:04 . 2012-05-12 02:04 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-05-12 02:07 . 2012-05-12 02:07 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-04-11 17:06 . 2012-04-11 17:06 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-05-12 02:05 . 2012-05-12 02:05 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2012-05-12 02:06 . 2012-05-12 02:06 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-05-12 02:06 . 2012-05-12 02:06 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-05-12 02:06 . 2012-05-12 02:06 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-05-12 02:06 . 2012-05-12 02:06 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-05-12 02:05 . 2012-05-12 02:05 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2012-04-11 17:06 . 2012-04-11 17:06 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-05-12 02:05 . 2012-05-12 02:05 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-04-11 17:06 . 2012-04-11 17:06 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-04-11 17:06 . 2012-04-11 17:06 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-05-12 02:05 . 2012-05-12 02:05 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-05-12 02:05 . 2012-05-12 02:06 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-05-12 02:05 . 2012-05-12 02:05 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-04-11 17:06 . 2012-04-11 17:06 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-05-12 02:05 . 2012-05-12 02:05 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2012-04-11 17:06 . 2012-04-11 17:06 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-05-12 02:05 . 2012-05-12 02:05 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-04-11 17:06 . 2012-04-11 17:06 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-05-12 02:07 . 2012-05-12 02:07 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-04-11 17:07 . 2012-04-11 17:07 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-04-11 17:06 . 2012-04-11 17:06 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-05-12 02:05 . 2012-05-12 02:05 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-04-11 17:06 . 2012-04-11 17:06 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-05-12 02:05 . 2012-05-12 02:05 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-05-12 02:06 . 2012-05-12 02:06 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-05-12 02:06 . 2012-05-12 02:06 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2006-02-28 12:00 . 2012-05-12 02:08 717448 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2012-05-08 14:01 717448 c:\windows\system32\perfh009.dat
+ 2006-02-28 12:00 . 2012-05-12 02:08 159912 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2012-05-08 14:01 159912 c:\windows\system32\perfc009.dat
- 2007-08-29 12:00 . 2012-03-14 13:43 276560 c:\windows\system32\FNTCACHE.DAT
+ 2007-08-29 12:00 . 2012-05-12 02:30 276560 c:\windows\system32\FNTCACHE.DAT
+ 2012-05-11 19:25 . 2008-04-13 19:21 162816 c:\windows\system32\dllcache\netbt.sys
- 2012-05-11 02:33 . 2008-04-14 04:51 162816 c:\windows\system32\dllcache\netbt.sys
+ 2012-04-06 03:52 . 2012-04-06 03:52 131168 c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 389888 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 364816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 989968 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2012-05-11 12:03 . 2012-05-11 12:03 180224 c:\windows\ERDNT\AutoBackup\5-11-2012\Users\00000002\UsrClass.dat
+ 2012-05-11 12:03 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-11-2012\ERDNT.EXE
+ 2012-05-12 02:47 . 2012-05-12 02:47 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\ac4fc3032c19946f9b2729468888206d\WsatConfig.ni.exe
+ 2012-05-12 02:25 . 2012-05-12 02:25 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\6198de2c5b8f7d89404c2ba39d69ae56\WindowsFormsIntegration.ni.dll
+ 2012-05-12 02:24 . 2012-05-12 02:24 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\be27ab5913cec2b292a019c2a13ec701\UIAutomationTypes.ni.dll
+ 2012-05-12 02:24 . 2012-05-12 02:24 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\04e5e2be34a70ee7f4c87550238095a0\UIAutomationClient.ni.dll
+ 2012-05-12 03:14 . 2012-05-12 03:14 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\1c13b08593e99d6f5bef49ae7939c78b\System.Xml.Linq.ni.dll
+ 2012-05-12 03:08 . 2012-05-12 03:08 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\8bffbaa5d5abe40674d0bc124dfe8622\System.Web.Routing.ni.dll
+ 2012-05-12 03:10 . 2012-05-12 03:10 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\6c7765c10516d375e9ddedad2dbab848\System.Web.RegularExpressions.ni.dll
+ 2012-05-12 03:09 . 2012-05-12 03:09 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a7908debe80c209b599529685a159fa0\System.Web.Extensions.Design.ni.dll
+ 2012-05-12 03:09 . 2012-05-12 03:09 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\44ecb9f7be54a2ba46e6102d343e2e7e\System.Web.Entity.ni.dll
+ 2012-05-12 03:09 . 2012-05-12 03:09 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\fee8237aa2daa36e48aec379ee642422\System.Web.Entity.Design.ni.dll
+ 2012-05-12 03:08 . 2012-05-12 03:08 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\40d90d2c1484164b786067320ce778f4\System.Web.DynamicData.ni.dll
+ 2012-05-12 03:08 . 2012-05-12 03:08 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\6b4ce8cf2c3307b75ea7ebe77258bb26\System.Web.Abstractions.ni.dll
+ 2012-05-12 03:05 . 2012-05-12 03:05 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
+ 2012-05-12 03:05 . 2012-05-12 03:05 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll
+ 2012-05-12 02:48 . 2012-05-12 02:48 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll
+ 2012-05-12 03:03 . 2012-05-12 03:03 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a644ec04e18202b60f9d828bc207972b\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-05-12 03:04 . 2012-05-12 03:04 621056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\4a9eb43005a041959ddc5c7e586ab746\System.Net.ni.dll
+ 2012-05-12 03:03 . 2012-05-12 03:03 998400 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
+ 2012-05-12 03:03 . 2012-05-12 03:03 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\3182a049ba953010dec649cf290a9e90\System.Management.Instrumentation.ni.dll
+ 2012-05-12 03:02 . 2012-05-12 03:02 250368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\bccd2ab0737bd7ba5bc8dbb642950616\System.Management.Automation.resources.ni.dll
+ 2012-05-12 02:40 . 2012-05-12 02:40 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\8991f21d4b3676bf6f779110db8d4ac9\System.IO.Log.ni.dll
+ 2012-05-12 02:48 . 2012-05-12 02:48 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\cd9c60a35d4958e94d2e3dd2f778e2e9\System.IdentityModel.Selectors.ni.dll
+ 2012-05-12 03:00 . 2012-05-12 03:00 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.Wrapper.dll
+ 2012-05-12 03:00 . 2012-05-12 03:00 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\88aa4f80c7e5ac25f06f8950e42a1678\System.Drawing.Design.ni.dll
+ 2012-05-12 03:00 . 2012-05-12 03:00 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ca484772955bc4db03b5dcb611c09423\System.DirectoryServices.Protocols.ni.dll
+ 2012-05-12 03:00 . 2012-05-12 03:00 881152 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\8ba5e68dddfd3279a8469d39eded48f3\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-05-12 02:59 . 2012-05-12 02:59 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\a0109fce606a3110a5e7f9a4773f517e\System.Data.Services.Design.ni.dll
+ 2012-05-12 02:59 . 2012-05-12 02:59 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3a68d0441f509ffa6f8f0fb9cfcc5780\System.Data.Services.Client.ni.dll
+ 2012-05-12 02:57 . 2012-05-12 02:57 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\04440b3dd5d822da4973a525ee04b05d\System.Data.Entity.Design.ni.dll
+ 2012-05-12 02:54 . 2012-05-12 02:54 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\7bbb5d9e3b161b4d4b968e590442d3ae\System.Data.DataSetExtensions.ni.dll
+ 2012-05-12 02:48 . 2012-05-12 02:48 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
+ 2012-05-12 03:03 . 2012-05-12 03:03 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\bf7d6af03e1230ccad546a8659245ae9\System.Configuration.Install.ni.dll
+ 2012-05-12 02:54 . 2012-05-12 02:54 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\e107c286a615ff29ec017c969c9783bb\System.AddIn.ni.dll
+ 2012-05-12 02:47 . 2012-05-12 02:47 366080 c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\6762f1ee780fa9c0b4ef66b285c64844\SMSvcHost.ni.exe
+ 2012-05-12 02:47 . 2012-05-12 02:47 256000 c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll
+ 2012-05-12 02:46 . 2012-05-12 02:46 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\47ed5bc9f42ea0054ce9acfde5e640b8\ServiceModelReg.ni.exe
+ 2012-05-12 02:16 . 2012-05-12 02:16 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a4706b850df9a3483f2fc439b6abe616\PresentationFramework.Royale.ni.dll
+ 2012-05-12 02:16 . 2012-05-12 02:16 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
+ 2012-05-12 02:16 . 2012-05-12 02:16 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7416fe825e6e49a87fa8ff60c8971813\PresentationFramework.Classic.ni.dll
+ 2012-05-12 02:16 . 2012-05-12 02:16 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\186c27fbd7b38b5551889274f6fa2ccd\PresentationFramework.Aero.ni.dll
