Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

View previous topic View next topic Go down

Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 10th April 2012, 10:50 pm

Hello,

I suspect that there is probably some kind of spyware that is slowing down my laptop and using all the virtual memory. I've been getting messages about my virtual memory being very low recently.This is apparent when running different programs. I can't for example open up iTunes or Microsoft Excel after just a few minutes on my computer. I can't properly shut down or restart my computer anymore (only hard reset). I've used Malwarebytes and spybot, but found nothing. I also used Comodo and found 30 threats but I was able to get rid of them. I ran it again, and found nothing.

Please let me know what steps I should take to figure out why laptop is operating this way. Just a month ago, everything seemed fine.

Thanks,
A

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 11th April 2012, 3:55 am

OTL logfile created on: 4/10/2012 10:10:15 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 349.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS2 | %ProgramFiles% = C:\Program Files
Drive C: | 105.97 Gb Total Space | 14.07 Gb Free Space | 13.28% Space Free | Partition Type: NTFS

Computer Name: ANTONIO-LAPTOP | User Name: Antonio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/19 16:08:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\OTL.exe
PRC - [2010/04/09 01:26:14 | 001,769,216 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/04/09 01:26:02 | 002,029,456 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/02/19 17:00:24 | 000,148,744 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/07/03 15:57:38 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/05/10 01:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS2\OEM02Mon.exe
PRC - [2007/04/16 18:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2004/08/03 18:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/19 16:08:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\OTL.exe
MOD - [2010/04/09 01:26:12 | 000,277,240 | ---- | M] (COMODO) -- C:\WINDOWS2\system32\guard32.dll
MOD - [2007/07/03 15:56:56 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2004/08/03 18:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
SRV - [2012/04/01 22:04:15 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS2\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/04/09 01:26:14 | 001,769,216 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/02/19 17:00:24 | 000,148,744 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe -- (CLPSLS)


========== Driver Services (SafeList) ==========

DRV - [2010/04/09 01:25:46 | 000,225,344 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS2\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/04/09 01:25:46 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS2\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/04/09 01:25:44 | 000,015,464 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS2\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2007/10/11 01:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/12 20:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/07/16 22:26:46 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/07/16 22:26:46 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/07/16 22:26:46 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/07/10 16:22:22 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS2\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/10 16:22:20 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS2\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/10 16:22:18 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS2\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/06/08 01:00:02 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\OEM02Afx.sys -- (OEM02Afx)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/05 18:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/21 04:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/18 15:17:40 | 000,033,592 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\WINDOWS2\system32\drivers\DLADHK_M.SYS -- (DLADHK_M)
DRV - [2006/08/11 12:35:20 | 000,013,688 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS2\system32\drivers\DLADiagM.SYS -- (DLADiagM)
DRV - [2006/08/11 12:35:18 | 000,030,744 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS2\system32\drivers\DLAPMonM.SYS -- (DLAPMonM)
DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS2\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS2\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS2\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2011/04/19 00:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/04/22 18:32:33 | 000,000,027 | ---- | M]) - C:\WINDOWS2\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS2\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS2\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS2\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS2\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS2\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS2\System32\nwiz.exe ()
O4 - HKLM..\Run: [OEM02Mon.exe] C:\WINDOWS2\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS2\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS2\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Value error. File not found
O20 - AppInit_DLLs: (C:\WINDOWS2\system32\guard32.dll) - C:\WINDOWS2\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS2\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/03 18:56:48 | 000,588,800 | RH-- | M] (Microsoft Corporation) - C:\AUTOCHK.EXE -- [ NTFS ]
O32 - AutoRun File - [2004/08/03 18:56:48 | 000,188,711 | RH-- | M] () - C:\AUTOCONV.EX_ -- [ NTFS ]
O32 - AutoRun File - [2001/08/23 08:00:00 | 000,029,413 | RH-- | M] () - C:\AUTODISC.DL_ -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | RH-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/08/23 08:00:00 | 000,000,860 | RH-- | M] () - C:\AUTOEXEC.NT_ -- [ NTFS ]
O32 - AutoRun File - [2004/08/03 18:56:48 | 000,580,608 | RH-- | M] (Microsoft Corporation) - C:\AUTOFMT.EXE -- [ NTFS ]
O32 - AutoRun File - [2004/08/03 18:56:48 | 000,005,630 | RH-- | M] () - C:\AUTOLFN.EX_ -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: CLPSLS - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: CLPSLS - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS2\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS2\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS2\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS2\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS2\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS2\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS2\system32\rundll32.exe" "C:\WINDOWS2\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.divxa32 - C:\WINDOWS2\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS2\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS2\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS2\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS2\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS2\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS2\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS2\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - ff_vfw.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS2\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS2\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS2\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS2\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS2\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS2\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS2\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\WINDOWS2\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (61938105627705344)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/08 21:34:42 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2012/04/08 21:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\COMODO
[2012/04/08 20:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\COMODO
[2012/04/08 20:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012/04/08 20:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Comodo Downloader
[2012/04/08 14:06:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Recent
[2012/04/08 13:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\CCleaner
[2012/04/08 13:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/04/08 13:39:20 | 003,645,656 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\ccsetup317.exe
[2012/04/08 12:24:01 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\wups2.dll
[2012/04/08 12:24:00 | 000,021,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\wucltui.dll.mui
[2012/04/08 12:23:54 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\wuapi.dll.mui
[2012/04/08 12:23:53 | 000,000,000 | ---D | C] -- C:\WINDOWS2\System32\SoftwareDistribution
[2012/04/08 12:12:51 | 000,000,000 | ---D | C] -- C:\WINDOWS2\System32\NtmsData
[2012/04/01 22:04:15 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS2\System32\FlashPlayerApp.exe

========== Files - Modified Within 30 Days ==========

[2012/04/10 22:52:04 | 000,000,888 | ---- | M] () -- C:\WINDOWS2\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/10 22:45:56 | 001,000,256 | ---- | M] () -- C:\WINDOWS2\System32\drivers\sfi.dat
[2012/04/10 22:29:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS2\System32\d3d9caps.dat
[2012/04/10 22:10:33 | 000,437,144 | ---- | M] () -- C:\WINDOWS2\System32\perfh009.dat
[2012/04/10 22:10:33 | 000,069,412 | ---- | M] () -- C:\WINDOWS2\System32\perfc009.dat
[2012/04/10 22:06:27 | 000,028,029 | ---- | M] () -- C:\WINDOWS2\System32\nvModes.001
[2012/04/10 22:05:46 | 000,000,884 | ---- | M] () -- C:\WINDOWS2\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/10 22:05:45 | 000,169,472 | ---- | M] () -- C:\WINDOWS2\System32\nvapps.xml
[2012/04/10 22:05:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS2\System32\wpa.dbl
[2012/04/10 22:05:37 | 000,002,048 | ---- | M] () -- C:\WINDOWS2\bootstat.dat
[2012/04/09 19:01:02 | 000,000,832 | ---- | M] () -- C:\WINDOWS2\tasks\Adobe Flash Player Updater.job
[2012/04/08 21:02:45 | 000,001,655 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\COMODO Antivirus.lnk
[2012/04/08 13:57:35 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\CCleaner.lnk
[2012/04/08 12:45:20 | 000,002,188 | ---- | M] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\Inspiron1520CleanUp.rtf
[2012/04/08 12:41:32 | 003,645,656 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\ccsetup317.exe
[2012/04/07 12:15:49 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/02 22:17:52 | 000,267,800 | ---- | M] () -- C:\WINDOWS2\System32\FNTCACHE.DAT
[2012/04/01 23:24:52 | 000,000,379 | ---- | M] () -- C:\WINDOWS2\ODBC.INI
[2012/04/01 22:04:15 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS2\System32\FlashPlayerApp.exe
[2012/04/01 22:04:15 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS2\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/04/08 21:34:16 | 000,881,456 | ---- | C] () -- C:\WINDOWS2\System32\drivers\sfi.dat
[2012/04/08 21:02:45 | 000,001,655 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\COMODO Antivirus.lnk
[2012/04/08 13:57:34 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\CCleaner.lnk
[2012/04/08 13:39:20 | 000,002,188 | ---- | C] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\Inspiron1520CleanUp.rtf
[2012/04/01 22:04:17 | 000,000,832 | ---- | C] () -- C:\WINDOWS2\tasks\Adobe Flash Player Updater.job
[2012/03/29 01:16:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS2\System32\d3d9caps.dat
[2011/09/11 23:00:43 | 000,056,640 | -H-- | C] () -- C:\WINDOWS2\System32\mlfcache.dat
[2011/08/03 20:30:33 | 000,645,632 | ---- | C] () -- C:\WINDOWS2\System32\xvidcore.dll
[2011/08/03 20:30:33 | 000,240,640 | ---- | C] () -- C:\WINDOWS2\System32\xvidvfw.dll
[2011/04/21 23:17:35 | 000,256,512 | ---- | C] () -- C:\WINDOWS2\PEV.exe
[2011/04/21 23:17:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS2\sed.exe
[2011/04/21 23:17:35 | 000,089,088 | ---- | C] () -- C:\WINDOWS2\MBR.exe
[2011/04/21 23:17:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS2\grep.exe
[2011/04/21 23:17:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS2\zip.exe
[2010/10/17 01:05:33 | 000,014,976 | ---- | C] () -- C:\WINDOWS2\System32\drivers\SBKUPNT.SYS
[2010/10/17 01:05:33 | 000,013,312 | ---- | C] () -- C:\WINDOWS2\System32\DEVLOAD.EXE
[2010/10/17 01:05:31 | 000,000,543 | ---- | C] () -- C:\WINDOWS2\SWISV3.INI
[2010/10/17 01:05:20 | 000,000,288 | ---- | C] () -- C:\WINDOWS2\SKNIFE.INI
[2010/10/17 01:04:45 | 000,002,799 | ---- | C] () -- C:\WINDOWS2\SKLANG.INI
[2010/10/03 00:07:04 | 000,000,139 | ---- | C] () -- C:\WINDOWS2\wininit.ini
[2010/10/02 23:57:23 | 000,198,144 | ---- | C] () -- C:\WINDOWS2\System32\_psisdecd.dll
[2010/10/02 14:47:05 | 000,000,076 | ---- | C] () -- C:\WINDOWS2\CT4CET.bin
[2010/09/28 19:58:52 | 000,001,917 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\LUInstall.LiveUpdate
[2010/09/26 19:28:10 | 000,000,379 | ---- | C] () -- C:\WINDOWS2\ODBC.INI
[2010/09/26 10:43:09 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/26 10:11:30 | 000,028,029 | ---- | C] () -- C:\WINDOWS2\System32\nvModes.dat
[2010/09/26 09:51:40 | 001,626,112 | ---- | C] () -- C:\WINDOWS2\System32\nwiz.exe
[2010/09/26 09:51:39 | 001,703,936 | ---- | C] () -- C:\WINDOWS2\System32\nvwdmcpl.dll
[2010/09/26 09:51:39 | 001,019,904 | ---- | C] () -- C:\WINDOWS2\System32\nvwimg.dll
[2010/09/26 09:51:37 | 000,466,944 | ---- | C] () -- C:\WINDOWS2\System32\nvshell.dll
[2010/09/26 09:51:35 | 001,482,752 | ---- | C] () -- C:\WINDOWS2\System32\nview.dll
[2010/09/26 09:51:34 | 001,339,392 | ---- | C] () -- C:\WINDOWS2\System32\nvdspsch.exe
[2010/09/26 09:51:28 | 000,442,368 | ---- | C] () -- C:\WINDOWS2\System32\nvappbar.exe
[2010/09/26 09:51:26 | 000,425,984 | ---- | C] () -- C:\WINDOWS2\System32\keystone.exe
[2010/09/19 22:47:22 | 000,002,048 | ---- | C] () -- C:\WINDOWS2\bootstat.dat
[2010/09/19 22:20:23 | 000,021,640 | ---- | C] () -- C:\WINDOWS2\System32\emptyregdb.dat
[2010/09/19 16:30:26 | 000,004,205 | ---- | C] () -- C:\WINDOWS2\ODBCINST.INI
[2010/09/19 16:26:57 | 000,267,800 | ---- | C] () -- C:\WINDOWS2\System32\FNTCACHE.DAT
[2010/05/24 15:33:00 | 001,529,856 | ---- | C] () -- C:\WINDOWS2\System32\ff_samplerate.dll
[2010/05/24 15:33:00 | 001,447,921 | ---- | C] () -- C:\WINDOWS2\System32\ffmpegmt.dll
[2010/05/24 15:33:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS2\System32\ff_libfaad2.dll
[2010/05/24 15:33:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS2\System32\TomsMoComp_ff.dll
[2010/05/24 15:33:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS2\System32\ff_kernelDeint.dll
[2010/05/24 15:33:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS2\System32\ff_libdts.dll
[2010/05/24 15:33:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS2\System32\ff_libmad.dll
[2010/05/24 15:33:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS2\System32\libmpeg2_ff.dll
[2010/05/24 15:33:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS2\System32\ff_liba52.dll
[2010/05/24 15:33:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS2\System32\ff_tremor.dll
[2010/05/24 15:33:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS2\System32\ff_unrar.dll
[2010/05/19 16:59:20 | 000,150,528 | ---- | C] () -- C:\WINDOWS2\System32\mkx.dll
[2010/05/19 16:59:10 | 000,109,568 | ---- | C] () -- C:\WINDOWS2\System32\avi.dll
[2010/05/19 16:59:02 | 000,141,824 | ---- | C] () -- C:\WINDOWS2\System32\mp4.dll
[2010/05/19 16:58:52 | 000,123,392 | ---- | C] () -- C:\WINDOWS2\System32\ogm.dll
[2010/05/19 16:58:24 | 000,113,152 | ---- | C] () -- C:\WINDOWS2\System32\dsmux.exe
[2010/05/19 16:58:18 | 000,154,112 | ---- | C] () -- C:\WINDOWS2\System32\ts.dll
[2010/05/19 16:58:08 | 000,249,856 | ---- | C] () -- C:\WINDOWS2\System32\dxr.dll
[2010/05/19 16:57:42 | 000,097,792 | ---- | C] () -- C:\WINDOWS2\System32\avs.dll
[2010/05/19 16:57:38 | 000,137,728 | ---- | C] () -- C:\WINDOWS2\System32\mkv2vfr.exe
[2010/05/19 16:57:26 | 000,093,184 | ---- | C] () -- C:\WINDOWS2\System32\avss.dll
[2010/05/19 16:57:20 | 000,358,400 | ---- | C] () -- C:\WINDOWS2\System32\gdsmux.exe
[2010/05/19 16:55:40 | 000,080,384 | ---- | C] () -- C:\WINDOWS2\System32\mkzlib.dll
[2010/05/19 16:55:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS2\System32\mkunicode.dll
[2009/08/11 17:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS2\System32\ac3config.exe
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS2\System32\mmfinfo.dll
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS2\System32\qt-dx331.dll
[2007/12/20 03:16:30 | 000,016,480 | ---- | C] () -- C:\WINDOWS2\System32\rixdicon.dll
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS2\System32\Registration.ini
[2006/11/02 12:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS2\System32\sherlock2.exe
[2004/08/03 19:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS2\System32\Dcache.bin
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS2\System32\secupd.dat
[2004/07/17 05:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS2\System32\drivers\secdrv.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS2\System32\OUTLPERF.INI
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS2\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS2\System32\mlang.dat
[2001/08/23 08:00:00 | 000,437,144 | ---- | C] () -- C:\WINDOWS2\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS2\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS2\System32\dssec.dat
[2001/08/23 08:00:00 | 000,069,412 | ---- | C] () -- C:\WINDOWS2\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS2\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS2\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS2\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS2\System32\noise.dat