+ 2012-05-12 02:48 . 2012-05-12 02:48 133632 c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\5a121969a115d11b6256eb960c145686\MSBuild.ni.exe
+ 2012-05-12 02:53 . 2012-05-12 02:53 508928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.WSMan.Man#\e0997fbbcc0a3ba8583887b7441fda76\Microsoft.WSMan.Management.ni.dll
+ 2012-05-12 02:46 . 2012-05-12 02:46 386560 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\97c613d3899b320a6765793bdf490272\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-05-12 02:51 . 2012-05-12 02:51 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\e4c3ef7051b472e094685affd3f1b6a3\Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-05-12 02:50 . 2012-05-12 02:50 737792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\e19aae0704acbefe088d30cd3170cdc2\Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-05-12 02:50 . 2012-05-12 02:50 291328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\977d746f8a3923513d4911dbb02554f2\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
+ 2012-05-12 02:53 . 2012-05-12 02:53 729600 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\8268b73874daae8c08abc2542d61b0f1\Microsoft.PowerShell.GraphicalHost.ni.dll
+ 2012-05-12 02:53 . 2012-05-12 02:53 156160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\5150658ac2560ca05c8ab5b0ce467ba1\Microsoft.PowerShell.Security.ni.dll
+ 2012-05-12 02:50 . 2012-05-12 02:50 175104 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\dec22fb7d6b8929a41380e5359741a07\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-05-12 02:50 . 2012-05-12 02:50 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\1009b31c86a1b798fffa9e0127cec29c\Microsoft.Build.Utilities.ni.dll
+ 2012-05-12 02:49 . 2012-05-12 02:49 839680 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\21d88631ef629715d3eecdd08e62e0b8\Microsoft.Build.Engine.ni.dll
+ 2012-05-12 02:49 . 2012-05-12 02:49 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\a0f38c6478cca8297fb160291346c1c9\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-05-12 02:49 . 2012-05-12 02:49 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\bb26dd100d656605c576881a1a823667\CustomMarshalers.ni.dll
+ 2012-05-12 02:46 . 2012-05-12 02:46 410112 c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\9869c02d18825fdd32e64135a3e7246b\ComSvcConfig.ni.exe
+ 2012-05-12 02:47 . 2012-05-12 02:47 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\e414683ec4cff1cac0c77aaefd67144e\AspNetMMCExt.ni.dll
+ 2012-05-12 02:05 . 2012-05-12 02:05 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-04-11 17:06 . 2012-04-11 17:06 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-04-11 17:06 . 2012-04-11 17:06 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-05-12 02:05 . 2012-05-12 02:05 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-05-12 02:05 . 2012-05-12 02:05 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-04-11 17:06 . 2012-04-11 17:06 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-05-12 02:06 . 2012-05-12 02:06 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-05-12 02:06 . 2012-05-12 02:06 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-05-12 02:06 . 2012-05-12 02:06 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-05-12 02:06 . 2012-05-12 02:06 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-05-12 02:06 . 2012-05-12 02:06 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-05-12 02:06 . 2012-05-12 02:06 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-05-12 02:05 . 2012-05-12 02:05 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-04-11 17:06 . 2012-04-11 17:06 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-05-12 02:05 . 2012-05-12 02:05 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-05-12 02:07 . 2012-05-12 02:07 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-05-12 02:07 . 2012-05-12 02:07 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-05-12 02:07 . 2012-05-12 02:07 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-05-12 02:07 . 2012-05-12 02:07 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-05-12 01:51 . 2012-05-12 01:51 532480 c:\windows\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-04-11 17:06 . 2012-04-11 17:06 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-05-12 02:05 . 2012-05-12 02:05 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-04-11 17:06 . 2012-04-11 17:06 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-05-12 02:05 . 2012-05-12 02:05 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-04-11 17:06 . 2012-04-11 17:06 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-05-12 02:05 . 2012-05-12 02:05 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-05-12 02:06 . 2012-05-12 02:06 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-05-12 02:06 . 2012-05-12 02:06 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-05-12 02:06 . 2012-05-12 02:06 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-04-11 17:06 . 2012-04-11 17:06 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-05-12 02:04 . 2012-05-12 02:04 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-05-12 02:06 . 2012-05-12 02:06 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-04-15 13:45 . 2009-04-15 13:45 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-05-12 01:51 . 2012-05-12 01:51 368640 c:\windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-05-12 02:06 . 2012-05-12 02:06 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-05-12 02:06 . 2012-05-12 02:06 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-05-12 02:07 . 2012-05-12 02:07 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2006-02-28 12:00 . 2012-04-11 13:12 1862272 c:\windows\system32\dllcache\win32k.sys
+ 2006-02-28 12:00 . 2012-04-11 13:10 2192640 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2011-10-27 16:17 . 2012-04-11 12:35 2026496 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2004-08-03 22:59 . 2012-04-11 12:35 2069120 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2011-10-27 16:17 . 2012-04-11 13:14 2148352 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2011-03-25 10:15 . 2011-03-25 10:15 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
- 2011-10-26 08:39 . 2011-10-26 08:39 3186688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 5913360 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
- 2011-07-07 09:18 . 2011-07-07 09:18 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2011-12-25 07:50 . 2011-12-25 07:50 4550656 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-04-05 02:38 . 2012-04-05 02:38 3620864 c:\windows\Installer\15c300b.msp
+ 2012-04-29 01:43 . 2012-04-29 01:43 8459264 c:\windows\Installer\15c2ff7.msp
+ 2011-07-07 06:58 . 2011-07-07 06:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OGL.DLL
+ 2012-05-11 12:03 . 2012-05-11 12:03 8265728 c:\windows\ERDNT\AutoBackup\5-11-2012\Users\00000001\ntuser.dat
+ 2011-10-27 16:17 . 2012-04-11 13:10 2192640 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2011-10-27 16:17 . 2012-04-11 12:35 2026496 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2011-10-27 16:17 . 2012-04-11 12:35 2069120 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2011-10-27 16:17 . 2012-04-11 13:14 2148352 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2012-05-12 02:11 . 2012-05-12 02:11 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
+ 2012-05-12 02:24 . 2012-05-12 02:24 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\41a81b97625c113b591ed082c95276e2\UIAutomationClientsideProviders.ni.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 7953408 c:\windows\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
+ 2012-05-12 02:23 . 2012-05-12 02:23 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
+ 2012-05-12 03:14 . 2012-05-12 03:14 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\33fa6a2055bf857bff2e31020279b5e9\System.WorkflowServices.ni.dll
+ 2012-05-12 03:13 . 2012-05-12 03:13 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5eccf6fef6bee8a2f93bc65ff33699bb\System.Workflow.Runtime.ni.dll
+ 2012-05-12 03:13 . 2012-05-12 03:13 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\62bd2e1bf98b04ceca2102c8f54aab9d\System.Workflow.ComponentModel.ni.dll
+ 2012-05-12 03:12 . 2012-05-12 03:12 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\8215548b3d4aabbaa0557ab747700778\System.Workflow.Activities.ni.dll
+ 2012-05-12 03:10 . 2012-05-12 03:10 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3e11aea7d742b5eddbd0b6bd1012f7df\System.Web.Services.ni.dll
+ 2012-05-12 03:10 . 2012-05-12 03:10 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\ff995dde9cd34ff1e8ac7ab55fc92d32\System.Web.Mobile.ni.dll
+ 2012-05-12 03:08 . 2012-05-12 03:08 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\8899d1091e64a4d0b6ae69060197091a\System.Web.Extensions.ni.dll
+ 2012-05-12 02:22 . 2012-05-12 02:22 1917440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\5efb50c91f3c5e49be2079f625d933b7\System.Speech.ni.dll
+ 2012-05-12 03:05 . 2012-05-12 03:05 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\97d635f5c656ae43d94b55e67fc4ab50\System.ServiceModel.Web.ni.dll
+ 2012-05-12 02:40 . 2012-05-12 02:40 2345472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
+ 2012-05-12 02:22 . 2012-05-12 02:22 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\1d6707a5a9da16c1d1b88529837884d6\System.Printing.ni.dll
+ 2012-05-12 03:02 . 2012-05-12 03:02 8365056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.A#\f25092440577f2a71941aa2b2856c2c7\System.Management.Automation.ni.dll
+ 2012-05-12 02:39 . 2012-05-12 02:39 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e09496ddb2bf6f3b69707924f2e6b5ff\System.IdentityModel.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
+ 2012-05-12 02:59 . 2012-05-12 02:59 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b55887436d2cfbe1fb32dd18d554185b\System.DirectoryServices.ni.dll
+ 2012-05-12 02:59 . 2012-05-12 02:59 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\832196527f0497078f085eaf9189265f\System.Deployment.ni.dll
+ 2012-05-12 02:19 . 2012-05-12 02:19 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
+ 2012-05-12 02:48 . 2012-05-12 02:48 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\982b508698278c6ffb3d143bbe1e8bb8\System.Data.SqlXml.ni.dll
+ 2012-05-12 02:59 . 2012-05-12 02:59 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\2de7666b1cd0a1bc363726c9553dc39c\System.Data.Services.ni.dll
+ 2012-05-12 02:20 . 2012-05-12 02:20 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\44a5fc9e7c71b1fe1e2c79b03ecc3bc7\System.Data.Linq.ni.dll
+ 2012-05-12 02:56 . 2012-05-12 02:56 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\772c94f595cd87b7fa187d592ef46fcf\System.Data.Entity.ni.dll
+ 2012-05-12 02:17 . 2012-05-12 02:17 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
+ 2012-05-12 02:16 . 2012-05-12 02:16 2146304 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\2ecefd16184a78f19aaf0f02cc0a7e1f\ReachFramework.ni.dll
+ 2012-05-12 02:16 . 2012-05-12 02:16 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\51204805c71113e0db2103faa064b313\PresentationUI.ni.dll
+ 2012-05-12 02:11 . 2012-05-12 02:11 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\8c509044eea2ab22689ea43926b30108\PresentationBuildTasks.ni.dll
+ 2012-05-12 02:53 . 2012-05-12 02:53 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b49dd780ba8e3501b0adcf108b431e7b\Microsoft.VisualBasic.ni.dll
+ 2012-05-12 02:46 . 2012-05-12 02:46 1093120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\42145ebf75f77cabad442f0801a81c64\Microsoft.Transactions.Bridge.ni.dll
+ 2012-05-12 02:52 . 2012-05-12 02:52 1704448 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\6ef3cb9cb1e78e9dbe83ca39962e45a1\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-05-12 02:51 . 2012-05-12 02:51 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\1f7181b3c8e821962f8d688aa0601af0\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-05-12 02:52 . 2012-05-12 02:52 3722752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\19c7aa1b140e849d78797fd27ca3cb36\Microsoft.PowerShell.Editor.ni.dll
+ 2012-05-12 03:04 . 2012-05-12 03:04 2332160 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\cfe15312373b4668398404b5822bab7d\Microsoft.JScript.ni.dll
+ 2012-05-12 02:50 . 2012-05-12 02:50 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\f3fcd65eca42d13b746cf3f5bd993ee0\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-05-12 02:50 . 2012-05-12 02:50 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\2091903cd9b359e96f05ac2d6d25ef4e\Microsoft.Build.Tasks.ni.dll
+ 2012-05-12 02:48 . 2012-05-12 02:48 1888768 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\5aa63a1cb41e3a5e1e8ed17072e60ec3\Microsoft.Build.Engine.ni.dll
- 2010-06-25 12:15 . 2010-06-25 12:15 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-05-12 01:51 . 2012-05-12 01:51 1249280 c:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-05-12 02:07 . 2012-05-12 02:07 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-05-12 02:06 . 2012-05-12 02:06 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-05-12 02:04 . 2012-05-12 02:05 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-04-11 17:06 . 2012-04-11 17:06 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-04-11 17:06 . 2012-04-11 17:06 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-05-12 02:04 . 2012-05-12 02:04 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-05-12 01:51 . 2012-05-12 01:51 5283840 c:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-05-12 02:04 . 2012-05-12 02:04 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-04-11 17:06 . 2012-04-11 17:06 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-05-12 02:07 . 2012-05-12 02:07 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-05-12 01:51 . 2012-05-12 01:51 4214784 c:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-05-12 02:06 . 2012-05-12 02:06 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-04-11 17:07 . 2012-04-11 17:07 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-01-04 06:25 . 2012-01-04 06:25 17751552 c:\windows\Installer\15c3018.msp
+ 2012-04-06 07:13 . 2012-04-06 07:13 16527872 c:\windows\Installer\15c3003.msp
+ 2012-05-12 02:23 . 2012-05-12 02:23 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll
+ 2012-05-12 03:07 . 2012-05-12 03:07 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll
+ 2012-05-12 02:43 . 2012-05-12 02:43 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
+ 2012-05-12 02:21 . 2012-05-12 02:21 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\a9256d2ad7e4be2bbb4e9b18c3997b84\System.Design.ni.dll
+ 2012-05-12 02:15 . 2012-05-12 02:15 14329856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5b8ff47c1db373a2a4c638ca31988bd2\PresentationFramework.ni.dll
+ 2012-05-12 02:13 . 2012-05-12 02:13 12218368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\4eb3cd1f1d5a83617524a9dfb96a657d\PresentationCore.ni.dll
+ 2012-05-12 02:10 . 2012-05-12 02:10 11492352 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-07-28 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]
.
c:\documents and settings\Frank\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0cleanMFT32 -c C:\Program
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Frank^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Frank^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
2004-12-02 23:23 102400 ----a-w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX6000 Series]
2006-02-13 09:00 131072 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBIA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iIWiper]
2005-09-11 17:24 258048 ----a-w- c:\program files\iISystem Wiper\SystemWiper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 18:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sha-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-07-28 18:19 4841472 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-07-28 18:19 323584 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 03:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-03-31 22:38 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor]
2009-05-08 10:53 174424 ----a-w- c:\program files\Yahoo!\Common\YMailAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2010-04-01 03:34 243000 ----a-w- c:\program files\Yahoo!\Search Protection\YspService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ioloSystemService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/16/2011 12:20 AM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/8/2011 1:30 PM 337880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/8/2011 1:30 PM 20696]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/8/2010 8:40 PM 654408]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 10:26 AM 450848]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/8/2010 8:40 PM 22344]
S3 CA500AI;SPCA500A Still Image Capture, Sunplus Version 1.00;c:\windows\system32\Drivers\BULKUSB.sys --> c:\windows\system32\Drivers\BULKUSB.sys [?]
S3 CA500AV;CaptureView VGA;c:\windows\system32\DRIVERS\CA500AV.SYS --> c:\windows\system32\DRIVERS\CA500AV.SYS [?]
S3 IPN2120;Instant Wireless-B PCI Adapter Driver;c:\windows\system32\drivers\LSIPNDS.sys [7/10/2003 11:09 AM 96256]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2/28/2006 8:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
int15.sys
wwsecsvc
qserver
lpds
unrealircd
stac97
pgpdisk
point32
epson_pm_rpcv2_02
jconfigd
{95808dc4-fa4a-4c74-92fe-5b863f82066b}
retinaengine
appn
stllssvr
philcam8116_xp
k750mdfl
eaglent
elosystemservice
license
db2
pctavsvc
cxavxbar
carboncopyscheduler
mrvw245
oracleorahomeclientcache
clr_optimization_v2.0.50215_32
ami0nt
lkclassads
pctspk
swnc8u51
angel2
sqlagent$pinnaclesys
aslm75
pelmouse
trackcam4
ssrtln
ctsfm2k
wmhidlo
idrivert
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-01-23 01:06]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
mStart Page =
uSearchAssistant =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/CallAssistant/MyAccount/UnProtected/Voice%20Mail/VCAVMUtil.CAB
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-ITBar7Position - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-11 23:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(716)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-05-11 23:27:58
ComboFix-quarantined-files.txt 2012-05-12 03:27
ComboFix2.txt 2012-05-11 02:46
.
Pre-Run: 15,422,197,760 bytes free
Post-Run: 15,330,037,760 bytes free
.
- - End Of File - - C565CD4D634643B7E6C25CDC3A09A1EB