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/04/08 12:41:32 | 003,645,656 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\ccsetup317.exe
[2011/04/22 18:18:47 | 004,327,458 | R--- | M] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\Combo-Fix.exe
[2011/04/17 21:12:22 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\iExplore.exe
[2010/09/28 20:57:58 | 075,019,048 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\iTunesSetup.exe
[2011/04/24 01:42:41 | 016,537,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\jre-6u25-windows-i586.exe
[2011/04/19 16:08:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\OTL.exe
[2010/10/17 01:04:34 | 004,556,134 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\swissknife.exe
[2007/04/02 11:07:44 | 004,719,104 | ---- | M] (SWE von Schleusen) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\uzip.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS2\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS2\system32\dxtrans.dll
[2010/09/19 18:10:40 | 000,000,000 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS2\system32\h323log.txt
[2009/03/08 04:31:02 | 001,638,912 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS2\system32\mshtml.tlb
[2001/08/23 08:00:00 | 000,017,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS2\system32\stdole2.tlb

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >
[2012/04/10 22:55:57 | 001,021,280 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS2\system32\drivers\sfi.dat

< %PROGRAMFILES%\*. >
[2011/07/10 23:10:59 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/12/01 22:47:55 | 000,000,000 | ---D | M] -- C:\Program Files\AIM6
[2011/08/03 21:10:36 | 000,000,000 | ---D | M] -- C:\Program Files\AnvSoft
[2011/12/26 17:25:41 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/12/26 18:35:38 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2007/12/20 03:43:16 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2012/04/08 13:57:38 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/04/22 18:29:57 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2012/04/08 20:59:05 | 000,000,000 | ---D | M] -- C:\Program Files\COMODO
[2004/08/10 15:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2007/12/20 03:46:55 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/06/16 02:01:43 | 000,000,000 | ---D | M] -- C:\Program Files\Convert AVI to MP4
[2007/12/20 03:45:20 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2007/12/20 03:45:06 | 000,000,000 | ---D | M] -- C:\Program Files\Creative Live! Cam
[2007/12/20 03:57:19 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/07/03 20:14:32 | 000,000,000 | ---D | M] -- C:\Program Files\dcmsvc
[2007/12/20 04:03:45 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2007/12/20 03:59:51 | 000,000,000 | ---D | M] -- C:\Program Files\Dell DataSafe Online
[2007/12/20 04:01:25 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2007/12/29 10:40:14 | 000,000,000 | ---D | M] -- C:\Program Files\Design Science
[2011/08/12 12:41:33 | 000,000,000 | ---D | M] -- C:\Program Files\Dev-Cpp
[2007/12/20 03:43:02 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2010/09/29 03:05:59 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2011/04/23 16:21:50 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2009/04/26 04:25:57 | 000,000,000 | ---D | M] -- C:\Program Files\eSoftware
[2011/06/20 01:22:33 | 000,000,000 | ---D | M] -- C:\Program Files\FrostWire
[2010/04/02 17:20:03 | 000,000,000 | ---D | M] -- C:\Program Files\GMATPrep
[2010/10/10 20:41:03 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/10/02 23:44:55 | 000,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information
[2007/12/20 03:43:55 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2007/12/20 03:44:49 | 000,000,000 | ---D | M] -- C:\Program Files\Intel, Inc
[2008/07/25 22:13:09 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2010/09/28 21:42:30 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/12/26 18:39:25 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/12/26 18:40:21 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/10/27 00:33:24 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/06/14 20:41:02 | 000,000,000 | ---D | M] -- C:\Program Files\LG Electronics
[2012/02/06 22:03:16 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/10 17:32:45 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2010/09/19 22:19:06 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/07/03 19:36:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2004/08/10 15:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2012/03/22 19:48:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2007/12/29 10:40:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Picture It! 9
[2007/12/20 04:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2007/12/20 04:03:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2012/03/01 21:43:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/09/26 19:25:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/10/18 23:19:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/10/17 02:19:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2007/12/20 03:42:53 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Diagnostic Tool
[2010/09/19 22:24:20 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/07/20 11:45:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/03/13 04:02:21 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/08/31 14:25:01 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2008/12/19 00:18:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/10 15:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/03/10 23:08:01 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2007/12/29 09:46:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/12/20 03:38:51 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2007/12/20 04:02:10 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2010/09/19 22:23:41 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2007/12/20 03:42:59 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2010/03/31 02:42:50 | 000,000,000 | ---D | M] -- C:\Program Files\Nitro PDF
[2004/08/10 15:01:34 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/09/19 22:23:32 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/01/05 22:50:39 | 000,000,000 | ---D | M] -- C:\Program Files\PictureMover
[2011/12/26 17:33:03 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/12/29 19:04:55 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/03/13 04:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2007/12/20 03:54:02 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2007/12/20 03:49:04 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2010/09/28 21:05:37 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/10 18:02:28 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2007/12/20 03:24:24 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2007/12/20 03:54:10 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/12/23 03:04:47 | 000,000,000 | ---D | M] -- C:\Program Files\TrendMicro
[2011/11/28 22:15:38 | 000,000,000 | ---D | M] -- C:\Program Files\UltimateZip
[2010/09/28 19:55:56 | 000,000,000 | ---D | M] -- C:\Program Files\UltimateZip 2007
[2004/08/10 15:08:30 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2007/12/29 11:58:27 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2010/07/03 20:12:40 | 000,000,000 | ---D | M] -- C:\Program Files\Warner Bros. Digital Copy Manager
[2007/12/30 04:03:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Favorites
[2009/04/26 04:32:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2008/02/03 04:03:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Toolbar
[2009/06/22 04:47:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/09/19 22:24:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/09/19 22:17:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/10 15:02:52 | 000,000,000 | ---D | M] -- C:\Program Files\WindowsUpdate
[2004/08/10 15:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/09/29 03:17:52 | 000,000,000 | ---D | M] -- C:\Program Files\XP Codec Pack
[2011/08/03 20:30:46 | 000,000,000 | ---D | M] -- C:\Program Files\Xvid
[2008/02/03 04:01:52 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/03/09 00:21:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/03/09 00:21:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2004/08/03 19:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/03/09 00:21:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/03/09 00:21:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2004/08/03 19:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\cmdcons\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS2\ERDNT\cache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS2\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS2\system32\drivers\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS2\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS2\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/03/09 00:21:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/03/09 00:21:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 19:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab:disk.sys
[2004/08/04 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\cmdcons\disk.sys
[2004/08/04 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2004/08/04 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2004/08/03 16:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS2\system32\drivers\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: IASTOR.SYS >
[2007/05/08 22:22:56 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\storage\R154200\iastor.sys
[2007/05/08 22:22:58 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\i386\iastor.sys
[2007/05/08 22:22:58 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/03 18:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS2\ERDNT\cache\netlogon.dll
[2004/08/03 18:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS2\system32\dllcache\netlogon.dll
[2004/08/03 18:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS2\system32\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS2\system32\ie4uinit.exe" -reinstall [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS2\system32\ie4uinit.exe" -hide [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS2\system32\ie4uinit.exe" -show [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS2\system32\ie4uinit.exe" -reinstall [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS2\system32\ie4uinit.exe" -hide [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS2\system32\ie4uinit.exe" -show [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 11th April 2012, 3:56 am

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-10 23:25:56
-----------------------------
23:25:56.515 OS Version: Windows 5.1.2600 Service Pack 2
23:25:56.515 Number of processors: 2 586 0xF0D
23:25:56.562 ComputerName: ANTONIO-LAPTOP UserName: Antonio
23:26:50.906 Initialize success
23:40:32.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
23:40:32.187 Disk 0 Vendor: Hitachi_HTS542512K9SA00 BB2OC39P Size: 114473MB BusType: 3
23:40:32.187 Device \Driver\atapi -> DriverStartIo 868382c6
23:40:32.187 Disk 0 MBR read successfully
23:40:32.187 Disk 0 MBR scan
23:40:32.203 Disk 0 TDL4@MBR code has been found
23:40:32.203 Disk 0 Windows XP default MBR code found via API
23:40:32.203 Disk 0 MBR hidden
23:40:32.203 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
23:40:32.234 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 108509 MB offset 160650
23:40:32.250 Disk 0 Partition - 00 0F Extended LBA 2557 MB offset 222387795
23:40:32.281 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3325 MB offset 227624985
23:40:32.297 Disk 0 Partition 4 00 DD MSWIN4.1 2557 MB offset 222387858
23:40:32.312 Disk 0 MBR [TDL4] **ROOTKIT**
23:40:32.531 Disk 0 trace - called modules:
23:40:32.531 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8683849f]<<
23:40:32.547 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86cacab8]
23:40:32.547 3 CLASSPNP.SYS[f76e505b] -> nt!IofCallDriver -> [0x868bb248]
23:40:32.547 \Driver\atapi[0x86834268] -> IRP_MJ_CREATE -> 0x8683849f
23:40:32.562 Scan finished successfully
23:41:02.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\MBR.dat"
23:41:02.265 The log file has been saved successfully to "C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\aswMBR.txt"



furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 11th April 2012, 3:58 am

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 2 x86
[You must be registered and logged in to see this link.]
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
COMODO Internet Security
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
CCleaner
Java(TM) 6 Update 29
Java version out of date!
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````End of Log````````````





A file called "Extras.txt" was not created for when running OTL

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by Superdave on 11th April 2012, 7:12 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************

  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.



  • If an infected file is detected, the default action will be Cure, click on Continue.



  • If a suspicious file is detected, the default action will be Skip, click on Continue.



  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.



  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 12th April 2012, 5:15 am

I did the scan and it detected a malware. I clicked on "reboot now" but my laptop wouldn't reboot properly. It froze and I had to do a hard reset. This is the only thing that showe dup in the report:


00:56:25.0312 2484 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
00:56:27.0328 2484 ============================================================
00:56:27.0328 2484 Current date / time: 2012/04/12 00:56:27.0328
00:56:27.0328 2484 SystemInfo:
00:56:27.0328 2484
00:56:27.0328 2484 OS Version: 5.1.2600 ServicePack: 2.0
00:56:27.0328 2484 Product type: Workstation
00:56:27.0672 2484 ComputerName: ANTONIO-LAPTOP
00:56:27.0672 2484 UserName: Antonio
00:56:27.0672 2484 Windows directory: C:\WINDOWS2
00:56:27.0672 2484 System windows directory: C:\WINDOWS2
00:56:27.0672 2484 Processor architecture: Intel x86
00:56:27.0672 2484 Number of processors: 2
00:56:27.0672 2484 Page size: 0x1000
00:56:27.0672 2484 Boot type: Normal boot
00:56:27.0672 2484 ============================================================
00:56:32.0469 2484 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:56:32.0484 2484 \Device\Harddisk0\DR0:
00:56:32.0484 2484 MBR used
00:56:32.0484 2484 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0xD3EEAC9
00:56:33.0047 2484 Initialize success
00:56:33.0047 2484 ============================================================







also I notice that when going to this website in my laptop, I am redirected somewhere else. Please let me know what further steps I can take

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 12th April 2012, 5:28 am

I did the scan again, and this is the report i got before clicking on the reboot button:


00:56:25.0312 2484 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
00:56:27.0328 2484 ============================================================
00:56:27.0328 2484 Current date / time: 2012/04/12 00:56:27.0328
00:56:27.0328 2484 SystemInfo:
00:56:27.0328 2484
00:56:27.0328 2484 OS Version: 5.1.2600 ServicePack: 2.0
00:56:27.0328 2484 Product type: Workstation
00:56:27.0672 2484 ComputerName: ANTONIO-LAPTOP
00:56:27.0672 2484 UserName: Antonio
00:56:27.0672 2484 Windows directory: C:\WINDOWS2
00:56:27.0672 2484 System windows directory: C:\WINDOWS2
00:56:27.0672 2484 Processor architecture: Intel x86
00:56:27.0672 2484 Number of processors: 2
00:56:27.0672 2484 Page size: 0x1000
00:56:27.0672 2484 Boot type: Normal boot
00:56:27.0672 2484 ============================================================
00:56:32.0469 2484 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:56:32.0484 2484 \Device\Harddisk0\DR0:
00:56:32.0484 2484 MBR used
00:56:32.0484 2484 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0xD3EEAC9
00:56:33.0047 2484 Initialize success
00:56:33.0047 2484 ============================================================
01:10:57.0021 1188 ============================================================
01:10:57.0021 1188 Scan started
01:10:57.0021 1188 Mode: Manual;
01:10:57.0021 1188 ============================================================
01:11:01.0646 1188 Abiosdsk - ok
01:11:01.0708 1188 abp480n5 - ok
01:11:01.0833 1188 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS2\system32\DRIVERS\ACPI.sys
01:11:02.0380 1188 ACPI - ok
01:11:02.0677 1188 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS2\system32\drivers\ACPIEC.sys
01:11:02.0677 1188 ACPIEC - ok
01:11:02.0802 1188 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS2\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:11:02.0818 1188 AdobeFlashPlayerUpdateSvc - ok
01:11:03.0021 1188 adpu160m - ok
01:11:03.0146 1188 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS2\system32\drivers\aec.sys
01:11:03.0146 1188 aec - ok
01:11:03.0208 1188 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS2\System32\drivers\afd.sys
01:11:03.0208 1188 AFD - ok
01:11:03.0208 1188 Aha154x - ok
01:11:03.0224 1188 aic78u2 - ok
01:11:03.0240 1188 aic78xx - ok
01:11:03.0318 1188 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS2\system32\alrsvc.dll
01:11:03.0318 1188 Alerter - ok
01:11:03.0396 1188 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS2\System32\alg.exe
01:11:03.0396 1188 ALG - ok
01:11:03.0490 1188 AliIde - ok
01:11:03.0505 1188 amsint - ok
01:11:03.0552 1188 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS2\SYSTEM32\DRIVERS\APPDRV.SYS
01:11:03.0552 1188 APPDRV - ok
01:11:03.0693 1188 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:11:03.0708 1188 Apple Mobile Device - ok
01:11:03.0802 1188 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS2\System32\appmgmts.dll
01:11:03.0802 1188 AppMgmt - ok
01:11:03.0958 1188 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS2\system32\DRIVERS\arp1394.sys
01:11:03.0958 1188 Arp1394 - ok
01:11:03.0974 1188 asc - ok
01:11:03.0990 1188 asc3350p - ok
01:11:03.0990 1188 asc3550 - ok
01:11:04.0115 1188 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS2\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
01:11:04.0146 1188 aspnet_state - ok
01:11:04.0193 1188 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS2\system32\DRIVERS\asyncmac.sys
01:11:04.0224 1188 AsyncMac - ok
01:11:04.0271 1188 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS2\system32\DRIVERS\atapi.sys
01:11:04.0271 1188 atapi - ok
01:11:04.0474 1188 Atdisk - ok
01:11:04.0505 1188 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS2\system32\DRIVERS\atmarpc.sys
01:11:04.0505 1188 Atmarpc - ok
01:11:04.0568 1188 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS2\System32\audiosrv.dll
01:11:04.0568 1188 AudioSrv - ok
01:11:04.0630 1188 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS2\system32\DRIVERS\audstub.sys
01:11:04.0630 1188 audstub - ok
01:11:04.0755 1188 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS2\system32\DRIVERS\bcm4sbxp.sys
01:11:04.0755 1188 bcm4sbxp - ok
01:11:04.0912 1188 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS2\system32\drivers\Beep.sys
01:11:04.0912 1188 Beep - ok
01:11:05.0255 1188 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS2\system32\qmgr.dll
01:11:05.0380 1188 BITS - ok
01:11:05.0693 1188 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
01:11:05.0693 1188 Bonjour Service - ok
01:11:05.0912 1188 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS2\System32\browser.dll
01:11:05.0943 1188 Browser - ok
01:11:05.0943 1188 catchme - ok
01:11:06.0037 1188 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS2\system32\drivers\cbidf2k.sys
01:11:06.0037 1188 cbidf2k - ok
01:11:06.0115 1188 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS2\system32\DRIVERS\CCDECODE.sys
01:11:06.0115 1188 CCDECODE - ok
01:11:06.0443 1188 cd20xrnt - ok
01:11:06.0521 1188 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS2\system32\drivers\Cdaudio.sys
01:11:06.0521 1188 Cdaudio - ok
01:11:06.0615 1188 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS2\system32\drivers\Cdfs.sys
01:11:06.0615 1188 Cdfs - ok
01:11:06.0708 1188 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS2\system32\DRIVERS\cdrom.sys
01:11:06.0708 1188 Cdrom - ok
01:11:06.0802 1188 Changer - ok
01:11:06.0833 1188 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS2\system32\cisvc.exe
01:11:06.0833 1188 CiSvc - ok
01:11:06.0896 1188 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS2\system32\clipsrv.exe
01:11:06.0912 1188 ClipSrv - ok
01:11:07.0037 1188 CLPSLS (56139566e462c1fb1775e140d4ee6b22) C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
01:11:07.0037 1188 CLPSLS - ok
01:11:07.0365 1188 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS2\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:11:07.0490 1188 clr_optimization_v2.0.50727_32 - ok
01:11:07.0630 1188 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS2\system32\DRIVERS\CmBatt.sys
01:11:07.0662 1188 CmBatt - ok
01:11:07.0943 1188 cmdAgent (8e0528204ca034cbc3af65cf1831a4f4) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
01:11:07.0990 1188 cmdAgent - ok
01:11:08.0162 1188 cmderd (ae1c31d030a21f0afabe2df269d1181f) C:\WINDOWS2\system32\DRIVERS\cmderd.sys
01:11:08.0162 1188 cmderd - ok
01:11:08.0177 1188 cmdGuard (ee8d7168cbbe3af052ea93015f51abe9) C:\WINDOWS2\system32\DRIVERS\cmdguard.sys
01:11:08.0177 1188 cmdGuard - ok
01:11:08.0240 1188 cmdHlp (45a1f7d2890681f22406458d93d03cc1) C:\WINDOWS2\system32\DRIVERS\cmdhlp.sys
01:11:08.0240 1188 cmdHlp - ok
01:11:08.0255 1188 CmdIde - ok
01:11:08.0349 1188 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS2\system32\DRIVERS\compbatt.sys
01:11:08.0349 1188 Compbatt - ok
01:11:08.0365 1188 COMSysApp - ok
01:11:08.0380 1188 Cpqarray - ok
01:11:08.0505 1188 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS2\System32\cryptsvc.dll
01:11:08.0521 1188 CryptSvc - ok
01:11:08.0646 1188 dac2w2k - ok
01:11:08.0662 1188 dac960nt - ok
01:11:08.0755 1188 DcomLaunch (5c83a4408604f737717ab96371201680) C:\WINDOWS2\system32\rpcss.dll
01:11:08.0771 1188 DcomLaunch - ok
01:11:08.0958 1188 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS2\System32\dhcpcsvc.dll
01:11:08.0974 1188 Dhcp - ok
01:11:09.0068 1188 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS2\system32\DRIVERS\disk.sys
01:11:09.0068 1188 Disk - ok
01:11:09.0162 1188 DLADHK_M (6b2c6d29bb1954f1a328faedfbec31d9) C:\WINDOWS2\system32\Drivers\DLADHK_M.SYS
01:11:09.0162 1188 DLADHK_M - ok
01:11:09.0177 1188 DLADiagM (2c31280ba21446e89ba2265fafba45b9) C:\WINDOWS2\system32\Drivers\DLADiagM.SYS
01:11:09.0177 1188 DLADiagM - ok
01:11:09.0193 1188 DLAPMonM (8ea0b56da6197d557aed3f2a843738aa) C:\WINDOWS2\system32\Drivers\DLAPMonM.SYS
01:11:09.0208 1188 DLAPMonM - ok
01:11:09.0208 1188 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS2\system32\Drivers\DLARTL_M.SYS
01:11:09.0255 1188 DLARTL_M - ok
01:11:09.0474 1188 dmadmin - ok
01:11:09.0615 1188 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS2\system32\drivers\dmboot.sys
01:11:09.0630 1188 dmboot - ok
01:11:09.0740 1188 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS2\system32\drivers\dmio.sys
01:11:09.0755 1188 dmio - ok
01:11:09.0802 1188 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS2\system32\drivers\dmload.sys
01:11:09.0802 1188 dmload - ok
01:11:09.0959 1188 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS2\System32\dmserver.dll
01:11:10.0037 1188 dmserver - ok
01:11:10.0162 1188 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS2\system32\drivers\DMusic.sys
01:11:10.0177 1188 DMusic - ok
01:11:10.0287 1188 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS2\System32\dnsrslvr.dll
01:11:10.0302 1188 Dnscache - ok
01:11:10.0365 1188 dpti2o - ok
01:11:10.0396 1188 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS2\system32\drivers\drmkaud.sys
01:11:10.0443 1188 drmkaud - ok
01:11:10.0505 1188 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS2\System32\ersvc.dll
01:11:10.0521 1188 ERSvc - ok
01:11:10.0693 1188 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS2\system32\services.exe
01:11:10.0693 1188 Eventlog - ok
01:11:10.0912 1188 EventSystem (acd36a2dd7d1e9d8a060aa651dc07e63) C:\WINDOWS2\system32\es.dll
01:11:10.0927 1188 EventSystem - ok
01:11:11.0021 1188 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS2\system32\drivers\Fastfat.sys
01:11:11.0037 1188 Fastfat - ok
01:11:11.0146 1188 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS2\System32\shsvcs.dll
01:11:11.0146 1188 FastUserSwitchingCompatibility - ok
01:11:11.0209 1188 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS2\system32\drivers\Fdc.sys
01:11:11.0209 1188 Fdc - ok
01:11:11.0255 1188 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS2\system32\drivers\Fips.sys
01:11:11.0255 1188 Fips - ok
01:11:11.0318 1188 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS2\system32\drivers\Flpydisk.sys
01:11:11.0318 1188 Flpydisk - ok
01:11:11.0396 1188 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS2\system32\DRIVERS\fltMgr.sys
01:11:11.0412 1188 FltMgr - ok
01:11:11.0584 1188 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS2\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
01:11:11.0584 1188 FontCache3.0.0.0 - ok
01:11:11.0709 1188 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS2\system32\drivers\Fs_Rec.sys
01:11:11.0709 1188 Fs_Rec - ok
01:11:11.0787 1188 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS2\system32\DRIVERS\ftdisk.sys
01:11:11.0787 1188 Ftdisk - ok
01:11:11.0896 1188 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS2\system32\DRIVERS\GEARAspiWDM.sys
01:11:11.0896 1188 GEARAspiWDM - ok
01:11:11.0943 1188 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS2\system32\DRIVERS\msgpc.sys
01:11:11.0943 1188 Gpc - ok
01:11:12.0099 1188 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
01:11:12.0099 1188 gupdate - ok
01:11:12.0115 1188 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
01:11:12.0115 1188 gupdatem - ok
01:11:12.0255 1188 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS2\system32\DRIVERS\HDAudBus.sys
01:11:12.0255 1188 HDAudBus - ok
01:11:12.0334 1188 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS2\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:11:12.0349 1188 helpsvc - ok
01:11:12.0443 1188 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS2\System32\hidserv.dll
01:11:12.0474 1188 HidServ - ok
01:11:12.0552 1188 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS2\system32\DRIVERS\hidusb.sys
01:11:12.0552 1188 HidUsb - ok
01:11:12.0646 1188 hpn - ok
01:11:12.0709 1188 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS2\system32\DRIVERS\HSFHWAZL.sys
01:11:12.0724 1188 HSFHWAZL - ok
01:11:12.0787 1188 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS2\system32\DRIVERS\HSF_DPV.sys
01:11:12.0818 1188 HSF_DPV - ok
01:11:13.0037 1188 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS2\system32\Drivers\HTTP.sys
01:11:13.0037 1188 HTTP - ok
01:11:13.0146 1188 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS2\System32\w3ssl.dll
01:11:13.0146 1188 HTTPFilter - ok
01:11:13.0162 1188 i2omgmt - ok
01:11:13.0177 1188 i2omp - ok
01:11:13.0255 1188 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS2\system32\DRIVERS\i8042prt.sys
01:11:13.0255 1188 i8042prt - ok
01:11:13.0537 1188 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:11:13.0568 1188 idsvc - ok
01:11:13.0724 1188 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS2\system32\DRIVERS\imapi.sys
01:11:13.0724 1188 Imapi - ok
01:11:13.0771 1188 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS2\system32\imapi.exe
01:11:13.0771 1188 ImapiService - ok
01:11:13.0787 1188 ini910u - ok
01:11:13.0802 1188 IntelIde - ok
01:11:13.0880 1188 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS2\system32\DRIVERS\intelppm.sys
01:11:13.0880 1188 intelppm - ok
01:11:13.0943 1188 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS2\system32\DRIVERS\Ip6Fw.sys
01:11:13.0943 1188 Ip6Fw - ok
01:11:13.0974 1188 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS2\system32\DRIVERS\ipinip.sys
01:11:13.0990 1188 IpInIp - ok
01:11:14.0130 1188 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS2\system32\DRIVERS\ipnat.sys
01:11:14.0130 1188 IpNat - ok
01:11:14.0271 1188 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
01:11:14.0302 1188 iPod Service - ok
01:11:14.0802 1188 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS2\system32\DRIVERS\ipsec.sys
01:11:14.0802 1188 IPSec - ok
01:11:14.0880 1188 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS2\system32\DRIVERS\irenum.sys
01:11:14.0880 1188 IRENUM - ok
01:11:15.0068 1188 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS2\system32\DRIVERS\isapnp.sys
01:11:15.0084 1188 isapnp - ok
01:11:15.0396 1188 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
01:11:15.0412 1188 JavaQuickStarterService - ok
01:11:15.0724 1188 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS2\system32\DRIVERS\kbdclass.sys
01:11:15.0724 1188 Kbdclass - ok
01:11:15.0802 1188 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS2\system32\drivers\kmixer.sys
01:11:15.0802 1188 kmixer - ok
01:11:16.0209 1188 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS2\system32\drivers\KSecDD.sys
01:11:16.0287 1188 KSecDD - ok
01:11:16.0365 1188 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS2\System32\srvsvc.dll
01:11:16.0365 1188 lanmanserver - ok
01:11:16.0474 1188 lanmanworkstation (2c0a7b2ae9c26f2c163627679b42783c) C:\WINDOWS2\System32\wkssvc.dll
01:11:16.0474 1188 lanmanworkstation - ok
01:11:16.0834 1188 lbrtfdc - ok
01:11:17.0240 1188 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS2\System32\lmhsvc.dll
01:11:17.0365 1188 LmHosts - ok
01:11:17.0927 1188 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
01:11:17.0927 1188 MDM - ok
01:11:18.0927 1188 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS2\system32\DRIVERS\mdmxsdk.sys
01:11:19.0005 1188 mdmxsdk - ok
01:11:19.0646 1188 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS2\System32\msgsvc.dll
01:11:19.0677 1188 Messenger - ok
01:11:19.0912 1188 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS2\system32\drivers\mnmdd.sys
01:11:19.0927 1188 mnmdd - ok
01:11:20.0224 1188 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS2\system32\mnmsrvc.exe
01:11:20.0224 1188 mnmsrvc - ok
01:11:20.0599 1188 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS2\system32\drivers\Modem.sys
01:11:20.0615 1188 Modem - ok
01:11:21.0130 1188 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS2\system32\DRIVERS\mouclass.sys
01:11:21.0224 1188 Mouclass - ok
01:11:22.0740 1188 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS2\system32\DRIVERS\mouhid.sys
01:11:22.0834 1188 mouhid - ok
01:11:24.0287 1188 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS2\system32\drivers\MountMgr.sys
01:11:24.0365 1188 MountMgr - ok
01:11:25.0240 1188 mraid35x - ok
01:11:26.0334 1188 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS2\system32\DRIVERS\mrxdav.sys
01:11:26.0459 1188 MRxDAV - ok
01:11:27.0224 1188 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS2\system32\DRIVERS\mrxsmb.sys
01:11:27.0255 1188 MRxSmb - ok
01:11:28.0349 1188 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS2\system32\msdtc.exe
01:11:28.0365 1188 MSDTC - ok
01:11:29.0193 1188 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS2\system32\drivers\Msfs.sys
01:11:29.0240 1188 Msfs - ok
01:11:29.0646 1188 MSIServer - ok
01:11:29.0943 1188 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS2\system32\drivers\MSKSSRV.sys
01:11:29.0974 1188 MSKSSRV - ok
01:11:30.0396 1188 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS2\system32\drivers\MSPCLOCK.sys
01:11:30.0396 1188 MSPCLOCK - ok
01:11:30.0506 1188 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS2\system32\drivers\MSPQM.sys
01:11:30.0537 1188 MSPQM - ok
01:11:30.0974 1188 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS2\system32\DRIVERS\mssmbios.sys
01:11:30.0990 1188 mssmbios - ok
01:11:31.0271 1188 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS2\system32\drivers\MSTEE.sys
01:11:31.0271 1188 MSTEE - ok
01:11:31.0584 1188 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS2\system32\drivers\Mup.sys
01:11:32.0068 1188 Mup - ok
01:11:33.0052 1188 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS2\system32\DRIVERS\NABTSFEC.sys
01:11:33.0115 1188 NABTSFEC - ok
01:11:34.0115 1188 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS2\system32\drivers\NDIS.sys
01:11:34.0271 1188 NDIS - ok
01:11:35.0099 1188 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS2\system32\DRIVERS\NdisIP.sys
01:11:35.0146 1188 NdisIP - ok
01:11:36.0490 1188 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS2\system32\DRIVERS\ndistapi.sys
01:11:36.0521 1188 NdisTapi - ok
01:11:37.0021 1188 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS2\system32\DRIVERS\ndisuio.sys
01:11:37.0021 1188 Ndisuio - ok
01:11:37.0131 1188 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS2\system32\DRIVERS\ndiswan.sys
01:11:37.0146 1188 NdisWan - ok
01:11:37.0599 1188 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS2\system32\drivers\NDProxy.sys
01:11:37.0662 1188 NDProxy - ok
01:11:39.0256 1188 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS2\system32\DRIVERS\netbios.sys
01:11:39.0256 1188 NetBIOS - ok
01:11:39.0537 1188 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS2\system32\DRIVERS\netbt.sys