#48 portboy123

Authentic Member

Authentic Member
124 posts

Posted 11 May 2012 - 10:02 PM

ill be on tomorrow thanks good night

#49 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 12 May 2012 - 02:29 PM

Hi, Please boot to Safe Mode and then run ComboFix from there. Post the log that is created.

#50 portboy123

Authentic Member

Authentic Member
124 posts

Posted 12 May 2012 - 05:36 PM

hi jeff i tryed running combofix in safe mode and avast will not shut down, what should i do?i tryed safe mode with networking and regular safe mode same thing. it wont shut down. my firewall did.

#51 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 12 May 2012 - 05:55 PM

Hi, Go ahead and run it anyway past the warning. It shouldn't be a problem.

#52 portboy123

Authentic Member

Authentic Member
124 posts

Posted 12 May 2012 - 05:56 PM

ok will do

#53 portboy123

Authentic Member

Authentic Member
124 posts

Posted 12 May 2012 - 07:54 PM

ok jeff iran it in safe mode here is the log. ComboFix 12-05-11.03 - Frank 05/12/2012 21:11:07.5.1 - x86 NETWORK
Running from: c:\documents and settings\Frank\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Frank\Desktop\Security Center.lnk
.
c:\windows\system32\drivers\netbt.sys was missing
Restored copy from - c:\windows\system32\dllcache\netbt.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-04-13 to 2012-05-13 )))))))))))))))))))))))))))))))
.
.
2012-05-12 23:31 . 2008-04-13 19:21 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2012-05-09 00:42 . 2012-05-09 00:42 -------- d-----w- c:\program files\ERUNT
2012-05-08 23:24 . 2012-05-08 23:26 185 ----a-w- C:\RegExp.bat
2012-05-08 14:56 . 2012-05-08 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMaxPc
2012-05-08 14:56 . 2012-05-08 14:56 -------- d-----w- c:\documents and settings\Frank\Application Data\SpeedMaxPc
2012-05-08 02:06 . 2012-05-08 02:06 -------- d-----w- c:\documents and settings\Frank\Application Data\DriverCure
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:12 . 2006-02-28 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2006-02-28 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56 . 2010-04-09 00:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-24 15:17 . 2011-05-16 16:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-06 23:15 . 2011-01-08 17:30 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-01-08 17:30 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-04-16 04:20 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-01-08 17:30 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2011-01-08 17:30 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2011-01-08 17:30 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-01-08 17:30 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2011-01-08 17:30 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2011-01-08 17:30 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2011-01-08 17:30 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 11:01 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2006-02-28 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2006-02-28 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-09-05 20:27 203776 --sha-w- c:\windows\system32\unrar.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-12_03.20.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-05-12 01:53 . 2012-05-12 01:53 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-05-12 13:22 . 2012-05-12 13:22 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-05-12 13:24 . 2012-05-12 13:24 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\316e223f2ab8c69cd6a5a06de21650ec\System.Windows.Presentation.ni.dll
+ 2012-04-06 03:13 . 2012-04-06 03:13 299080 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2011-12-22 20:50 . 2011-12-22 20:50 256000 c:\windows\Installer\219a5bc.msp
+ 2012-05-12 13:30 . 2012-05-12 13:30 180224 c:\windows\ERDNT\AutoBackup\5-12-2012\Users\00000002\UsrClass.dat
+ 2012-05-12 13:30 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-12-2012\ERDNT.EXE
+ 2012-05-12 13:23 . 2012-05-12 13:23 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\931a2bece4668863db4f852401c828cf\System.AddIn.ni.dll
- 2009-04-15 13:48 . 2009-04-15 13:48 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-05-12 13:17 . 2012-05-12 13:17 163840 c:\windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-05-11 19:57 . 2012-02-09 15:43 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
+ 2012-04-05 02:38 . 2012-04-05 02:38 2831360 c:\windows\Installer\219a5cb.msp
+ 2011-08-17 13:49 . 2011-08-17 13:49 4683624 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\WRD12CNV.DLL
+ 2012-05-12 13:30 . 2012-05-12 13:30 8318976 c:\windows\ERDNT\AutoBackup\5-12-2012\Users\00000001\ntuser.dat
+ 2007-08-29 17:57 . 2012-05-12 13:12 55656824 c:\windows\system32\MRT.exe
+ 2012-04-06 06:12 . 2012-04-06 06:12 15709696 c:\windows\Installer\219a5c3.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-07-28 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]
.
c:\documents and settings\Frank\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0cleanMFT32 -c C:\Program
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Frank^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Frank^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
2004-12-02 23:23 102400 ----a-w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX6000 Series]
2006-02-13 09:00 131072 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBIA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iIWiper]
2005-09-11 17:24 258048 ----a-w- c:\program files\iISystem Wiper\SystemWiper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 18:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sha-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-07-28 18:19 4841472 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-07-28 18:19 323584 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 03:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-03-31 22:38 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor]
2009-05-08 10:53 174424 ----a-w- c:\program files\Yahoo!\Common\YMailAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2010-04-01 03:34 243000 ----a-w- c:\program files\Yahoo!\Search Protection\YspService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ioloSystemService"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/16/2011 12:20 AM 612184]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/8/2011 1:30 PM 337880]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/8/2011 1:30 PM 20696]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/8/2010 8:40 PM 654408]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 10:26 AM 450848]
S3 CA500AI;SPCA500A Still Image Capture, Sunplus Version 1.00;c:\windows\system32\Drivers\BULKUSB.sys --> c:\windows\system32\Drivers\BULKUSB.sys [?]
S3 CA500AV;CaptureView VGA;c:\windows\system32\DRIVERS\CA500AV.SYS --> c:\windows\system32\DRIVERS\CA500AV.SYS [?]
S3 IPN2120;Instant Wireless-B PCI Adapter Driver;c:\windows\system32\drivers\LSIPNDS.sys [7/10/2003 11:09 AM 96256]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/8/2010 8:40 PM 22344]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2/28/2006 8:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
int15.sys
wwsecsvc
qserver
lpds
unrealircd
stac97
pgpdisk
point32
epson_pm_rpcv2_02
jconfigd
{95808dc4-fa4a-4c74-92fe-5b863f82066b}
retinaengine
appn
stllssvr
philcam8116_xp
k750mdfl
eaglent
elosystemservice
license
db2
pctavsvc
cxavxbar
carboncopyscheduler
mrvw245
oracleorahomeclientcache
clr_optimization_v2.0.50215_32
ami0nt
lkclassads
pctspk
swnc8u51
angel2
sqlagent$pinnaclesys
aslm75
pelmouse
trackcam4
ssrtln
ctsfm2k
wmhidlo
idrivert
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-01-23 01:06]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
mStart Page =
uSearchAssistant =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/CallAssistant/MyAccount/UnProtected/Voice%20Mail/VCAVMUtil.CAB
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-ITBar7Position - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-12 21:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(568)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(252)
c:\windows\system32\WININET.dll
.
Completion time: 2012-05-12 21:32:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-13 01:32
ComboFix2.txt 2012-05-12 03:28
ComboFix3.txt 2012-05-11 02:46
.
Pre-Run: 15,560,282,112 bytes free
Post-Run: 15,586,488,320 bytes free
.
- - End Of File - - 334C00C4DF1539ED90942AB69B3B37ED

#54 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 12 May 2012 - 08:10 PM

Hi, Did you receive the same message about ZeroAccess being inserted into the TCP/IP stack this time?

#55 portboy123

Authentic Member

Authentic Member
124 posts

Posted 13 May 2012 - 08:03 AM

yes it did give the message zero access has inserted itself into the tcp/ip stack

Edited by portboy123, 13 May 2012 - 08:39 AM.

Advertisements

Register to Remove

#56 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 13 May 2012 - 09:42 AM

Hi,

Please download TDSSKiller.zip

Extract it to your desktop
Double click TDSSKiller.exe
when the window opens, click on Change Parameters
under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
click OK
Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)

#57 portboy123

Authentic Member

Authentic Member
124 posts

Posted 13 May 2012 - 10:07 AM

ok here is the tdsskiller log 12:01:43.0056 2988 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 12:01:43.0116 2988 ============================================================ 12:01:43.0116 2988 Current date / time: 2012/05/13 12:01:43.0116 12:01:43.0116 2988 SystemInfo: 12:01:43.0126 2988 12:01:43.0126 2988 OS Version: 5.1.2600 ServicePack: 3.0 12:01:43.0126 2988 Product type: Workstation 12:01:43.0126 2988 ComputerName: FRANK-SONY 12:01:43.0126 2988 UserName: Frank 12:01:43.0126 2988 Windows directory: C:\WINDOWS 12:01:43.0126 2988 System windows directory: C:\WINDOWS 12:01:43.0126 2988 Processor architecture: Intel x86 12:01:43.0126 2988 Number of processors: 1 12:01:43.0126 2988 Page size: 0x1000 12:01:43.0126 2988 Boot type: Normal boot 12:01:43.0126 2988 ============================================================ 12:01:45.0039 2988 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 12:01:45.0059 2988 Drive \Device\Harddisk1\DR2 - Size: 0x77700000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 12:01:45.0119 2988 ============================================================ 12:01:45.0129 2988 \Device\Harddisk0\DR0: 12:01:45.0129 2988 MBR partitions: 12:01:45.0129 2988 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1 12:01:45.0129 2988 \Device\Harddisk1\DR2: 12:01:45.0129 2988 MBR partitions: 12:01:45.0129 2988 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xE, StartLBA 0x3F, BlocksNum 0x3BB7C1 12:01:45.0129 2988 ============================================================ 12:01:45.0169 2988 C: <-> \Device\Harddisk0\DR0\Partition0 12:01:45.0169 2988 ============================================================ 12:01:45.0169 2988 Initialize success 12:01:45.0169 2988 ============================================================ 12:01:51.0388 3368 ============================================================ 12:01:51.0408 3368 Scan started 12:01:51.0408 3368 Mode: Manual; TDLFS; 12:01:51.0408 3368 ============================================================ 12:01:51.0939 3368 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE 12:01:51.0949 3368 !SASCORE - ok 12:01:52.0129 3368 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys 12:01:52.0129 3368 Aavmker4 - ok 12:01:52.0149 3368 Abiosdsk - ok 12:01:52.0169 3368 abp480n5 - ok 12:01:52.0219 3368 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys 12:01:52.0229 3368 ac97intc - ok 12:01:52.0319 3368 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 12:01:52.0339 3368 ACPI - ok 12:01:52.0390 3368 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 12:01:52.0390 3368 ACPIEC - ok 12:01:52.0410 3368 adpu160m - ok 12:01:52.0490 3368 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 12:01:52.0510 3368 aec - ok 12:01:52.0600 3368 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 12:01:52.0610 3368 AFD - ok 12:01:52.0700 3368 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 12:01:52.0710 3368 agp440 - ok 12:01:52.0710 3368 Aha154x - ok 12:01:52.0740 3368 aic78u2 - ok 12:01:52.0750 3368 aic78xx - ok 12:01:52.0800 3368 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 12:01:52.0810 3368 Alerter - ok 12:01:52.0850 3368 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 12:01:52.0850 3368 ALG - ok 12:01:52.0870 3368 AliIde - ok 12:01:52.0880 3368 amsint - ok 12:01:52.0900 3368 AppMgmt - ok 12:01:52.0930 3368 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 12:01:52.0930 3368 Arp1394 - ok 12:01:52.0940 3368 asc - ok 12:01:52.0960 3368 asc3350p - ok 12:01:52.0970 3368 asc3550 - ok 12:01:53.0151 3368 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 12:01:53.0261 3368 aspnet_state - ok 12:01:53.0321 3368 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys 12:01:53.0321 3368 aswFsBlk - ok 12:01:53.0381 3368 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys 12:01:53.0401 3368 aswMon2 - ok 12:01:53.0461 3368 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys 12:01:53.0461 3368 aswRdr - ok 12:01:53.0571 3368 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys 12:01:53.0591 3368 aswSnx - ok 12:01:53.0671 3368 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys 12:01:53.0701 3368 aswSP - ok 12:01:53.0762 3368 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys 12:01:53.0772 3368 aswTdi - ok 12:01:53.0812 3368 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 12:01:53.0812 3368 AsyncMac - ok 12:01:53.0842 3368 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 12:01:53.0842 3368 atapi - ok 12:01:53.0862 3368 Atdisk - ok 12:01:53.0902 3368 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 12:01:53.0902 3368 Atmarpc - ok 12:01:54.0012 3368 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 12:01:54.0012 3368 AudioSrv - ok 12:01:54.0092 3368 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 12:01:54.0092 3368 audstub - ok 12:01:54.0262 3368 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 12:01:54.0262 3368 avast! Antivirus - ok 12:01:54.0352 3368 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 12:01:54.0352 3368 Beep - ok 12:01:54.0422 3368 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 12:01:54.0533 3368 BITS - ok 12:01:54.0623 3368 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 12:01:54.0623 3368 Browser - ok 12:01:54.0643 3368 CA500AI - ok 12:01:54.0663 3368 CA500AV - ok 12:01:54.0673 3368 catchme - ok 12:01:54.0723 3368 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 12:01:54.0723 3368 cbidf2k - ok 12:01:54.0763 3368 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 12:01:54.0773 3368 CCDECODE - ok 12:01:54.0783 3368 cd20xrnt - ok 12:01:54.0833 3368 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 12:01:54.0833 3368 Cdaudio - ok 12:01:54.0863 3368 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 12:01:54.0863 3368 Cdfs - ok 12:01:54.0903 3368 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 12:01:54.0913 3368 Cdrom - ok 12:01:54.0923 3368 Changer - ok 12:01:54.0973 3368 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 12:01:54.0973 3368 CiSvc - ok 12:01:55.0023 3368 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 12:01:55.0043 3368 ClipSrv - ok 12:01:55.0204 3368 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:01:55.0374 3368 clr_optimization_v2.0.50727_32 - ok 12:01:55.0384 3368 CmdIde - ok 12:01:55.0404 3368 COMSysApp - ok 12:01:55.0424 3368 Cpqarray - ok 12:01:55.0474 3368 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.EXE 12:01:55.0484 3368 Creative Service for CDROM Access - ok 12:01:55.0554 3368 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 12:01:55.0564 3368 CryptSvc - ok 12:01:55.0574 3368 ctsfm2k - ok 12:01:55.0594 3368 dac2w2k - ok 12:01:55.0604 3368 dac960nt - ok 12:01:55.0624 3368 db2 - ok 12:01:55.0694 3368 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll 12:01:55.0724 3368 DcomLaunch - ok 12:01:55.0784 3368 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll 12:01:55.0804 3368 Dhcp - ok 12:01:55.0824 3368 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 12:01:55.0824 3368 Disk - ok 12:01:55.0834 3368 dmadmin - ok 12:01:55.0935 3368 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 12:01:55.0965 3368 dmboot - ok 12:01:55.0995 3368 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 12:01:56.0005 3368 dmio - ok 12:01:56.0055 3368 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 12:01:56.0065 3368 dmload - ok 12:01:56.0115 3368 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 12:01:56.0155 3368 dmserver - ok 12:01:56.0195 3368 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 12:01:56.0195 3368 DMusic - ok 12:01:56.0255 3368 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll 12:01:56.0255 3368 Dnscache - ok 12:01:56.0315 3368 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll 12:01:56.0325 3368 Dot3svc - ok 12:01:56.0335 3368 dpti2o - ok 12:01:56.0385 3368 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 12:01:56.0395 3368 drmkaud - ok 12:01:56.0445 3368 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 12:01:56.0475 3368 EapHost - ok 12:01:56.0546 3368 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 12:01:56.0556 3368 ERSvc - ok 12:01:56.0616 3368 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 12:01:56.0656 3368 Eventlog - ok 12:01:56.0726 3368 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll 12:01:56.0746 3368 EventSystem - ok 12:01:56.0776 3368 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 12:01:56.0786 3368 Fastfat - ok 12:01:56.0826 3368 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 12:01:56.0856 3368 FastUserSwitchingCompatibility - ok 12:01:56.0906 3368 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 12:01:56.0926 3368 Fdc - ok 12:01:56.0986 3368 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys 12:01:57.0016 3368 FilterService - ok 12:01:57.0056 3368 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 12:01:57.0056 3368 Fips - ok 12:01:57.0076 3368 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 12:01:57.0076 3368 Flpydisk - ok 12:01:57.0136 3368 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 12:01:57.0146 3368 FltMgr - ok 12:01:57.0357 3368 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 12:01:57.0357 3368 FontCache3.0.0.0 - ok 12:01:57.0437 3368 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 12:01:57.0437 3368 Fs_Rec - ok 12:01:57.0517 3368 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 12:01:57.0567 3368 Ftdisk - ok 12:01:57.0617 3368 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 12:01:57.0617 3368 gameenum - ok 12:01:57.0667 3368 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 12:01:57.0677 3368 Gpc - ok 12:01:57.0837 3368 gusvc (1bf044e23206fddc16891a32922d571b) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 12:01:57.0887 3368 gusvc - ok 12:01:57.0978 3368 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 12:01:57.0978 3368 helpsvc - ok 12:01:57.0998 3368 HidServ - ok 12:01:58.0058 3368 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 12:01:58.0088 3368 hkmsvc - ok 12:01:58.0098 3368 hpn - ok 12:01:58.0168 3368 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 12:01:58.0178 3368 HTTP - ok 12:01:58.0228 3368 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 12:01:58.0298 3368 HTTPFilter - ok 12:01:58.0318 3368 i2omgmt - ok 12:01:58.0328 3368 i2omp - ok 12:01:58.0378 3368 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 12:01:58.0388 3368 i8042prt - ok 12:01:58.0488 3368 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 12:01:58.0548 3368 idsvc - ok 12:01:58.0598 3368 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 12:01:58.0598 3368 Imapi - ok 12:01:58.0699 3368 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 12:01:58.0709 3368 ImapiService - ok 12:01:58.0729 3368 ini910u - ok 12:01:58.0749 3368 int15.sys - ok 12:01:58.0799 3368 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 12:01:58.0809 3368 IntelIde - ok 12:01:58.0849 3368 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 12:01:58.0849 3368 Ip6Fw - ok 12:01:58.0919 3368 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 12:01:58.0949 3368 IpFilterDriver - ok 12:01:58.0969 3368 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 12:01:58.0969 3368 IpInIp - ok 12:01:59.0029 3368 IPN2120 (1dd7142cb14892c45d7c725a3d84b16b) C:\WINDOWS\system32\DRIVERS\LSIPNDS.sys 12:01:59.0049 3368 IPN2120 - ok 12:01:59.0069 3368 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 12:01:59.0089 3368 IpNat - ok 12:01:59.0109 3368 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 12:01:59.0109 3368 IPSec - ok 12:01:59.0169 3368 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 12:01:59.0179 3368 IRENUM - ok 12:01:59.0209 3368 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 12:01:59.0219 3368 isapnp - ok 12:01:59.0229 3368 ivusb - ok 12:01:59.0430 3368 JavaQuickStarterService (74e30a41cdcf331c74bc4d97be40cc5b) C:\Program Files\Java\jre6\bin\jqs.exe 12:01:59.0450 3368 JavaQuickStarterService - ok 12:01:59.0520 3368 Jukebox3 (6c24d3878f44c271d94ea6cab1acd739) C:\WINDOWS\system32\DRIVERS\ctpdusb.sys 12:01:59.0530 3368 Jukebox3 - ok 12:01:59.0540 3368 k750mdfl - ok 12:01:59.0580 3368 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 12:01:59.0580 3368 Kbdclass - ok 12:01:59.0650 3368 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 12:01:59.0650 3368 kmixer - ok 12:01:59.0710 3368 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 12:01:59.0710 3368 KSecDD - ok 12:01:59.0780 3368 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll 12:01:59.0820 3368 lanmanserver - ok 12:01:59.0870 3368 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll 12:01:59.0950 3368 lanmanworkstation - ok 12:01:59.0970 3368 lbrtfdc - ok 12:02:00.0031 3368 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 12:02:00.0051 3368 LmHosts - ok 12:02:00.0131 3368 ltmodem5 (fbbb02cdbbd8aeebcf63aa817aad3acb) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys 12:02:00.0151 3368 ltmodem5 - ok 12:02:00.0221 3368 lvpopflt (9fb982de1c8dd769f8ed681dd878b12f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys 12:02:00.0271 3368 lvpopflt - ok 12:02:00.0331 3368 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys 12:02:00.0341 3368 LVPr2Mon - ok 12:02:00.0511 3368 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe 12:02:00.0521 3368 LVPrcSrv - ok 12:02:00.0611 3368 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\WINDOWS\system32\DRIVERS\lvrs.sys 12:02:00.0631 3368 LVRS - ok 12:02:00.0902 3368 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\WINDOWS\system32\DRIVERS\lvuvc.sys 12:02:01.0072 3368 LVUVC - ok 12:02:01.0222 3368 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys 12:02:01.0232 3368 MBAMProtector - ok 12:02:01.0433 3368 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 12:02:01.0463 3368 MBAMService - ok 12:02:01.0503 3368 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 12:02:01.0523 3368 Messenger - ok 12:02:01.0573 3368 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 12:02:01.0573 3368 mnmdd - ok 12:02:01.0623 3368 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe 12:02:01.0643 3368 mnmsrvc - ok 12:02:01.0703 3368 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 12:02:01.0703 3368 Modem - ok 12:02:01.0723 3368 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 12:02:01.0733 3368 Mouclass - ok 12:02:01.0753 3368 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 12:02:01.0763 3368 MountMgr - ok 12:02:01.0773 3368 mraid35x - ok 12:02:01.0833 3368 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 12:02:01.0853 3368 MRxDAV - ok 12:02:01.0933 3368 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 12:02:01.0953 3368 MRxSmb - ok 12:02:01.0993 3368 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 12:02:02.0013 3368 MSDTC - ok 12:02:02.0073 3368 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 12:02:02.0083 3368 Msfs - ok 12:02:02.0093 3368 MSIServer - ok 12:02:02.0114 3368 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 12:02:02.0114 3368 MSKSSRV - ok 12:02:02.0154 3368 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 12:02:02.0154 3368 MSPCLOCK - ok 12:02:02.0204 3368 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 12:02:02.0204 3368 MSPQM - ok 12:02:02.0274 3368 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 12:02:02.0284 3368 mssmbios - ok 12:02:02.0304 3368 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 12:02:02.0314 3368 MSTEE - ok 12:02:02.0364 3368 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys 12:02:02.0374 3368 ms_mpu401 - ok 12:02:02.0434 3368 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 12:02:02.0434 3368 Mup - ok 12:02:02.0464 3368 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 12:02:02.0484 3368 NABTSFEC - ok 12:02:02.0534 3368 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 12:02:02.0574 3368 napagent - ok 12:02:02.0634 3368 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 12:02:02.0644 3368 NDIS - ok 12:02:02.0674 3368 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 12:02:02.0684 3368 NdisIP - ok 12:02:02.0734 3368 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12:02:02.0744 3368 NdisTapi - ok 12:02:02.0764 3368 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 12:02:02.0774 3368 Ndisuio - ok 12:02:02.0825 3368 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 12:02:02.0845 3368 NdisWan - ok 12:02:02.0895 3368 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 12:02:02.0895 3368 NDProxy - ok 12:02:02.0925 3368 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 12:02:02.0935 3368 NetBIOS - ok 12:02:02.0945 3368 NetBT - ok 12:02:03.0005 3368 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 12:02:03.0025 3368 NetDDE - ok 12:02:03.0035 3368 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 12:02:03.0055 3368 NetDDEdsdm - ok 12:02:03.0105 3368 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 12:02:03.0115 3368 Netlogon - ok 12:02:03.0175 3368 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 12:02:03.0205 3368 Netman - ok 12:02:03.0385 3368 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 12:02:03.0405 3368 NetTcpPortSharing - ok 12:02:03.0455 3368 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 12:02:03.0465 3368 NIC1394 - ok 12:02:03.0516 3368 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll 12:02:03.0536 3368 Nla - ok 12:02:03.0576 3368 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 12:02:03.0576 3368 Npfs - ok 12:02:03.0626 3368 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 12:02:03.0696 3368 Ntfs - ok 12:02:03.0716 3368 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 12:02:03.0726 3368 NtLmSsp - ok 12:02:03.0806 3368 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 12:02:03.0836 3368 NtmsSvc - ok 12:02:03.0896 3368 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 12:02:03.0896 3368 Null - ok 12:02:04.0026 3368 nv (1685a86ce8dc5a70d307dca625fb50e7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 12:02:04.0086 3368 nv - ok 12:02:04.0116 3368 NVSvc (697a09635e30d3722e1124ec33face15) C:\WINDOWS\system32\nvsvc32.exe 12:02:04.0136 3368 NVSvc - ok 12:02:04.0207 3368 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 12:02:04.0217 3368 NwlnkFlt - ok 12:02:04.0287 3368 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 12:02:04.0327 3368 NwlnkFwd - ok 12:02:04.0367 3368 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 12:02:04.0377 3368 ohci1394 - ok 12:02:04.0407 3368 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 12:02:04.0407 3368 Parport - ok 12:02:04.0467 3368 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 12:02:04.0497 3368 PartMgr - ok 12:02:04.0577 3368 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 12:02:04.0577 3368 ParVdm - ok 12:02:04.0607 3368 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 12:02:04.0617 3368 PCI - ok 12:02:04.0627 3368 PCIDump - ok 12:02:04.0647 3368 PCIIde - ok 12:02:04.0677 3368 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 12:02:04.0687 3368 Pcmcia - ok 12:02:04.0717 3368 pctavsvc - ok 12:02:04.0727 3368 pctplsg - ok 12:02:04.0747 3368 PDCOMP - ok 12:02:04.0757 3368 PDFRAME - ok 12:02:04.0777 3368 PDRELI - ok 12:02:04.0797 3368 PDRFRAME - ok 12:02:04.0807 3368 perc2 - ok 12:02:04.0827 3368 perc2hib - ok 12:02:04.0908 3368 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe 12:02:04.0928 3368 PlugPlay - ok 12:02:04.0968 3368 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 12:02:04.0988 3368 PolicyAgent - ok 12:02:05.0048 3368 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 12:02:05.0058 3368 PptpMiniport - ok 12:02:05.0078 3368 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 12:02:05.0078 3368 Processor - ok 12:02:05.0098 3368 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 12:02:05.0108 3368 ProtectedStorage - ok 12:02:05.0138 3368 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 12:02:05.0158 3368 PSched - ok 12:02:05.0188 3368 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 12:02:05.0208 3368 Ptilink - ok 12:02:05.0278 3368 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 12:02:05.0288 3368 PxHelp20 - ok 12:02:05.0308 3368 ql1080 - ok 12:02:05.0318 3368 Ql10wnt - ok 12:02:05.0338 3368 ql12160 - ok 12:02:05.0348 3368 ql1240 - ok 12:02:05.0368 3368 ql1280 - ok 12:02:05.0388 3368 qserver - ok 12:02:05.0448 3368 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 12:02:05.0458 3368 RasAcd - ok 12:02:05.0498 3368 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 12:02:05.0548 3368 RasAuto - ok 12:02:05.0589 3368 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 