01:11:39.0849 1188 NetBT - ok
01:11:41.0006 1188 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS2\system32\netdde.exe
01:11:41.0084 1188 NetDDE - ok
01:11:41.0084 1188 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS2\system32\netdde.exe
01:11:41.0099 1188 NetDDEdsdm - ok
01:11:41.0318 1188 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS2\system32\lsass.exe
01:11:41.0318 1188 Netlogon - ok
01:11:41.0459 1188 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS2\System32\netman.dll
01:11:41.0459 1188 Netman - ok
01:11:42.0381 1188 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:11:42.0396 1188 NetTcpPortSharing - ok
01:11:42.0724 1188 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS2\system32\DRIVERS\NETw4x32.sys
01:11:42.0849 1188 NETw4x32 - ok
01:11:43.0349 1188 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS2\system32\DRIVERS\nic1394.sys
01:11:43.0381 1188 NIC1394 - ok
01:11:43.0506 1188 Nla (4e74af063c3271fbea20dd940cfd1184) C:\WINDOWS2\System32\mswsock.dll
01:11:43.0552 1188 Nla - ok
01:11:43.0849 1188 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS2\system32\drivers\Npfs.sys
01:11:43.0849 1188 Npfs - ok
01:11:43.0943 1188 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS2\system32\drivers\Ntfs.sys
01:11:43.0959 1188 Ntfs - ok
01:11:44.0099 1188 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS2\system32\lsass.exe
01:11:44.0099 1188 NtLmSsp - ok
01:11:44.0146 1188 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS2\system32\ntmssvc.dll
01:11:44.0177 1188 NtmsSvc - ok
01:11:44.0349 1188 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS2\system32\drivers\Null.sys
01:11:44.0349 1188 Null - ok
01:11:47.0115 1188 nv (0390b9368ea20dfb9e416a520b28a555) C:\WINDOWS2\system32\DRIVERS\nv4_mini.sys
01:11:50.0099 1188 nv - ok
01:11:50.0740 1188 NVSvc (a9fb3ef9a6385b56e8a6bd758ac01b94) C:\WINDOWS2\system32\nvsvc32.exe
01:11:50.0787 1188 NVSvc - ok
01:11:51.0521 1188 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS2\system32\DRIVERS\nwlnkflt.sys
01:11:51.0615 1188 NwlnkFlt - ok
01:11:51.0912 1188 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS2\system32\DRIVERS\nwlnkfwd.sys
01:11:51.0943 1188 NwlnkFwd - ok
01:11:52.0209 1188 OEM02Afx (58f478fd0115012ceec75fb73628901c) C:\WINDOWS2\system32\Drivers\OEM02Afx.sys
01:11:52.0224 1188 OEM02Afx - ok
01:11:52.0646 1188 OEM02Dev (19cac780b858822055f46c58a111723c) C:\WINDOWS2\system32\DRIVERS\OEM02Dev.sys
01:11:52.0662 1188 OEM02Dev - ok
01:11:52.0803 1188 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS2\system32\DRIVERS\OEM02Vfx.sys
01:11:52.0834 1188 OEM02Vfx - ok
01:11:53.0318 1188 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS2\system32\DRIVERS\ohci1394.sys
01:11:53.0349 1188 ohci1394 - ok
01:11:53.0506 1188 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:11:53.0506 1188 ose - ok
01:11:53.0865 1188 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS2\system32\drivers\Parport.sys
01:11:53.0881 1188 Parport - ok
01:11:53.0943 1188 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS2\system32\drivers\PartMgr.sys
01:11:53.0943 1188 PartMgr - ok
01:11:54.0068 1188 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS2\system32\drivers\ParVdm.sys
01:11:54.0131 1188 ParVdm - ok
01:11:54.0553 1188 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS2\system32\DRIVERS\pci.sys
01:11:54.0599 1188 PCI - ok
01:11:55.0084 1188 PCIDump - ok
01:11:55.0162 1188 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS2\system32\DRIVERS\pciide.sys
01:11:55.0162 1188 PCIIde - ok
01:11:55.0506 1188 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS2\system32\drivers\Pcmcia.sys
01:11:55.0506 1188 Pcmcia - ok
01:11:55.0537 1188 PDCOMP - ok
01:11:55.0553 1188 PDFRAME - ok
01:11:55.0568 1188 PDRELI - ok
01:11:55.0584 1188 PDRFRAME - ok
01:11:55.0615 1188 perc2 - ok
01:11:55.0631 1188 perc2hib - ok
01:11:55.0771 1188 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS2\system32\services.exe
01:11:55.0771 1188 PlugPlay - ok
01:11:55.0834 1188 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS2\system32\lsass.exe
01:11:55.0834 1188 PolicyAgent - ok
01:11:56.0021 1188 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS2\system32\DRIVERS\raspptp.sys
01:11:56.0021 1188 PptpMiniport - ok
01:11:56.0099 1188 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS2\system32\lsass.exe
01:11:56.0099 1188 ProtectedStorage - ok
01:11:56.0115 1188 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS2\system32\DRIVERS\psched.sys
01:11:56.0115 1188 PSched - ok
01:11:56.0146 1188 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS2\system32\DRIVERS\ptilink.sys
01:11:56.0146 1188 Ptilink - ok
01:11:56.0162 1188 ql1080 - ok
01:11:56.0178 1188 Ql10wnt - ok
01:11:56.0193 1188 ql12160 - ok
01:11:56.0209 1188 ql1240 - ok
01:11:56.0240 1188 ql1280 - ok
01:11:56.0287 1188 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS2\system32\DRIVERS\rasacd.sys
01:11:56.0318 1188 RasAcd - ok
01:11:56.0381 1188 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS2\System32\rasauto.dll
01:11:56.0381 1188 RasAuto - ok
01:11:56.0568 1188 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS2\system32\DRIVERS\rasl2tp.sys
01:11:56.0568 1188 Rasl2tp - ok
01:11:56.0599 1188 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS2\System32\rasmans.dll
01:11:56.0599 1188 RasMan - ok
01:11:56.0615 1188 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS2\system32\DRIVERS\raspppoe.sys
01:11:56.0631 1188 RasPppoe - ok
01:11:56.0693 1188 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS2\system32\DRIVERS\raspti.sys
01:11:56.0709 1188 Raspti - ok
01:11:56.0756 1188 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS2\system32\DRIVERS\rdbss.sys
01:11:56.0756 1188 Rdbss - ok
01:11:56.0865 1188 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS2\system32\DRIVERS\RDPCDD.sys
01:11:56.0896 1188 RDPCDD - ok
01:11:57.0396 1188 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS2\system32\DRIVERS\rdpdr.sys
01:11:57.0459 1188 rdpdr - ok
01:11:57.0803 1188 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS2\system32\drivers\RDPWD.sys
01:11:57.0803 1188 RDPWD - ok
01:11:57.0896 1188 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS2\system32\sessmgr.exe
01:11:57.0896 1188 RDSessMgr - ok
01:11:57.0959 1188 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS2\system32\DRIVERS\redbook.sys
01:11:57.0974 1188 redbook - ok
01:11:58.0209 1188 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS2\System32\mprdim.dll
01:11:58.0224 1188 RemoteAccess - ok
01:11:58.0303 1188 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS2\system32\regsvc.dll
01:11:58.0303 1188 RemoteRegistry - ok
01:11:58.0428 1188 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS2\system32\DRIVERS\rimmptsk.sys
01:11:58.0428 1188 rimmptsk - ok
01:11:58.0443 1188 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS2\system32\DRIVERS\rimsptsk.sys
01:11:58.0443 1188 rimsptsk - ok
01:11:58.0474 1188 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS2\system32\DRIVERS\rixdptsk.sys
01:11:58.0474 1188 rismxdp - ok
01:11:58.0568 1188 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS2\system32\locator.exe
01:11:58.0568 1188 RpcLocator - ok
01:11:58.0896 1188 RpcSs (5c83a4408604f737717ab96371201680) C:\WINDOWS2\System32\rpcss.dll
01:11:58.0912 1188 RpcSs - ok
01:11:59.0318 1188 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS2\system32\rsvp.exe
01:11:59.0334 1188 RSVP - ok
01:11:59.0662 1188 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS2\system32\lsass.exe
01:11:59.0678 1188 SamSs - ok
01:11:59.0943 1188 SBKUPNT (729248b54aff21e740054acebfdbcb1c) C:\WINDOWS2\system32\Drivers\SBKUPNT.SYS
01:12:00.0037 1188 SBKUPNT - ok
01:12:01.0756 1188 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS2\System32\SCardSvr.exe
01:12:01.0787 1188 SCardSvr - ok
01:12:02.0178 1188 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS2\system32\schedsvc.dll
01:12:02.0193 1188 Schedule - ok
01:12:02.0303 1188 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS2\system32\DRIVERS\sdbus.sys
01:12:02.0303 1188 sdbus - ok
01:12:02.0396 1188 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS2\system32\DRIVERS\secdrv.sys
01:12:02.0396 1188 Secdrv - ok
01:12:02.0756 1188 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS2\System32\seclogon.dll
01:12:02.0787 1188 seclogon - ok
01:12:02.0881 1188 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS2\system32\sens.dll
01:12:02.0896 1188 SENS - ok
01:12:03.0271 1188 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS2\system32\drivers\Serial.sys
01:12:03.0318 1188 Serial - ok
01:12:03.0506 1188 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS2\system32\DRIVERS\sffdisk.sys
01:12:03.0615 1188 sffdisk - ok
01:12:04.0068 1188 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS2\system32\DRIVERS\sffp_sd.sys
01:12:04.0099 1188 sffp_sd - ok
01:12:04.0381 1188 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS2\system32\drivers\Sfloppy.sys
01:12:04.0381 1188 Sfloppy - ok
01:12:04.0615 1188 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS2\System32\ipnathlp.dll
01:12:04.0615 1188 SharedAccess - ok
01:12:04.0881 1188 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS2\System32\shsvcs.dll
01:12:04.0896 1188 ShellHWDetection - ok
01:12:04.0959 1188 Simbad - ok
01:12:05.0084 1188 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS2\system32\DRIVERS\SLIP.sys
01:12:05.0099 1188 SLIP - ok
01:12:05.0334 1188 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS2\system32\DRIVERS\SONYPVU1.SYS
01:12:05.0365 1188 SONYPVU1 - ok
01:12:05.0443 1188 Sparrow - ok
01:12:05.0974 1188 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS2\system32\drivers\splitter.sys
01:12:06.0099 1188 splitter - ok
01:12:06.0318 1188 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS2\system32\spoolsv.exe
01:12:06.0318 1188 Spooler - ok
01:12:06.0381 1188 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS2\system32\DRIVERS\sr.sys
01:12:06.0381 1188 sr - ok
01:12:06.0443 1188 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS2\system32\srsvc.dll
01:12:06.0443 1188 srservice - ok
01:12:06.0553 1188 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS2\system32\DRIVERS\srv.sys
01:12:06.0553 1188 Srv - ok
01:12:06.0615 1188 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS2\System32\ssdpsrv.dll
01:12:06.0615 1188 SSDPSRV - ok
01:12:06.0881 1188 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS2\system32\drivers\sthda.sys
01:12:06.0943 1188 STHDA - ok
01:12:07.0193 1188 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS2\system32\wiaservc.dll
01:12:07.0209 1188 stisvc - ok
01:12:07.0318 1188 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS2\system32\DRIVERS\StreamIP.sys
01:12:07.0349 1188 streamip - ok
01:12:08.0381 1188 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS2\system32\DRIVERS\swenum.sys
01:12:08.0396 1188 swenum - ok
01:12:08.0865 1188 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS2\system32\drivers\swmidi.sys
01:12:08.0865 1188 swmidi - ok
01:12:08.0881 1188 SwPrv - ok
01:12:08.0912 1188 symc810 - ok
01:12:09.0068 1188 symc8xx - ok
01:12:09.0303 1188 sym_hi - ok
01:12:09.0381 1188 sym_u3 - ok
01:12:09.0568 1188 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS2\system32\drivers\sysaudio.sys
01:12:09.0584 1188 sysaudio - ok
01:12:09.0896 1188 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS2\system32\smlogsvc.exe
01:12:09.0912 1188 SysmonLog - ok
01:12:10.0084 1188 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS2\System32\tapisrv.dll
01:12:10.0115 1188 TapiSrv - ok
01:12:10.0381 1188 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS2\system32\DRIVERS\tcpip.sys
01:12:10.0381 1188 Tcpip - ok
01:12:10.0584 1188 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS2\system32\drivers\TDPIPE.sys
01:12:10.0631 1188 TDPIPE - ok
01:12:10.0943 1188 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS2\system32\drivers\TDTCP.sys
01:12:11.0006 1188 TDTCP - ok
01:12:11.0162 1188 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS2\system32\DRIVERS\termdd.sys
01:12:11.0178 1188 TermDD - ok
01:12:12.0396 1188 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS2\System32\termsrv.dll
01:12:12.0475 1188 TermService - ok
01:12:12.0537 1188 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS2\System32\shsvcs.dll
01:12:12.0537 1188 Themes - ok
01:12:12.0615 1188 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS2\system32\tlntsvr.exe
01:12:12.0631 1188 TlntSvr - ok
01:12:12.0818 1188 TosIde - ok
01:12:12.0896 1188 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS2\system32\trkwks.dll
01:12:12.0896 1188 TrkWks - ok
01:12:12.0959 1188 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS2\system32\drivers\Udfs.sys
01:12:13.0100 1188 Udfs - ok
01:12:13.0115 1188 ultra - ok
01:12:13.0287 1188 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS2\system32\DRIVERS\update.sys
01:12:13.0318 1188 Update - ok
01:12:13.0475 1188 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS2\System32\upnphost.dll
01:12:13.0490 1188 upnphost - ok
01:12:13.0553 1188 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS2\System32\ups.exe
01:12:13.0584 1188 UPS - ok
01:12:13.0756 1188 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS2\system32\Drivers\usbaapl.sys
01:12:13.0787 1188 USBAAPL - ok
01:12:14.0350 1188 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS2\system32\DRIVERS\usbccgp.sys
01:12:14.0396 1188 usbccgp - ok
01:12:14.0771 1188 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS2\system32\DRIVERS\usbehci.sys
01:12:14.0787 1188 usbehci - ok
01:12:14.0990 1188 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS2\system32\DRIVERS\usbhub.sys
01:12:15.0021 1188 usbhub - ok
01:12:16.0068 1188 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS2\system32\DRIVERS\usbscan.sys
01:12:16.0146 1188 usbscan - ok
01:12:16.0771 1188 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS2\system32\DRIVERS\USBSTOR.SYS
01:12:16.0803 1188 USBSTOR - ok
01:12:17.0256 1188 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS2\system32\DRIVERS\usbuhci.sys
01:12:17.0256 1188 usbuhci - ok
01:12:17.0506 1188 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS2\system32\Drivers\usbvideo.sys
01:12:17.0568 1188 usbvideo - ok
01:12:17.0803 1188 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS2\System32\drivers\vga.sys
01:12:17.0818 1188 VgaSave - ok
01:12:18.0475 1188 ViaIde - ok
01:12:18.0553 1188 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS2\system32\drivers\VolSnap.sys
01:12:18.0568 1188 VolSnap - ok
01:12:18.0725 1188 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS2\System32\vssvc.exe
01:12:18.0756 1188 VSS - ok
01:12:19.0037 1188 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS2\system32\w32time.dll
01:12:19.0037 1188 W32Time - ok
01:12:19.0412 1188 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS2\system32\DRIVERS\wanarp.sys
01:12:19.0412 1188 Wanarp - ok
01:12:19.0584 1188 WDICA - ok
01:12:19.0693 1188 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS2\system32\drivers\wdmaud.sys
01:12:19.0693 1188 wdmaud - ok
01:12:19.0803 1188 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS2\System32\webclnt.dll
01:12:19.0818 1188 WebClient - ok
01:12:20.0021 1188 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS2\system32\DRIVERS\HSF_CNXT.sys
01:12:20.0100 1188 winachsf - ok
01:12:20.0850 1188 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS2\system32\wbem\WMIsvc.dll
01:12:20.0959 1188 winmgmt - ok
01:12:21.0584 1188 WmdmPmSN (c086483e3dba8c1c0a687ec8d5b3d4c1) C:\WINDOWS2\system32\mspmsnsv.dll
01:12:21.0584 1188 WmdmPmSN - ok
01:12:22.0256 1188 Wmi (1aff244ca134956c54474f4e2433e4ce) C:\WINDOWS2\System32\advapi32.dll
01:12:22.0396 1188 Wmi - ok
01:12:22.0740 1188 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS2\system32\DRIVERS\wmiacpi.sys
01:12:22.0756 1188 WmiAcpi - ok
01:12:22.0928 1188 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS2\system32\wbem\wmiapsrv.exe
01:12:22.0928 1188 WmiApSrv - ok
01:12:23.0162 1188 WPFFontCache_v0400 - ok
01:12:23.0287 1188 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS2\system32\wscsvc.dll
01:12:23.0303 1188 wscsvc - ok
01:12:23.0490 1188 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS2\system32\DRIVERS\WSTCODEC.SYS
01:12:23.0537 1188 WSTCODEC - ok
01:12:23.0631 1188 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS2\system32\wuauserv.dll
01:12:23.0631 1188 wuauserv - ok
01:12:23.0725 1188 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS2\System32\wzcsvc.dll
01:12:23.0740 1188 WZCSVC - ok
01:12:23.0975 1188 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS2\System32\xmlprov.dll
01:12:24.0115 1188 xmlprov - ok
01:12:24.0240 1188 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
01:12:24.0475 1188 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
01:12:24.0521 1188 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
01:12:24.0553 1188 Boot (0x1200) (b555b91f577cbb009e14078586928726) \Device\Harddisk0\DR0\Partition0
01:12:24.0584 1188 \Device\Harddisk0\DR0\Partition0 - ok
01:12:24.0584 1188 ============================================================
01:12:24.0584 1188 Scan finished
01:12:24.0584 1188 ============================================================
01:12:24.0600 2952 Detected object count: 1
01:12:24.0646 2952 Actual detected object count: 1
01:16:35.0601 2952 \Device\Harddisk0\DR0\# - copied to quarantine
01:16:35.0664 2952 \Device\Harddisk0\DR0 - copied to quarantine
01:16:35.0820 2952 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
01:16:35.0836 2952 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
01:16:35.0851 2952 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
01:16:35.0851 2952 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
01:16:35.0867 2952 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
01:16:35.0882 2952 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
01:16:36.0132 2952 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
01:16:36.0195 2952 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
01:16:36.0242 2952 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
01:16:36.0242 2952 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
01:16:36.0257 2952 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
01:16:36.0257 2952 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
01:16:36.0351 2952 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
01:16:36.0367 2952 \Device\Harddisk0\DR0 - ok
01:16:36.0382 2952 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure




furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by Superdave on 12th April 2012, 5:48 pm

Please run aswMBR.exe again and post the log along with these logs.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download [You must be registered and logged in to see this link.]
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from [You must be registered and logged in to see this link.]
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 13th April 2012, 2:10 am

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-12 18:48:00
-----------------------------
18:48:00.658 OS Version: Windows 5.1.2600 Service Pack 2
18:48:00.658 Number of processors: 2 586 0xF0D
18:48:00.658 ComputerName: ANTONIO-LAPTOP UserName: Antonio
18:48:40.940 Initialize success
18:51:26.132 AVAST engine defs: 12041201
18:52:00.805 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
18:52:00.820 Disk 0 Vendor: Hitachi_HTS542512K9SA00 BB2OC39P Size: 114473MB BusType: 3
18:52:00.820 Device \Driver\atapi -> DriverStartIo 868202c6
18:52:01.039 Disk 0 MBR read successfully
18:52:01.055 Disk 0 MBR scan
18:52:01.336 Disk 0 Windows XP default MBR code
18:52:01.414 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
18:52:01.524 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 108509 MB offset 160650
18:52:01.555 Disk 0 Partition - 00 0F Extended LBA 2557 MB offset 222387795
18:52:01.617 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3325 MB offset 227624985
18:52:01.805 Disk 0 Partition 4 00 DD MSWIN4.1 2557 MB offset 222387858
18:52:01.992 Disk 0 scanning sectors +234436545
18:52:02.461 Disk 0 scanning C:\WINDOWS2\system32\drivers
18:53:23.948 Service scanning
18:55:09.919 Modules scanning
18:56:06.764 Disk 0 trace - called modules:
18:56:06.780 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8682049f]<<
18:56:06.780 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d6eab8]
18:56:06.780 3 CLASSPNP.SYS[f76e505b] -> nt!IofCallDriver -> [0x86aeb588]
18:56:06.795 \Driver\atapi[0x86c501c8] -> IRP_MJ_CREATE -> 0x8682049f
18:56:11.999 AVAST engine scan C:\WINDOWS2
18:56:37.468 AVAST engine scan C:\WINDOWS2\system32
19:24:52.174 AVAST engine scan C:\WINDOWS2\system32\drivers
19:27:31.582 AVAST engine scan C:\Documents and Settings\Antonio.ANTONIO-LAPTOP
20:02:03.312 File: C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\temp\10.tmp **INFECTED** Win32:Alureon-ASD [Trj]
20:07:26.269 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS2
20:08:03.441 Scan finished successfully
20:08:51.301 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\MBR.dat"
20:08:51.364 The log file has been saved successfully to "C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\aswMBR_2.txt"


furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 13th April 2012, 2:15 am

My impression of you instruction for SUPERAntiSpyware is that the clicking on "scan your computer" would still give me options to change my setting. I clicked on it, but it was still set on "quick scan." It detected something immediately, so I let the scan finish. Here are the results:



SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 04/12/2012 at 09:34 PM

Application Version : 5.0.1146

Core Rules Database Version : 8451
Trace Rules Database Version: 6263

Scan type : Quick Scan
Total Scan Time : 01:07:23

Operating System Information
Windows XP Professional 32-bit, Service Pack 2 (Build 5.01.2600)
Administrator

Memory items scanned : 464
Memory threats detected : 0
Registry items scanned : 28431
Registry threats detected : 0
File items scanned : 25114
File threats detected : 142

Adware.Tracking Cookie
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@adbrite[1].txt [ /adbrite ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@ads.pointroll[1].txt [ /ads.pointroll ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@atdmt[2].txt [ /atdmt ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@click.get-answers-fast[1].txt [ /click.get-answers-fast ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@collective-media[2].txt [ /collective-media ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@doubleclick[1].txt [ /doubleclick ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@imrworldwide[2].txt [ /imrworldwide ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@invitemedia[2].txt [ /invitemedia ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@lucidmedia[1].txt [ /lucidmedia ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@media6degrees[1].txt [ /media6degrees ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@pointroll[2].txt [ /pointroll ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@questionmarket[2].txt [ /questionmarket ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@revsci[2].txt [ /revsci ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@ru4[1].txt [ /ru4 ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@serving-sys[2].txt [ /serving-sys ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@statcounter[2].txt [ /statcounter ]
C:\DOCUMENTS AND SETTINGS\ANTONIO\Cookies\antonio@doubleclick[1].txt [ Cookie:antonio@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\ANTONIO\Cookies\antonio@CADSXJ82.txt [ Cookie:antonio@ad.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\ANTONIO\Cookies\antonio@content.yieldmanager[8].txt [ Cookie:antonio@content.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\ANTONIO\Cookies\antonio@CA74991N.txt [ Cookie:antonio@content.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\ANTONIO\Cookies\antonio@statcounter[2].txt [ Cookie:antonio@statcounter.com/ ]
C:\DOCUMENTS AND SETTINGS\ANTONIO.ANTONIO-LAPTOP\Cookies\antonio@adsonar[2].txt [ Cookie:antonio@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\ANTONIO.ANTONIO-LAPTOP\Cookies\antonio@[You must be registered and logged in to see this link.] [ Cookie:antonio@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@ru4[1].txt [ Cookie:system@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@1sadx[1].txt [ Cookie:system@1sadx.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@[You must be registered and logged in to see this link.] [ Cookie:system@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@fastclick[1].txt [ Cookie:system@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@media6degrees[2].txt [ Cookie:system@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@revsci[1].txt [ Cookie:system@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@atdmt[2].txt [ Cookie:system@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@doubleclick[2].txt [ Cookie:system@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@perfectsearchengine[1].txt [ Cookie:system@perfectsearchengine.com/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@lucidmedia[1].txt [ Cookie:system@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@find-green[1].txt [ Cookie:system@find-green.com/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@realmedia[2].txt [ Cookie:system@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@mediatraffic[1].txt [ Cookie:system@mediatraffic.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@seek-your[1].txt [ Cookie:system@seek-your.com/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@burstnet[2].txt [ Cookie:system@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@adbrite[1].txt [ Cookie:system@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@indigo-search[1].txt [ Cookie:system@indigo-search.com/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@apmebf[2].txt [ Cookie:system@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@adxpose[1].txt [ Cookie:system@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@ad2.adfarm1.adition[2].txt [ Cookie:system@ad2.adfarm1.adition.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@pro-market[1].txt [ Cookie:system@pro-market.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@casalemedia[1].txt [ Cookie:system@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@questionmarket[2].txt [ Cookie:system@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@network.realmedia[1].txt [ Cookie:system@network.realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@tribalfusion[2].txt [ Cookie:system@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@mediaservices-d.openxenterprise[1].txt [ Cookie:system@mediaservices-d.openxenterprise.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@easysearchsite[1].txt [ Cookie:system@easysearchsite.com/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@advertising[1].txt [ Cookie:system@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@findology[1].txt [ Cookie:system@findology.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@ru4[4].txt [ Cookie:system@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@revsci[5].txt [ Cookie:system@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@fastclick[5].txt [ Cookie:system@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@imrworldwide[4].txt [ Cookie:system@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@1sadx[6].txt [ Cookie:system@1sadx.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@CAPTS0CP.txt [ Cookie:system@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@interclick[3].txt [ Cookie:system@interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@serving-sys[9].txt [ Cookie:system@serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@CAWL610E.txt [ Cookie:system@dc.tremormedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@media6degrees[11].txt [ Cookie:system@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@trafficmp[2].txt [ Cookie:system@trafficmp.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@a1.interclick[1].txt [ Cookie:system@a1.interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@keepufind[5].txt [ Cookie:system@keepufind.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@ox-d.enveromedia[9].txt [ Cookie:system@ox-d.enveromedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@CAZ4TJ1D.txt [ Cookie:system@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@adtech[5].txt [ Cookie:system@adtech.de/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@adbrite[10].txt [ Cookie:system@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@CAGNS2UT.txt [ Cookie:system@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@gamersmedia[3].txt [ Cookie:system@gamersmedia.com/servlet/ajrotator/track/pt1208644 ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@burstnet[5].txt [ Cookie:system@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@mediaplex[8].txt [ Cookie:system@mediaplex.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@uiadserver[2].txt [ Cookie:system@uiadserver.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@revsci[10].txt [ Cookie:system@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@[You must be registered and logged in to see this link.] [ Cookie:system@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@atdmt[4].txt [ Cookie:system@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@adtech[4].txt [ Cookie:system@adtech.de/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@doubleclick[2].txt [ Cookie:system@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@eclickz[8].txt [ Cookie:system@eclickz.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@gotacha.rotator.hadj7.adjuggler[1].txt [ Cookie:system@gotacha.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@lucidmedia[8].txt [ Cookie:system@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@statcounter[9].txt [ Cookie:system@statcounter.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@invitemedia[7].txt [ Cookie:system@invitemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@enhance[3].txt [ Cookie:system@enhance.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@casalemedia[7].txt [ Cookie:system@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@pro-market[8].txt [ Cookie:system@pro-market.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@cdn.jemamedia[4].txt [ Cookie:system@cdn.jemamedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@adbrite[3].txt [ Cookie:system@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@media.adfrontiers[8].txt [ Cookie:system@media.adfrontiers.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@ads.pointroll[10].txt [ Cookie:system@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@search.eclickz[7].txt [ Cookie:system@search.eclickz.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@CAXD34UW.txt [ Cookie:system@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@ad2.adfarm1.adition[4].txt [ Cookie:system@ad2.adfarm1.adition.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@burstnet[3].txt [ Cookie:system@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@adbrite[11].txt [ Cookie:system@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@[You must be registered and logged in to see this link.] [ Cookie:system@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@mediaservices-d.openxenterprise[10].txt [ Cookie:system@mediaservices-d.openxenterprise.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@yieldmanager[3].txt [ Cookie:system@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@ox-d.enveromedia[6].txt [ Cookie:system@ox-d.enveromedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@[You must be registered and logged in to see this link.] [ Cookie:system@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@ox-d.adservermedia[7].txt [ Cookie:system@ox-d.adservermedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@bs.serving-sys[2].txt [ Cookie:system@bs.serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@ad2.adfarm1.adition[7].txt [ Cookie:system@ad2.adfarm1.adition.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@network.realmedia[7].txt [ Cookie:system@network.realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@bizzclick[7].txt [ Cookie:system@bizzclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@network.realmedia[8].txt [ Cookie:system@network.realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@s3.trafficno[6].txt [ Cookie:system@s3.trafficno.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@ad.yieldmanager[9].txt [ Cookie:system@ad.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@mediaplex[4].txt [ Cookie:system@mediaplex.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@advertisers.pixfuture[1].txt [ Cookie:system@advertisers.pixfuture.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@tribalfusion[11].txt [ Cookie:system@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@dc.tremormedia[8].txt [ Cookie:system@dc.tremormedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@cdmedia.rotator.hadj7.adjuggler[2].txt [ Cookie:system@cdmedia.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@revsci[8].txt [ Cookie:system@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@1sadx[3].txt [ Cookie:system@1sadx.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@mediaservices-d.openxenterprise[11].txt [ Cookie:system@mediaservices-d.openxenterprise.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@legolas-media[5].txt [ Cookie:system@legolas-media.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@collective-media[8].txt [ Cookie:system@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@serving-sys[10].txt [ Cookie:system@serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@click.get-answers-fast[5].txt [ Cookie:system@click.get-answers-fast.com/ads-clicktrack/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@locatesearchfind[1].txt [ Cookie:system@locatesearchfind.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@findology[4].txt [ Cookie:system@findology.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@fastclick[6].txt [ Cookie:system@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@ads.gamersmedia[5].txt [ Cookie:system@ads.gamersmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@adsonar[8].txt [ Cookie:system@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@adnetwork[1].txt [ Cookie:system@adnetwork.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@kanoodle[3].txt [ Cookie:system@kanoodle.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@realmedia[7].txt [ Cookie:system@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@apmebf[5].txt [ Cookie:system@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@adxpose[4].txt [ Cookie:system@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@entrepreneur[3].txt [ Cookie:system@entrepreneur.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@casalemedia[8].txt [ Cookie:system@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@CAAOFWKY.txt [ Cookie:system@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@adserver.adtechus[3].txt [ Cookie:system@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@bizzclick[4].txt [ Cookie:system@bizzclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@ads.pointroll[7].txt [ Cookie:system@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@yadro[2].txt [ Cookie:system@yadro.ru/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@CA7TMZY4.txt [ Cookie:system@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@[You must be registered and logged in to see this link.] [ Cookie:system@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@citygridmedia[4].txt [ Cookie:system@citygridmedia.com/ ]



I am currently running a scan with Malwarebytes per your instructions. If you would like me to perform a full scan with SuperAntiSpyware, please let me know. Thank again.

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 13th April 2012, 10:26 pm

Here are my results for Malwarebytes. Computer seems better, but COMODO is detecting somethingg called hj8o1.exe trying trying do something to my system. Is this bad?

Malwarebytes Anti-Malware 1.61.0.1400
[You must be registered and logged in to see this link.]

Database version: v2012.04.13.01

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Antonio :: ANTONIO-LAPTOP [administrator]

4/12/2012 10:06:33 PM
mbam-log-2012-04-12 (22-06-33).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 394618
Time elapsed: 5 hour(s), 34 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\WINDOWS2\temp\ecssxxpfoeubn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS2\temp\mjhpcwujngclswtnpqh.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS2\temp\vswurnumovfwiqo.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS2\temp\wusctpegqmtylt.exe (Backdoor.Agent.RCGen) -> Quarantined and deleted successfully.
C:\WINDOWS2\temp\0.37774490646553416 (Exploit.Drop.9) -> Quarantined and deleted successfully.

(end)

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by Superdave on 13th April 2012, 11:45 pm

but COMODO is detecting somethingg called hj8o1.exe trying trying do something to my system. Is this bad?
If Comodo is detecting it, it can't be good.