12:02:05.0609 3368 Rasl2tp - ok 12:02:05.0669 3368 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 12:02:05.0689 3368 RasMan - ok 12:02:05.0719 3368 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 12:02:05.0729 3368 RasPppoe - ok 12:02:05.0749 3368 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 12:02:05.0749 3368 Raspti - ok 12:02:05.0779 3368 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 12:02:05.0799 3368 Rdbss - ok 12:02:05.0829 3368 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 12:02:05.0829 3368 RDPCDD - ok 12:02:05.0909 3368 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys 12:02:05.0919 3368 RDPWD - ok 12:02:05.0979 3368 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 12:02:06.0029 3368 RDSessMgr - ok 12:02:06.0069 3368 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 12:02:06.0079 3368 redbook - ok 12:02:06.0139 3368 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 12:02:06.0149 3368 RemoteAccess - ok 12:02:06.0219 3368 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 12:02:06.0219 3368 ROOTMODEM - ok 12:02:06.0270 3368 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 12:02:06.0280 3368 RpcLocator - ok 12:02:06.0370 3368 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll 12:02:06.0390 3368 RpcSs - ok 12:02:06.0460 3368 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 12:02:06.0540 3368 RSVP - ok 12:02:06.0610 3368 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 12:02:06.0630 3368 RTL8023xp - ok 12:02:06.0640 3368 rtl8139 - ok 12:02:06.0690 3368 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 12:02:06.0710 3368 SamSs - ok 12:02:06.0870 3368 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 12:02:06.0870 3368 SASDIFSV - ok 12:02:06.0890 3368 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 12:02:06.0890 3368 SASKUTIL - ok 12:02:06.0920 3368 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 12:02:06.0950 3368 SCardSvr - ok 12:02:07.0011 3368 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 12:02:07.0041 3368 Schedule - ok 12:02:07.0101 3368 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 12:02:07.0111 3368 Secdrv - ok 12:02:07.0151 3368 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 12:02:07.0171 3368 seclogon - ok 12:02:07.0221 3368 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll 12:02:07.0241 3368 SENS - ok 12:02:07.0261 3368 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 12:02:07.0271 3368 serenum - ok 12:02:07.0311 3368 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 12:02:07.0311 3368 Serial - ok 12:02:07.0391 3368 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 12:02:07.0391 3368 Sfloppy - ok 12:02:07.0461 3368 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll 12:02:07.0481 3368 SharedAccess - ok 12:02:07.0571 3368 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 12:02:07.0591 3368 ShellHWDetection - ok 12:02:07.0611 3368 Simbad - ok 12:02:07.0631 3368 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 12:02:07.0641 3368 SLIP - ok 12:02:07.0662 3368 Sparrow - ok 12:02:07.0682 3368 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 12:02:07.0692 3368 splitter - ok 12:02:07.0742 3368 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 12:02:07.0762 3368 Spooler - ok 12:02:07.0832 3368 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 12:02:07.0882 3368 sr - ok 12:02:07.0932 3368 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 12:02:07.0952 3368 srservice - ok 12:02:08.0022 3368 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 12:02:08.0042 3368 Srv - ok 12:02:08.0082 3368 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 12:02:08.0112 3368 SSDPSRV - ok 12:02:08.0172 3368 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 12:02:08.0202 3368 stisvc - ok 12:02:08.0232 3368 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 12:02:08.0242 3368 streamip - ok 12:02:08.0302 3368 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 12:02:08.0302 3368 swenum - ok 12:02:08.0332 3368 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 12:02:08.0352 3368 swmidi - ok 12:02:08.0363 3368 SwPrv - ok 12:02:08.0383 3368 symc810 - ok 12:02:08.0393 3368 symc8xx - ok 12:02:08.0413 3368 sym_hi - ok 12:02:08.0423 3368 sym_u3 - ok 12:02:08.0453 3368 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 12:02:08.0473 3368 sysaudio - ok 12:02:08.0513 3368 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 12:02:08.0563 3368 SysmonLog - ok 12:02:08.0633 3368 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll 12:02:08.0653 3368 TapiSrv - ok 12:02:08.0743 3368 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 12:02:08.0773 3368 Tcpip - ok 12:02:08.0823 3368 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 12:02:08.0833 3368 TDPIPE - ok 12:02:08.0873 3368 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 12:02:08.0883 3368 TDTCP - ok 12:02:08.0903 3368 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 12:02:08.0923 3368 TermDD - ok 12:02:08.0993 3368 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll 12:02:09.0023 3368 TermService - ok 12:02:09.0074 3368 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll 12:02:09.0094 3368 Themes - ok 12:02:09.0124 3368 TosIde - ok 12:02:09.0174 3368 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 12:02:09.0204 3368 TrkWks - ok 12:02:09.0264 3368 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys 12:02:09.0274 3368 tunmp - ok 12:02:09.0304 3368 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 12:02:09.0314 3368 Udfs - ok 12:02:09.0344 3368 ultra - ok 12:02:09.0524 3368 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe 12:02:09.0554 3368 UMVPFSrv - ok 12:02:09.0624 3368 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 12:02:09.0644 3368 Update - ok 12:02:09.0704 3368 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 12:02:09.0775 3368 upnphost - ok 12:02:09.0815 3368 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 12:02:09.0845 3368 UPS - ok 12:02:09.0895 3368 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 12:02:09.0915 3368 usbaudio - ok 12:02:09.0985 3368 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 12:02:10.0005 3368 usbccgp - ok 12:02:10.0055 3368 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 12:02:10.0055 3368 usbhub - ok 12:02:10.0105 3368 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 12:02:10.0115 3368 usbprint - ok 12:02:10.0145 3368 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 12:02:10.0145 3368 usbscan - ok 12:02:10.0175 3368 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 12:02:10.0185 3368 USBSTOR - ok 12:02:10.0215 3368 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 12:02:10.0215 3368 usbuhci - ok 12:02:10.0265 3368 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 12:02:10.0275 3368 VgaSave - ok 12:02:10.0285 3368 ViaIde - ok 12:02:10.0315 3368 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 12:02:10.0315 3368 VolSnap - ok 12:02:10.0385 3368 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 12:02:10.0415 3368 VSS - ok 12:02:10.0496 3368 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll 12:02:10.0526 3368 W32Time - ok 12:02:10.0566 3368 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 12:02:10.0576 3368 Wanarp - ok 12:02:10.0646 3368 wceusbsh (4c0b8ef721783f52f8e531fbdc4b1f74) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 12:02:10.0656 3368 wceusbsh - ok 12:02:10.0666 3368 WDC_SAM - ok 12:02:10.0686 3368 WDICA - ok 12:02:10.0716 3368 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 12:02:10.0726 3368 wdmaud - ok 12:02:10.0786 3368 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll 12:02:10.0826 3368 WebClient - ok 12:02:10.0936 3368 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 12:02:10.0946 3368 winmgmt - ok 12:02:11.0056 3368 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll 12:02:11.0116 3368 WinRM - ok 12:02:11.0167 3368 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 12:02:11.0187 3368 WmdmPmSN - ok 12:02:11.0207 3368 WmHidLo - ok 12:02:11.0277 3368 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 12:02:11.0287 3368 WmiApSrv - ok 12:02:11.0467 3368 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe 12:02:11.0527 3368 WMPNetworkSvc - ok 12:02:11.0607 3368 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 12:02:11.0617 3368 WpdUsb - ok 12:02:11.0667 3368 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 12:02:11.0667 3368 WS2IFSL - ok 12:02:11.0757 3368 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 12:02:11.0787 3368 wscsvc - ok 12:02:11.0807 3368 WSearch - ok 12:02:11.0868 3368 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 12:02:11.0878 3368 WSTCODEC - ok 12:02:11.0928 3368 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll 12:02:11.0978 3368 wuauserv - ok 12:02:12.0028 3368 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 12:02:12.0048 3368 WudfPf - ok 12:02:12.0078 3368 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 12:02:12.0098 3368 WudfRd - ok 12:02:12.0148 3368 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 12:02:12.0178 3368 WudfSvc - ok 12:02:12.0258 3368 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll 12:02:12.0328 3368 WZCSVC - ok 12:02:12.0378 3368 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 12:02:12.0418 3368 xmlprov - ok 12:02:12.0569 3368 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 12:02:12.0629 3368 YahooAUService - ok 12:02:12.0689 3368 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 12:02:12.0949 3368 \Device\Harddisk0\DR0 - ok 12:02:12.0999 3368 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR2 12:02:14.0041 3368 \Device\Harddisk1\DR2 - ok 12:02:14.0071 3368 Boot (0x1200) (292e643157beae72249dcb34f5dfe109) \Device\Harddisk0\DR0\Partition0 12:02:14.0071 3368 \Device\Harddisk0\DR0\Partition0 - ok 12:02:14.0091 3368 Boot (0x1200) (11c1dd3369d51365881e712f956564d2) \Device\Harddisk1\DR2\Partition0 12:02:14.0101 3368 \Device\Harddisk1\DR2\Partition0 - ok 12:02:14.0101 3368 ============================================================ 12:02:14.0101 3368 Scan finished 12:02:14.0101 3368 ============================================================ 12:02:14.0131 3360 Detected object count: 0 12:02:14.0131 3360 Actual detected object count: 0 12:02:19.0408 3088 Deinitialize success