Download Combofix from any of the links below, and save it to your DESKTOP.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 14th April 2012, 6:24 am

ComboFix 12-04-13.01 - Antonio 04/14/2012 0:30.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.128 [GMT -4:00]
Running from: c:\documents and settings\Antonio.ANTONIO-LAPTOP\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-14 05:21 . 2012-04-14 05:21 0 --sha-w- c:\windows2\system32\dds_trash_log.cmd
2012-04-14 05:05 . 2012-04-14 05:02 323072 ---ha-w- c:\documents and settings\All Users.WINDOWS2\Application Data\QkqnRvQCEE.exe
2012-04-14 05:04 . 2012-04-14 05:04 86016 ---ha-w- c:\documents and settings\All Users.WINDOWS2\Application Data\eccccfaddeafacdfdct.exe
2012-04-13 22:43 . 2012-04-13 22:43 -------- d-sh--w- c:\windows2\system32\config\systemprofile\PrivacIE
2012-04-13 22:41 . 2012-04-13 22:41 -------- d-sh--w- c:\windows2\system32\config\systemprofile\IETldCache
2012-04-13 00:19 . 2012-04-13 00:19 -------- d--h--w- c:\documents and settings\Antonio.ANTONIO-LAPTOP\Application Data\SUPERAntiSpyware.com
2012-04-13 00:16 . 2012-04-13 00:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-13 00:16 . 2012-04-13 00:16 -------- d--h--w- c:\documents and settings\All Users.WINDOWS2\Application Data\SUPERAntiSpyware.com
2012-04-12 04:47 . 2012-04-12 05:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-09 01:34 . 2012-04-09 01:34 -------- d-----w- C:\VritualRoot
2012-04-09 01:34 . 2012-04-09 01:35 -------- d--h--w- c:\documents and settings\All Users.WINDOWS2\Application Data\COMODO
2012-04-09 01:34 . 2012-04-14 04:05 1474832 ----a-w- c:\windows2\system32\drivers\sfi.dat
2012-04-09 00:57 . 2012-04-09 00:59 -------- d-----w- c:\program files\COMODO
2012-04-09 00:53 . 2012-04-09 00:53 -------- d--h--w- c:\documents and settings\All Users.WINDOWS2\Application Data\Comodo Downloader
2012-04-08 17:57 . 2012-04-08 17:57 -------- d-----w- c:\program files\CCleaner
2012-04-08 16:24 . 2009-08-06 23:24 44768 ----a-w- c:\windows2\system32\wups2.dll
2012-04-08 16:24 . 2009-08-06 23:24 21728 ----a-w- c:\windows2\system32\wucltui.dll.mui
2012-04-08 16:23 . 2009-08-06 23:24 17632 ----a-w- c:\windows2\system32\wuaueng.dll.mui
2012-04-08 16:23 . 2009-08-06 23:24 15072 ----a-w- c:\windows2\system32\wuaucpl.cpl.mui
2012-04-08 16:23 . 2009-08-06 23:24 15064 ----a-w- c:\windows2\system32\wuapi.dll.mui
2012-04-08 16:12 . 2012-04-08 16:14 -------- d-----w- c:\windows2\system32\NtmsData
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-04-03 03:51 . 2012-04-03 03:51 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2012-04-02 02:04 . 2012-04-02 02:04 418464 ----a-w- c:\windows2\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-12-10 22:23 22344 ----a-w- c:\windows2\system32\drivers\mbam.sys
2012-04-02 02:04 . 2011-06-03 16:01 70304 ----a-w- c:\windows2\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 06:19 . 2007-11-07 06:19 54272 c:\windows2\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 46592 c:\windows2\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90kor.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 47104 c:\windows2\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90jpn.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 59392 c:\windows2\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90ita.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 60416 c:\windows2\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90fra.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 59392 c:\windows2\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esp.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 59392 c:\windows2\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esn.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 54272 c:\windows2\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90enu.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 60928 c:\windows2\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90deu.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 41984 c:\windows2\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90cht.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 41472 c:\windows2\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90chs.dll
+ 2007-11-07 03:51 . 2007-11-07 03:51 59904 c:\windows2\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll
+ 2007-11-07 03:51 . 2007-11-07 03:51 59904 c:\windows2\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll
+ 2012-04-14 03:56 . 2012-04-14 03:56 16384 c:\windows2\temp\Perflib_Perfdata_338.dat
+ 2012-04-14 05:03 . 2012-04-14 05:03 86016 c:\windows2\temp\ecssxxpfoeubn.exe
+ 2010-09-20 02:24 . 2009-08-06 23:24 35552 c:\windows2\system32\wups.dll
+ 2010-09-20 02:24 . 2009-08-06 23:24 53472 c:\windows2\system32\wuauclt.exe
+ 2008-07-30 02:10 . 2008-07-30 02:10 26112 c:\windows2\system32\TsWpfWrp.exe
+ 2011-12-24 07:54 . 2008-07-06 12:06 89088 c:\windows2\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2012-04-08 16:24 . 2009-08-06 23:24 35552 c:\windows2\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2008-07-30 00:59 . 2008-07-30 00:59 43544 c:\windows2\system32\PresentationHostProxy.dll
+ 2001-08-23 12:00 . 2012-04-14 05:40 69412 c:\windows2\system32\perfc009.dat
- 2010-09-26 14:11 . 2011-02-06 06:35 28029 c:\windows2\system32\nvModes.dat
+ 2010-09-26 14:11 . 2011-08-08 14:55 28029 c:\windows2\system32\nvModes.dat
+ 2008-07-25 16:16 . 2008-07-25 16:16 83968 c:\windows2\system32\mscories.dll
+ 2011-09-12 03:00 . 2011-09-12 03:00 56640 c:\windows2\system32\mlfcache.dat
+ 2011-08-31 04:05 . 2011-08-31 04:05 50536 c:\windows2\system32\jdns_sd.dll
+ 2008-07-30 00:24 . 2008-07-30 00:24 97800 c:\windows2\system32\infocardapi.dll
+ 2008-07-30 00:24 . 2008-07-30 00:24 11264 c:\windows2\system32\icardres.dll
+ 2011-12-24 05:44 . 2004-08-04 05:56 21504 c:\windows2\system32\hidserv.dll
+ 2008-07-30 02:10 . 2008-07-30 02:10 73720 c:\windows2\system32\dxva2.dll
+ 2011-12-26 22:36 . 2011-08-02 22:38 42496 c:\windows2\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaapl.sys
+ 2011-12-26 22:36 . 2011-08-02 22:38 18432 c:\windows2\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\netaapl.sys
+ 2010-09-29 01:00 . 2011-08-02 22:38 42496 c:\windows2\system32\drivers\usbaapl.sys
+ 2011-12-24 05:44 . 2001-08-17 18:48 12160 c:\windows2\system32\drivers\mouhid.sys
+ 2010-04-09 05:25 . 2010-04-09 05:25 86800 c:\windows2\system32\drivers\inspect.sys
+ 2010-04-09 05:25 . 2010-04-09 05:25 25240 c:\windows2\system32\drivers\cmdhlp.sys
+ 2010-04-09 05:25 . 2010-04-09 05:25 15464 c:\windows2\system32\drivers\cmderd.sys
+ 2011-08-31 04:05 . 2011-08-31 04:05 73064 c:\windows2\system32\dnssd.dll
+ 2011-08-31 04:05 . 2011-08-31 04:05 83816 c:\windows2\system32\dns-sd.exe
+ 2010-09-20 02:24 . 2009-08-06 23:24 35552 c:\windows2\system32\dllcache\wups.dll
+ 2010-09-20 02:24 . 2009-08-06 23:24 53472 c:\windows2\system32\dllcache\wuauclt.exe
+ 2011-12-24 05:44 . 2001-08-17 18:48 12160 c:\windows2\system32\dllcache\mouhid.sys
+ 2011-12-24 05:44 . 2004-08-04 05:56 21504 c:\windows2\system32\dllcache\hidserv.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 89088 c:\windows2\system32\dllcache\filterpipelineprintproc.dll
+ 2004-08-03 22:56 . 2009-08-06 23:24 96480 c:\windows2\system32\dllcache\cdm.dll
+ 2012-04-13 22:43 . 2012-04-13 22:43 32768 c:\windows2\system32\config\systemprofile\PrivacIE\index.dat
+ 2012-04-08 17:28 . 2012-04-13 22:43 49152 c:\windows2\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-20 02:53 . 2011-04-17 20:40 32768 c:\windows2\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-09-20 02:53 . 2012-04-13 22:43 32768 c:\windows2\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-04-13 22:43 . 2012-04-13 22:43 32768 c:\windows2\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-04-13 22:41 . 2012-04-13 22:41 16384 c:\windows2\system32\config\systemprofile\IETldCache\index.dat
+ 2012-04-08 17:28 . 2012-04-13 22:43 32768 c:\windows2\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-03 22:56 . 2009-08-06 23:24 96480 c:\windows2\system32\cdm.dll
+ 2009-08-06 23:24 . 2009-08-06 23:24 44768 c:\windows2\SoftwareDistribution\WebSetup\wups2.dll
+ 2009-08-06 23:24 . 2009-08-06 23:24 35552 c:\windows2\SoftwareDistribution\WebSetup\wups.dll
+ 2009-08-06 23:24 . 2009-08-06 23:24 53472 c:\windows2\SoftwareDistribution\WebSetup\wuauclt.exe
+ 2009-08-06 23:24 . 2009-08-06 23:24 96480 c:\windows2\SoftwareDistribution\WebSetup\cdm.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 70648 c:\windows2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 91136 c:\windows2\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 41984 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 40960 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 89080 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 92664 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 95224 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 89592 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 84480 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 94720 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 97792 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 84992 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 97280 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 95224 c:\windows2\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 78856 c:\windows2\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 41984 c:\windows2\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 41992 c:\windows2\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 41992 c:\windows2\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-30 02:10 . 2008-07-30 02:10 46104 c:\windows2\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-30 00:59 . 2008-07-30 00:59 32768 c:\windows2\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-30 02:10 . 2008-07-30 02:10 71160 c:\windows2\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-30 00:32 . 2008-07-30 00:32 17448 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 73728 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 20504 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 11280 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 37896 c:\windows2\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 81400 c:\windows2\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 16:17 . 2008-07-25 16:17 77824 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 57392 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 81920 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 81920 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 81920 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 81920 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 95232 c:\windows2\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 16896 c:\windows2\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 61952 c:\windows2\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 32768 c:\windows2\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 32768 c:\windows2\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 53248 c:\windows2\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 53248 c:\windows2\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 88584 c:\windows2\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 24584 c:\windows2\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 31744 c:\windows2\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 19456 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 69632 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 18944 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 77312 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 94208 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 46592 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 83456 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 69632 c:\windows2\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 69632 c:\windows2\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 97792 c:\windows2\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 12800 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 12800 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 32768 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 32768 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 28672 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 28672 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 77824 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 36864 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 36864 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 40960 c:\windows2\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 40960 c:\windows2\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 72192 c:\windows2\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 72192 c:\windows2\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 65032 c:\windows2\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 28672 c:\windows2\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 28672 c:\windows2\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 77824 c:\windows2\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 18936 c:\windows2\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 62968 c:\windows2\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 35320 c:\windows2\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 69120 c:\windows2\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 27136 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 13312 c:\windows2\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 13312 c:\windows2\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 80376 c:\windows2\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 89608 c:\windows2\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 33792 c:\windows2\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 34312 c:\windows2\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 33288 c:\windows2\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 24576 c:\windows2\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 84480 c:\windows2\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 33800 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 17416 c:\windows2\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 22024 c:\windows2\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 36864 c:\windows2\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 36864 c:\windows2\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 58880 c:\windows2\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 98808 c:\windows2\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 10752 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 10752 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 13824 c:\windows2\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 28672 c:\windows2\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 96768 c:\windows2\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2012-03-24 19:47 . 2012-03-24 19:47 22016 c:\windows2\Installer\2ad45f.msi
+ 2008-07-30 04:07 . 2008-07-30 04:07 23040 c:\windows2\Installer\1fa87d3.msp
+ 2011-12-24 07:53 . 2011-12-24 07:53 88576 c:\windows2\Installer\1f65b00.msi
+ 2012-03-22 23:49 . 2012-03-22 23:49 34632 c:\windows2\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 23040 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 23040 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 61440 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 61440 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 27136 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 27136 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 11264 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 11264 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 86016 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 86016 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 12288 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 12288 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-10-10 20:26 . 2010-10-10 20:26 49152 c:\windows2\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-10-10 20:26 . 2012-03-01 03:55 49152 c:\windows2\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-12-26 21:24 . 2011-12-26 21:24 27136 c:\windows2\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 17304 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 35736 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 88992 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 94608 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 49064 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 17824 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 63912 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 64928 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 63384 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 89088 c:\windows2\Driver Cache\i386\filterpipelineprintproc.dll
+ 2011-12-24 08:00 . 2011-12-24 08:00 60928 c:\windows2\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\8f5c0e1b77c840d99a68897898317b79\UIAutomationProvider.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 37888 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\b5a285233229bb4f9d9831ebf27fe9ac\System.Windows.Presentation.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 36864 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\17e2a7113434da494a846a8f4e4ac5e9\System.Web.DynamicData.Design.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 94208 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a8e047504bdad9ec14efd483574b0dd5\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 82944 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f2b48eab657b4ef1d19dac11bdf0c913\System.AddIn.Contract.ni.dll
+ 2011-12-24 07:58 . 2011-12-24 07:58 47104 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\9469981a17c01dd154c540127e678b35\PresentationFontCache.ni.exe
+ 2011-12-24 07:58 . 2011-12-24 07:58 39424 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\487c1bc20f6e73e8e79503898d17d102\PresentationCFFRasterizer.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 55296 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\28ea74096df47800fe2c78bb2b9a4f2a\Microsoft.Vsa.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 74752 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\66359457e427c0d547750a79f754f9ba\Microsoft.Build.Framework.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 65024 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\36dbc4689f7c51e393504230004c9dec\Microsoft.Build.Framework.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 14336 c:\windows2\assembly\NativeImages_v2.0.50727_32\dfsvc\a2865dcec9c5d3cc9c55f026cbad6fcc\dfsvc.ni.exe
+ 2011-12-24 08:02 . 2011-12-24 08:02 25600 c:\windows2\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 94208 c:\windows2\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 98304 c:\windows2\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 40960 c:\windows2\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 12288 c:\windows2\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 61440 c:\windows2\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 77824 c:\windows2\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 32768 c:\windows2\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 77824 c:\windows2\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 32768 c:\windows2\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 73728 c:\windows2\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 81920 c:\windows2\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 81920 c:\windows2\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 53248 c:\windows2\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 81920 c:\windows2\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 81920 c:\windows2\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 57344 c:\windows2\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 45056 c:\windows2\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 46104 c:\windows2\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2011-12-24 07:55 . 2011-12-24 07:55 32768 c:\windows2\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 32768 c:\windows2\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 32768 c:\windows2\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 12800 c:\windows2\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 12800 c:\windows2\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 41984 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 28672 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 28672 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 77824 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 94208 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 36864 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 36864 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 36864 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 77824 c:\windows2\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 13312 c:\windows2\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 13312 c:\windows2\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 10752 c:\windows2\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 10752 c:\windows2\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 72192 c:\windows2\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 72192 c:\windows2\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 69120 c:\windows2\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 8192 c:\windows2\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-12-24 05:44 . 2001-08-17 19:02 9600 c:\windows2\system32\drivers\hidusb.sys
+ 2011-12-24 05:44 . 2001-08-17 19:02 9600 c:\windows2\system32\dllcache\hidusb.sys
+ 2012-04-13 22:43 . 2012-04-13 22:43 5120 c:\windows2\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{0AD3ACBB-85BA-11E1-866A-001D09B48724}.dat
+ 2012-04-13 22:43 . 2012-04-13 22:43 4608 c:\windows2\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1EE11F53-85BA-11E1-866A-001D09B48724}.dat
+ 2012-04-13 22:43 . 2012-04-13 22:43 4608 c:\windows2\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0AD3ACBC-85BA-11E1-866A-001D09B48724}.dat
+ 2008-07-30 04:40 . 2008-07-30 04:40 5632 c:\windows2\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 7168 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 7168 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2005-09-23 11:29 . 2005-09-23 11:29 5632 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 5632 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 6656 c:\windows2\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 8192 c:\windows2\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 8192 c:\windows2\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 9728 c:\windows2\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 9728 c:\windows2\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 5120 c:\windows2\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 4096 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 4096 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-12-24 07:56 . 2011-12-24 07:56 5632 c:\windows2\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 7168 c:\windows2\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 7168 c:\windows2\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 5632 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 5632 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 6656 c:\windows2\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 8192 c:\windows2\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 8192 c:\windows2\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 113664 c:\windows2\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 258048 c:\windows2\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 258048 c:\windows2\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 161784 c:\windows2\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
+ 2009-02-25 19:13 . 2009-02-25 19:13 626688 c:\windows2\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2009-02-25 19:13 . 2009-02-25 19:13 548864 c:\windows2\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2009-02-25 19:13 . 2009-02-25 19:13 479232 c:\windows2\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2011-05-14 06:17 . 2011-05-14 06:17 632656 c:\windows2\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-14 06:12 . 2011-05-14 06:12 554832 c:\windows2\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-14 06:11 . 2011-05-14 06:11 479232 c:\windows2\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 635904 c:\windows2\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 558080 c:\windows2\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 479232 c:\windows2\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2012-04-14 05:03 . 2012-04-14 05:03 210984 c:\windows2\temp\mjhpcwujngclswtnpqh.exe
+ 2011-08-04 00:30 . 2011-05-30 13:42 240640 c:\windows2\system32\xvidvfw.dll
+ 2011-08-04 00:30 . 2011-05-23 07:46 645632 c:\windows2\system32\xvidcore.dll
+ 2008-07-30 02:26 . 2008-07-30 02:26 301568 c:\windows2\system32\XPSViewer\XPSViewer.exe
+ 2011-12-24 07:54 . 2008-07-06 12:06 575488 c:\windows2\system32\xpsshhdr.dll
+ 2010-09-20 02:24 . 2009-08-06 23:23 209624 c:\windows2\system32\wuweb.dll
+ 2010-09-20 02:24 . 2009-08-06 23:24 327896 c:\windows2\system32\wucltui.dll
+ 2010-09-20 02:24 . 2009-08-06 23:23 575704 c:\windows2\system32\wuapi.dll
+ 2008-07-30 00:59 . 2008-07-30 00:59 161296 c:\windows2\system32\UIAutomationCore.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 765440 c:\windows2\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 765440 c:\windows2\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 748032 c:\windows2\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 748032 c:\windows2\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 147456 c:\windows2\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2011-12-24 07:54 . 2008-07-06 10:50 597504 c:\windows2\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
+ 2011-12-24 07:54 . 2008-03-13 04:52 761344 c:\windows2\system32\spool\drivers\w32x86\3\unires.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 744960 c:\windows2\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 373248 c:\windows2\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 198656 c:\windows2\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 765440 c:\windows2\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2012-04-08 16:23 . 2009-08-06 23:23 575704 c:\windows2\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.4.7600.226\wuapi.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 117760 c:\windows2\system32\prntvpt.dll
+ 2008-07-30 00:59 . 2008-07-30 00:59 781344 c:\windows2\system32\PresentationNative_v0300.dll
+ 2008-07-30 01:35 . 2008-07-30 01:35 326160 c:\windows2\system32\PresentationHost.exe
+ 2008-07-30 00:59 . 2008-07-30 00:59 105016 c:\windows2\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2001-08-23 12:00 . 2012-04-14 05:40 437144 c:\windows2\system32\perfh009.dat
+ 2012-04-02 02:04 . 2012-04-02 02:04 353440 c:\windows2\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
+ 2012-04-02 02:04 . 2012-04-02 02:04 424608 c:\windows2\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.dll
+ 2012-04-02 02:04 . 2012-04-02 02:04 253600 c:\windows2\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-10-27 04:33 . 2011-10-03 09:06 157472 c:\windows2\system32\javaws.exe
- 2010-12-26 21:43 . 2010-11-12 23:53 157472 c:\windows2\system32\javaws.exe
+ 2011-10-27 04:33 . 2011-10-03 09:06 145184 c:\windows2\system32\javaw.exe
- 2010-12-26 21:43 . 2010-11-12 23:53 145184 c:\windows2\system32\javaw.exe
+ 2011-10-27 04:33 . 2011-10-03 09:06 145184 c:\windows2\system32\java.exe
- 2010-12-26 21:43 . 2010-11-12 23:53 145184 c:\windows2\system32\java.exe
+ 2008-07-30 00:24 . 2008-07-30 00:24 622080 c:\windows2\system32\icardagt.exe
+ 2010-04-09 05:26 . 2010-04-09 05:26 277240 c:\windows2\system32\guard32.dll
+ 2010-09-19 20:26 . 2012-04-03 02:17 267800 c:\windows2\system32\FNTCACHE.DAT
+ 2008-07-30 02:10 . 2008-07-30 02:10 493048 c:\windows2\system32\evr.dll
+ 2010-04-09 05:25 . 2010-04-09 05:25 225344 c:\windows2\system32\drivers\cmdGuard.sys
+ 2011-08-31 04:05 . 2011-08-31 04:05 178536 c:\windows2\system32\dnssdX.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 575488 c:\windows2\system32\dllcache\xpsshhdr.dll
+ 2010-09-20 02:24 . 2009-08-06 23:23 209624 c:\windows2\system32\dllcache\wuweb.dll
+ 2010-09-20 02:24 . 2009-08-06 23:24 327896 c:\windows2\system32\dllcache\wucltui.dll
+ 2010-09-20 02:24 . 2009-08-06 23:23 575704 c:\windows2\system32\dllcache\wuapi.dll
+ 2011-12-24 07:54 . 2008-07-06 10:50 597504 c:\windows2\system32\dllcache\printfilterpipelinesvc.exe
- 2010-09-29 02:04 . 2010-11-12 23:53 472808 c:\windows2\system32\deployJava1.dll
+ 2010-09-29 02:04 . 2011-10-03 09:06 472808 c:\windows2\system32\deployJava1.dll
+ 2009-08-06 23:24 . 2009-08-06 23:24 327896 c:\windows2\SoftwareDistribution\WebSetup\wucltui.dll
+ 2009-08-06 23:23 . 2009-08-06 23:23 575704 c:\windows2\SoftwareDistribution\WebSetup\wuapi.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 196104 c:\windows2\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 802816 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 984056 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 107512 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 111096 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 110072 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 106488 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 105976 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 107000 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 107512 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 109048 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 106488 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 108536 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 110072 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 111096 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 101368 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 112120 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 106488 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 113656 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 111608 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 108536 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 108536 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 102904 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 689152 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 413184 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 632320 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 652800 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-29 23:47 . 2008-07-29 23:47 110080 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 131584 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 131072 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 121344 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 121344 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 123904 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 122880 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 128512 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 121856 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 129024 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 128512 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 132096 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 111104 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 133120 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 122368 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 137728 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 130048 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 126464 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 125440 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 113152 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 269304 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 23:47 . 2008-07-29 23:47 177152 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 276984 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-30 04:15 . 2008-07-30 04:15 225490 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-30 04:40 . 2008-07-30 04:40 233976 c:\windows2\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 168448 c:\windows2\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-30 01:35 . 2008-07-30 01:35 864256 c:\windows2\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2008-07-30 00:59 . 2008-07-30 00:59 132120 c:\windows2\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-30 02:10 . 2008-07-30 02:10 806928 c:\windows2\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 152576 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2008-07-30 00:16 . 2008-07-30 00:16 966656 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 132096 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2008-07-30 00:16 . 2008-07-30 00:16 110592 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 156688 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-30 00:16 . 2008-07-30 00:16 163840 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 397312 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-30 00:24 . 2008-07-30 00:24 881664 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-30 00:16 . 2008-07-30 00:16 168968 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 438272 c:\windows2\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 839680 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 835584 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 835584 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 261632 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 114688 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 114688 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 258048 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 131072 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 131072 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 303104 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 258048 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 372736 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 113664 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 258048 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 626688 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 188416 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 188416 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 401408 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 970752 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 745472 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 486400 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 425984 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 110592 c:\windows2\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 110592 c:\windows2\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 392184 c:\windows2\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 118784 c:\windows2\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 143360 c:\windows2\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 100856 c:\windows2\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 230912 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 345600 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 114176 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 367104 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 308224 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 998408 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 659456 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
- 2005-09-23 11:29 . 2005-09-23 11:29 372736 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 372736 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 11:29 . 2005-09-23 11:29 110592 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 110592 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 749568 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 655360 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 348160 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 230904 c:\windows2\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 798224 c:\windows2\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 575496 c:\windows2\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 106496 c:\windows2\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 106496 c:\windows2\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 507904 c:\windows2\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 106496 c:\windows2\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 106496 c:\windows2\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 147968 c:\windows2\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 218112 c:\windows2\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 193016 c:\windows2\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 145408 c:\windows2\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 14th April 2012, 6:25 am

+ 2012-04-13 10:29 . 2012-04-13 10:29 969728 c:\windows2\Installer\d309b.msi
+ 2011-10-27 05:03 . 2011-10-27 05:03 203776 c:\windows2\Installer\d056c4.msi
+ 2012-03-22 23:48 . 2012-03-22 23:48 381440 c:\windows2\Installer\a5165.msi
+ 2011-12-24 07:56 . 2011-12-24 07:56 648192 c:\windows2\Installer\1fbebeb.msi
+ 2008-07-30 04:23 . 2008-07-30 04:23 250880 c:\windows2\Installer\1fa87dc.msp
+ 2008-07-30 04:28 . 2008-07-30 04:28 278016 c:\windows2\Installer\1fa87da.msp
+ 2008-07-30 02:40 . 2008-07-30 02:40 291840 c:\windows2\Installer\1fa87d8.msp
+ 2011-12-24 07:56 . 2011-12-24 07:56 137728 c:\windows2\Installer\1fa87d2.msi
+ 2008-07-30 00:35 . 2008-07-30 00:35 553472 c:\windows2\Installer\1f65b05.msp
+ 2008-07-30 00:33 . 2008-07-30 00:33 506368 c:\windows2\Installer\1f65b03.msp
+ 2008-07-30 00:37 . 2008-07-30 00:37 911360 c:\windows2\Installer\1f65b02.msp
+ 2011-12-24 07:44 . 2011-12-24 07:44 228352 c:\windows2\Installer\1f07b23.msi
+ 2011-04-24 05:43 . 2011-04-24 05:43 677376 c:\windows2\Installer\149ac.msi
+ 2011-12-26 22:41 . 2011-12-26 22:41 380928 c:\windows2\Installer\{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}\iTunesIco.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 409600 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 409600 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 286720 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 286720 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 249856 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 249856 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 794624 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 794624 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 135168 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 135168 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 593920 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 593920 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 249232 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 394136 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 103848 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 183696 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 104344 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 102808 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 755088 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 296344 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 205720 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2011-12-24 07:54 . 2008-03-13 04:52 761344 c:\windows2\Driver Cache\i386\unires.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 744960 c:\windows2\Driver Cache\i386\unidrvui.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 373248 c:\windows2\Driver Cache\i386\unidrv.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 198656 c:\windows2\Driver Cache\i386\mxdwdui.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 765440 c:\windows2\Driver Cache\i386\mxdwdrv.dll
+ 2011-12-24 08:01 . 2011-12-24 08:01 321024 c:\windows2\assembly\NativeImages_v2.0.50727_32\WsatConfig\7d2a3adbdcb675f872eb2dbf21f73596\WsatConfig.ni.exe
+ 2011-12-24 08:00 . 2011-12-24 08:00 239616 c:\windows2\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a18dff8832712a0f6cccaaefbcc45861\WindowsFormsIntegration.ni.dll
+ 2011-12-24 08:00 . 2011-12-24 08:00 187904 c:\windows2\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\dbb2fcd246efaf3df823410597cd1677\UIAutomationTypes.ni.dll
+ 2011-12-24 08:00 . 2011-12-24 08:00 447488 c:\windows2\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\d255ab525d10d8fefe5df9ba092b2df8\UIAutomationClient.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 400896 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\8c0d96269480bdd3de8a825f0215308d\System.Xml.Linq.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 129536 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\18e1acd6761195389db42bab83169fd2\System.Web.Routing.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 202240 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\70764208219715962d310336b5959dfa\System.Web.RegularExpressions.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 858112 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f288f2cb75465c0f45154079365af9e8\System.Web.Extensions.Design.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 328192 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bbdc5cb2f2f92fd610de7331d748193a\System.Web.Entity.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 301056 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ca1ce755bb49324c7d275c426188a28f\System.Web.Entity.Design.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 542720 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aff5e0fa23e49ee75e458408c1f66da2\System.Web.DynamicData.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 141312 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\fbe60d84b9f1ab74e396fb1507f69615\System.Web.Abstractions.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 627200 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 212992 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 676352 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Security\0418eb6dbffe9b46aa4c989153d6a3b5\System.Security.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 311296 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\01dc643b54310ebc5ab7e4696df426bc\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 620032 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Net\eabe1915c13467e1e66e2b073bcb842f\System.Net.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 997888 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Management\894d87c08a9a5b5923e7104055a616d2\System.Management.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 330752 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1db9deebde7c96b2874b4ffccac2f48e\System.Management.Instrumentation.ni.dll
+ 2011-12-24 08:01 . 2011-12-24 08:01 381440 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.IO.Log\bcfccfa22245d2223a764611c61a7cb9\System.IO.Log.ni.dll
+ 2011-12-24 08:01 . 2011-12-24 08:01 212992 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\be8c7482f1e78a3b4984af9082d455a7\System.IdentityModel.Selectors.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 280064 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.Wrapper.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 627712 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 208384 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\5f5d64dd0e7991aaaad2d98ee52afe42\System.Drawing.Design.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 880640 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c205bbbb88bfa4bd5e274f43ea0013cb\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 455680 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\44de75caba2b9711b3d9030a30767f8b\System.DirectoryServices.Protocols.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 939520 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d3aed340a6562196ca40978556fb29d1\System.Data.Services.Client.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 354816 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3cb9c5203e50cb6af99b163522e9357c\System.Data.Services.Design.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 755200 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\9867484f25281882e61f61066fa651a3\System.Data.Entity.Design.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 135680 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4f4ddae492a4a4ce4a2961f3d72d9399\System.Data.DataSetExtensions.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 970752 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 140800 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\22a1629a4dcdd493bbd8be40cc122e94\System.Configuration.Install.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 632832 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.AddIn\b01721205312c6c18df033cc47b60e5c\System.AddIn.ni.dll
+ 2011-12-24 08:01 . 2011-12-24 08:01 365056 c:\windows2\assembly\NativeImages_v2.0.50727_32\SMSvcHost\b9c1a29e684bc02e49226ff1e9eec253\SMSvcHost.ni.exe
+ 2011-12-24 08:01 . 2011-12-24 08:01 255488 c:\windows2\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\2e19ccefc30d7b827bab3f7d8dcc0ab9\SMDiagnostics.ni.dll
+ 2011-12-24 08:01 . 2011-12-24 08:01 319488 c:\windows2\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\6781b87c8d3b55e6120b1e86bea6e040\ServiceModelReg.ni.exe
+ 2011-12-24 07:59 . 2011-12-24 07:59 224768 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ef1a93d10c3a91b728745dbfcc79c2c7\PresentationFramework.Classic.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 539648 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b4dc4bd8534d90fbb7430926ad990cd9\PresentationFramework.Luna.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 368128 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9e71fd0d299c5668c96a54e4a63479fa\PresentationFramework.Aero.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 258048 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\79c2fd29b1e46c943960278051b4e1b9\PresentationFramework.Royale.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 133632 c:\windows2\assembly\NativeImages_v2.0.50727_32\MSBuild\87c84ffaaad81d8d106a9aa9d68b5926\MSBuild.ni.exe
+ 2011-12-24 08:01 . 2011-12-24 08:01 386560 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\539e297cc9bc67fbf2fbdc9dc5fcd0f1\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 144384 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\43dceeb2d0601d79af40752fb20283c2\Microsoft.Build.Utilities.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 175104 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\28eede53267524df58362a75a668cf86\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 838656 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\daf5ff5e06c80eefa80c6fcc79aec963\Microsoft.Build.Engine.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 222720 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c5c4db4f9bc7a454e9cfc2548a9d45a5\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 220672 c:\windows2\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e148983beeb0f30918b0564849a16456\CustomMarshalers.ni.dll
+ 2011-12-24 08:01 . 2011-12-24 08:01 409600 c:\windows2\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\19b50dd470540911fc5cc65331a769e4\ComSvcConfig.ni.exe
+ 2011-12-24 08:02 . 2011-12-24 08:02 842240 c:\windows2\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c7ffd8c23e8de4018a88185b3b60631e\AspNetMMCExt.ni.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 385024 c:\windows2\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 167936 c:\windows2\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 139264 c:\windows2\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 507904 c:\windows2\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 540672 c:\windows2\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 839680 c:\windows2\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 835584 c:\windows2\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 835584 c:\windows2\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 335872 c:\windows2\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 139264 c:\windows2\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 131072 c:\windows2\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 225280 c:\windows2\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 688128 c:\windows2\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 114688 c:\windows2\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 114688 c:\windows2\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 569344 c:\windows2\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 258048 c:\windows2\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 258048 c:\windows2\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 966656 c:\windows2\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 131072 c:\windows2\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 131072 c:\windows2\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 303104 c:\windows2\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 233472 c:\windows2\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 258048 c:\windows2\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 258048 c:\windows2\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 372736 c:\windows2\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 143360 c:\windows2\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 131072 c:\windows2\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 430080 c:\windows2\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 126976 c:\windows2\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 626688 c:\windows2\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 401408 c:\windows2\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 188416 c:\windows2\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 188416 c:\windows2\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 286720 c:\windows2\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 970752 c:\windows2\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 745472 c:\windows2\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 442368 c:\windows2\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 114688 c:\windows2\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 294912 c:\windows2\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 684032 c:\windows2\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 229376 c:\windows2\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 667648 c:\windows2\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 425984 c:\windows2\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 163840 c:\windows2\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 110592 c:\windows2\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 110592 c:\windows2\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 110592 c:\windows2\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 528384 c:\windows2\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 864256 c:\windows2\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 163840 c:\windows2\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 397312 c:\windows2\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 139264 c:\windows2\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 196608 c:\windows2\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 598016 c:\windows2\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 659456 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 372736 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 372736 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 110592 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 110592 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 397312 c:\windows2\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 749568 c:\windows2\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 655360 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 802816 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 733184 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 348160 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 106496 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 507904 c:\windows2\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 261632 c:\windows2\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 368640 c:\windows2\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 113664 c:\windows2\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 258048 c:\windows2\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 258048 c:\windows2\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 486400 c:\windows2\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 163840 c:\windows2\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 1162744 c:\windows2\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 1156600 c:\windows2\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 1676288 c:\windows2\system32\xpssvcs.dll
+ 2010-09-20 02:24 . 2009-08-06 23:23 1929952 c:\windows2\system32\wuaueng.dll
+ 2010-09-29 01:00 . 2011-08-02 22:38 4517664 c:\windows2\system32\usbaaplrc.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 1676288 c:\windows2\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 1676288 c:\windows2\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2011-12-24 07:54 . 2008-07-06 22:36 2936832 c:\windows2\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2011-12-24 07:54 . 2008-07-06 22:36 2936832 c:\windows2\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 1676288 c:\windows2\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2009-08-19 21:07 . 2009-08-19 21:07 1415000 c:\windows2\system32\msxml6.dll
+ 2011-12-26 22:36 . 2011-08-02 22:38 4517664 c:\windows2\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaaplrc.dll
+ 2011-12-26 22:36 . 2010-04-20 00:29 1461992 c:\windows2\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\wdfcoinstaller01009.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 1676288 c:\windows2\system32\dllcache\xpssvcs.dll
+ 2010-09-20 02:24 . 2009-08-06 23:23 1929952 c:\windows2\system32\dllcache\wuaueng.dll
+ 2009-08-06 23:23 . 2009-08-06 23:23 1929952 c:\windows2\SoftwareDistribution\WebSetup\wuaueng.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 1720824 c:\windows2\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-29 23:47 . 2008-07-29 23:47 1054208 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 1364992 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 1064448 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 1548280 c:\windows2\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-07-30 00:59 . 2008-07-30 00:59 1738760 c:\windows2\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-30 02:10 . 2008-07-30 02:10 2637840 c:\windows2\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-30 02:10 . 2008-07-30 02:10 4883464 c:\windows2\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 5931008 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 1344000 c:\windows2\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 1172472 c:\windows2\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 2048000 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 5025792 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 5238784 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 3149824 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 5062656 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 2933248 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 5815296 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 4546560 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 1163768 c:\windows2\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2011-12-26 22:41 . 2011-12-26 22:41 5651456 c:\windows2\Installer\966a6.msi
+ 2011-12-26 22:36 . 2011-12-26 22:36 1717248 c:\windows2\Installer\95e05.msi
+ 2011-12-26 22:35 . 2011-12-26 22:35 2002432 c:\windows2\Installer\95da8.msi
+ 2012-04-09 01:02 . 2012-04-09 01:03 3651072 c:\windows2\Installer\8ddee.msi
+ 2012-04-09 00:58 . 2012-04-09 00:58 1516544 c:\windows2\Installer\8dde9.msi
+ 2011-07-11 03:11 . 2011-07-11 03:11 2295808 c:\windows2\Installer\67189.msi
+ 2011-12-26 21:24 . 2011-12-26 21:24 1769984 c:\windows2\Installer\526f7.msi
+ 2011-12-26 21:32 . 2011-12-26 21:32 9474048 c:\windows2\Installer\33da8.msi
+ 2011-12-26 21:29 . 2011-12-26 21:29 1530368 c:\windows2\Installer\33ad0.msi
+ 2008-07-30 02:26 . 2008-07-30 02:26 1043456 c:\windows2\Installer\1fa87db.msp
+ 2008-07-30 03:37 . 2008-07-30 03:37 2679808 c:\windows2\Installer\1fa87d9.msp
+ 2008-07-30 04:15 . 2008-07-30 04:15 3697664 c:\windows2\Installer\1fa87d7.msp
+ 2008-07-30 02:34 . 2008-07-30 02:34 1448448 c:\windows2\Installer\1fa87d6.msp
+ 2008-07-30 03:22 . 2008-07-30 03:22 4137984 c:\windows2\Installer\1fa87d5.msp
+ 2008-07-30 02:18 . 2008-07-30 02:18 3376640 c:\windows2\Installer\1fa87d4.msp
+ 2008-07-30 00:45 . 2008-07-30 00:45 2543616 c:\windows2\Installer\1f65b09.msp
+ 2008-07-30 00:29 . 2008-07-30 00:29 2926080 c:\windows2\Installer\1f65b08.msp
+ 2008-07-30 00:41 . 2008-07-30 00:41 6487040 c:\windows2\Installer\1f65b07.msp
+ 2008-07-30 00:39 . 2008-07-30 00:39 3403264 c:\windows2\Installer\1f65b06.msp
+ 2008-07-30 00:43 . 2008-07-30 00:43 1013248 c:\windows2\Installer\1f65b04.msp
+ 2008-07-30 00:31 . 2008-07-30 00:31 6083072 c:\windows2\Installer\1f65b01.msp
+ 2011-06-06 16:55 . 2011-06-06 16:55 2215312 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 1189004 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 16:55 . 2011-06-06 16:55 6543768 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 1240992 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 1480600 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2011-12-24 07:58 . 2011-12-24 07:58 3311104 c:\windows2\assembly\NativeImages_v2.0.50727_32\WindowsBase\df20e56b59b1b1a595af305ddc0777ba\WindowsBase.ni.dll
+ 2011-12-24 08:00 . 2011-12-24 08:00 1049600 c:\windows2\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\8698f073a59ef0db10a3258b1f1deaee\UIAutomationClientsideProviders.ni.dll
+ 2011-12-24 07:58 . 2011-12-24 07:58 7867392 c:\windows2\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
+ 2011-12-24 08:00 . 2011-12-24 08:00 5449728 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 1355264 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\43911ac4e29949c57560eee5cb7b76c2\System.WorkflowServices.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 1904128 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6d0966370023925610756f368140b947\System.Workflow.Runtime.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 4510720 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9de33f5786cd15e220f47b916c5a15e9\System.Workflow.ComponentModel.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 2989568 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\d6cc33db5d526553ffbbfd1d372a8493\System.Workflow.Activities.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 1840128 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1dad08772eb89d48a8a0cfe9b0467eb0\System.Web.Services.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 2209280 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\e5995a34d44ad5af7d9f335075bded4d\System.Web.Mobile.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 2400256 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6a20b64ad8e2aaa2f40d67ff01fcc708\System.Web.Extensions.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 1912832 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Speech\2e7a6c977ac9f8d46ebe2982697a0c8d\System.Speech.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 1705984 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\a3adabee8e63dc76f65710a9c32175fc\System.ServiceModel.Web.ni.dll
+ 2011-12-24 08:01 . 2011-12-24 08:01 2338304 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bb748f8ef8c98eb5c7f79b8faee95397\System.Runtime.Serialization.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 1035264 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Printing\db428f231a2ccaf490ae219efd2edc69\System.Printing.ni.dll
+ 2011-12-24 08:01 . 2011-12-24 08:01 1056768 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\94b2ca600c860c76e387f8bd317bd4c3\System.IdentityModel.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 1587200 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 1116672 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6bcc481030a56c24d5990d199812c594\System.DirectoryServices.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 1800704 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Deployment\df1efcbac5973454c608890f72eb994d\System.Deployment.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 6614016 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 2508800 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0ec1b690c5ee057fa92ecff78de1457c\System.Data.SqlXml.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 1326080 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data.Services\6f298259c87cc6c7318d931f52f053c5\System.Data.Services.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 2510848 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\fa206c73f39721cd2c55829b9853de44\System.Data.Linq.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 9903104 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\8c050147d7031f912f6ca2b15550173f\System.Data.Entity.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 2294784 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Core\6c69930d05c557da70144bcc0add7065\System.Core.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 2125824 c:\windows2\assembly\NativeImages_v2.0.50727_32\ReachFramework\5c59991df60164cae10fd81b88a8e5b1\ReachFramework.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 1656832 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationUI\87fb973e4ab6a21fd00e45656fa7c115\PresentationUI.ni.dll
+ 2011-12-24 07:58 . 2011-12-24 07:58 1451008 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b6bfb51dec7f8cc42c21c5928470c773\PresentationBuildTasks.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 1711104 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\5b3d048d8c003d743ea5e72caf07773a\Microsoft.VisualBasic.ni.dll
+ 2011-12-24 08:01 . 2011-12-24 08:01 1092608 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\21bb6244c91b6207fbcb038884a641ef\Microsoft.Transactions.Bridge.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 2332160 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\7d61e63dea85f4f77ea4c13df7651ec7\Microsoft.JScript.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 1965568 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cd6eeb3d7ea1f65c28a43e665db38644\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 1620480 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\152cf75db013f0523933ac45177b4217\Microsoft.Build.Tasks.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 1886208 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ce984d7bbd9a6d5d3cca28c4e5038020\Microsoft.Build.Engine.ni.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 1245184 c:\windows2\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 3149824 c:\windows2\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 2048000 c:\windows2\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 1630208 c:\windows2\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 1138688 c:\windows2\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 5025792 c:\windows2\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 1277952 c:\windows2\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 5931008 c:\windows2\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 5062656 c:\windows2\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 2879488 c:\windows2\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 5283840 c:\windows2\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 5238784 c:\windows2\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 2933248 c:\windows2\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 4210688 c:\windows2\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 4546560 c:\windows2\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-09-05 22:01 . 2011-09-05 22:01 13135872 c:\windows2\Installer\a6020c.msp
+ 2012-01-03 17:58 . 2012-01-03 17:58 15929344 c:\windows2\Installer\99f99c.msp
+ 2011-09-05 22:01 . 2011-09-05 22:01 13135872 c:\windows2\Installer\786d1.msp
+ 2011-05-11 15:22 . 2011-05-11 15:22 20314624 c:\windows2\Installer\49b2bb.msp
+ 2012-03-01 03:54 . 2012-03-01 03:54 23622656 c:\windows2\Installer\47b2d5.msp
+ 2012-04-04 13:32 . 2012-04-04 13:32 16613376 c:\windows2\Installer\2cde7.msp