#58 portboy123

Authentic Member

Authentic Member
124 posts

Posted 13 May 2012 - 10:15 AM

hi jeff everytime i reboot i have to add the netbt.sys file into c/ system 32 . drivers then go to services and turn it on. i am going to a cookout for mothers day shortly hopefull we can pick up later thanks

#59 portboy123

Authentic Member

Authentic Member
124 posts

Posted 13 May 2012 - 10:26 AM

hi jeff found this in my c/ i opened it then it was gone and it was on my desktop called look ? Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT] "Type"=dword:00000001 "Start"=dword:00000001 "ErrorControl"=dword:00000001 "Tag"=dword:00000006 "ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\ 52,00,49,00,56,00,45,00,52,00,53,00,5c,00,6e,00,65,00,74,00,62,00,74,00,2e,\ 00,73,00,79,00,73,00,00,00 "DisplayName"="NetBios over Tcpip" "Group"="PNP_TDI" "DependOnService"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,00,00 "DependOnGroup"=hex(7):00,00 "Description"="NetBios over Tcpip" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum] "0"="Root\\LEGACY_NETBT\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 "INITSTARTFAILED"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage] "OtherDependencies"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,00,00 "Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,\ 00,69,00,70,00,5f,00,7b,00,31,00,44,00,43,00,35,00,42,00,36,00,32,00,35,00,\ 2d,00,43,00,36,00,45,00,30,00,2d,00,34,00,45,00,35,00,43,00,2d,00,39,00,41,\ 00,42,00,38,00,2d,00,45,00,38,00,32,00,36,00,37,00,32,00,30,00,36,00,38,00,\ 42,00,39,00,41,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,\ 00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,36,00,41,00,37,00,32,00,39,00,\ 34,00,46,00,45,00,2d,00,34,00,36,00,46,00,34,00,2d,00,34,00,44,00,33,00,39,\ 00,2d,00,42,00,42,00,32,00,32,00,2d,00,32,00,46,00,34,00,33,00,38,00,39,00,\ 37,00,31,00,33,00,38,00,44,00,35,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,\ 00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,38,00,44,00,\ 32,00,32,00,41,00,42,00,44,00,42,00,2d,00,39,00,33,00,33,00,46,00,2d,00,34,\ 00,37,00,41,00,46,00,2d,00,38,00,35,00,43,00,38,00,2d,00,33,00,30,00,30,00,\ 39,00,44,00,46,00,44,00,34,00,34,00,43,00,42,00,42,00,7d,00,00,00,5c,00,44,\ 00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,\ 7b,00,33,00,31,00,30,00,44,00,42,00,44,00,39,00,42,00,2d,00,34,00,31,00,31,\ 00,41,00,2d,00,34,00,38,00,44,00,42,00,2d,00,42,00,36,00,46,00,30,00,2d,00,\ 45,00,41,00,31,00,31,00,43,00,32,00,45,00,41,00,39,00,30,00,39,00,42,00,7d,\ 00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,\ 69,00,70,00,5f,00,7b,00,33,00,46,00,35,00,37,00,30,00,32,00,37,00,36,00,2d,\ 00,32,00,42,00,31,00,36,00,2d,00,34,00,45,00,38,00,30,00,2d,00,41,00,37,00,\ 41,00,36,00,2d,00,34,00,36,00,30,00,41,00,37,00,34,00,33,00,43,00,45,00,39,\ 00,36,00,44,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,\ 54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,38,00,42,00,44,00,42,00,42,00,41,\ 00,35,00,37,00,2d,00,43,00,46,00,37,00,39,00,2d,00,34,00,42,00,41,00,41,00,\ 2d,00,41,00,36,00,39,00,34,00,2d,00,37,00,33,00,42,00,42,00,42,00,35,00,45,\ 00,41,00,42,00,45,00,46,00,38,00,7d,00,00,00,00,00 "Route"=hex(7):22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,31,\ 00,44,00,43,00,35,00,42,00,36,00,32,00,35,00,2d,00,43,00,36,00,45,00,30,00,\ 2d,00,34,00,45,00,35,00,43,00,2d,00,39,00,41,00,42,00,38,00,2d,00,45,00,38,\ 00,32,00,36,00,37,00,32,00,30,00,36,00,38,00,42,00,39,00,41,00,7d,00,22,00,\ 00,00,22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,36,00,41,\ 00,37,00,32,00,39,00,34,00,46,00,45,00,2d,00,34,00,36,00,46,00,34,00,2d,00,\ 34,00,44,00,33,00,39,00,2d,00,42,00,42,00,32,00,32,00,2d,00,32,00,46,00,34,\ 00,33,00,38,00,39,00,37,00,31,00,33,00,38,00,44,00,35,00,7d,00,22,00,00,00,\ 22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,38,00,44,00,32,\ 00,32,00,41,00,42,00,44,00,42,00,2d,00,39,00,33,00,33,00,46,00,2d,00,34,00,\ 37,00,41,00,46,00,2d,00,38,00,35,00,43,00,38,00,2d,00,33,00,30,00,30,00,39,\ 00,44,00,46,00,44,00,34,00,34,00,43,00,42,00,42,00,7d,00,22,00,00,00,22,00,\ 54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,33,00,31,00,30,00,44,\ 00,42,00,44,00,39,00,42,00,2d,00,34,00,31,00,31,00,41,00,2d,00,34,00,38,00,\ 44,00,42,00,2d,00,42,00,36,00,46,00,30,00,2d,00,45,00,41,00,31,00,31,00,43,\ 00,32,00,45,00,41,00,39,00,30,00,39,00,42,00,7d,00,22,00,00,00,22,00,54,00,\ 63,00,70,00,69,00,70,00,22,00,20,00,22,00,4e,00,64,00,69,00,73,00,57,00,61,\ 00,6e,00,49,00,70,00,22,00,00,00,00,00 "Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,\ 00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,31,00,44,00,\ 43,00,35,00,42,00,36,00,32,00,35,00,2d,00,43,00,36,00,45,00,30,00,2d,00,34,\ 00,45,00,35,00,43,00,2d,00,39,00,41,00,42,00,38,00,2d,00,45,00,38,00,32,00,\ 36,00,37,00,32,00,30,00,36,00,38,00,42,00,39,00,41,00,7d,00,00,00,5c,00,44,\ 00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,\ 54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,36,00,41,00,37,00,32,00,39,00,34,\ 00,46,00,45,00,2d,00,34,00,36,00,46,00,34,00,2d,00,34,00,44,00,33,00,39,00,\ 2d,00,42,00,42,00,32,00,32,00,2d,00,32,00,46,00,34,00,33,00,38,00,39,00,37,\ 00,31,00,33,00,38,00,44,00,35,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,\ 63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,\ 00,70,00,5f,00,7b,00,38,00,44,00,32,00,32,00,41,00,42,00,44,00,42,00,2d,00,\ 39,00,33,00,33,00,46,00,2d,00,34,00,37,00,41,00,46,00,2d,00,38,00,35,00,43,\ 00,38,00,2d,00,33,00,30,00,30,00,39,00,44,00,46,00,44,00,34,00,34,00,43,00,\ 42,00,42,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,\ 00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,\ 33,00,31,00,30,00,44,00,42,00,44,00,39,00,42,00,2d,00,34,00,31,00,31,00,41,\ 00,2d,00,34,00,38,00,44,00,42,00,2d,00,42,00,36,00,46,00,30,00,2d,00,45,00,\ 41,00,31,00,31,00,43,00,32,00,45,00,41,00,39,00,30,00,39,00,42,00,7d,00,00,\ 00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,\ 54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,33,00,46,00,35,00,37,\ 00,30,00,32,00,37,00,36,00,2d,00,32,00,42,00,31,00,36,00,2d,00,34,00,45,00,\ 38,00,30,00,2d,00,41,00,37,00,41,00,36,00,2d,00,34,00,36,00,30,00,41,00,37,\ 00,34,00,33,00,43,00,45,00,39,00,36,00,44,00,7d,00,00,00,5c,00,44,00,65,00,\ 76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,\ 00,70,00,69,00,70,00,5f,00,7b,00,38,00,42,00,44,00,42,00,42,00,41,00,35,00,\ 37,00,2d,00,43,00,46,00,37,00,39,00,2d,00,34,00,42,00,41,00,41,00,2d,00,41,\ 00,36,00,39,00,34,00,2d,00,37,00,33,00,42,00,42,00,42,00,35,00,45,00,41,00,\ 42,00,45,00,46,00,38,00,7d,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters] "NbProvider"="_tcp" "NameServerPort"=dword:00000089 "CacheTimeout"=dword:000927c0 "BcastNameQueryCount"=dword:00000003 "BcastQueryTimeout"=dword:000002ee "NameSrvQueryCount"=dword:00000003 "NameSrvQueryTimeout"=dword:000005dc "Size/Small/Medium/Large"=dword:00000001 "SessionKeepAlive"=dword:0036ee80 "TransportBindName"="\\Device\\" "EnableLMHOSTS"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{1DC5B625-C6E0-4E5C-9AB8-E82672068B9A}] "NameServerList"=hex(7):00,00 "NetbiosOptions"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{310DBD9B-411A-48DB-B6F0-EA11C2EA909B}] "NameServerList"=hex(7):00,00 "NetbiosOptions"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{6A7294FE-46F4-4D39-BB22-2F43897138D5}] "NameServerList"=hex(7):00,00 "NetbiosOptions"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{8D22ABDB-933F-47AF-85C8-3009DFD44CBB}] "NameServerList"=hex(7):00,00 "NetbiosOptions"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security] "Security"=hex:01,00,14,80,e8,00,00,00,f4,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,b8,00,08,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\ 05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\ 02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,25,02,\ 00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,14,\ 00,40,00,00,00,01,01,00,00,00,00,00,05,13,00,00,00,00,00,14,00,40,00,00,00,\ 01,01,00,00,00,00,00,05,14,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,\ 00,00,05,20,00,00,00,2c,02,00,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00

#60 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 13 May 2012 - 10:40 AM

Hi,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
```
:filefind
*netbt.sys
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Body Background

skin color theme