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 14th April 2012, 6:25 am

\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 12428800 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 11791360 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 17313792 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\d85d9535e91da842fded56869d57790a\System.ServiceModel.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 10681344 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Design\204db7071fb26343b0fd3f3d140c0bf8\System.Design.ni.dll
+ 2011-12-24 07:58 . 2011-12-24 07:59 14320128 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9519494798a88867406b5755e1dbded6\PresentationFramework.ni.dll
+ 2011-12-24 07:58 . 2011-12-24 07:58 12213248 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationCore\12dcb10b76012416357bdbb010fdaa97\PresentationCore.ni.dll
+ 2011-12-24 07:57 . 2011-12-24 07:57 11485184 c:\windows2\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"NvCplDaemon"="c:\windows2\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NvMediaCenter"="c:\windows2\system32\NvMcTray.dll" [2008-02-22 86016]
"IMJPMIG8.1"="c:\windows2\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows2\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows2\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows2\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"OEM02Mon.exe"="c:\windows2\OEM02Mon.exe" [2007-05-10 36864]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-04-09 2029456]
"QkqnRvQCEE.exe"="c:\documents and settings\All Users.WINDOWS2\Application Data\QkqnRvQCEE.exe" [2012-04-14 323072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"eccccfaddeafacdfdct"="c:\documents and settings\All Users.WINDOWS2\Application Data\eccccfaddeafacdfdct.exe" [2012-04-14 86016]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktop"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows2\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 DLADHK_M;DLADHK_M;c:\windows2\system32\Drivers\DLADHK_M.SYS [2006-08-18 33592]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows2\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 253600]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows2\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows2\system32\DRIVERS\cmderd.sys [2010-04-09 15464]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows2\system32\DRIVERS\cmdguard.sys [2010-04-09 225344]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows2\system32\DRIVERS\cmdhlp.sys [2010-04-09 25240]
S1 DLADiagM;DLADiagM;c:\windows2\system32\Drivers\DLADiagM.SYS [2006-08-11 13688]
S1 DLAPMonM;DLAPMonM;c:\windows2\system32\Drivers\DLAPMonM.SYS [2006-08-11 30744]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
S2 SBKUPNT;SBKUPNT;c:\windows2\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows2\Tasks\Adobe Flash Player Updater.job
- c:\windows2\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:04]
.
2011-12-26 c:\windows2\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2012-04-14 c:\windows2\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 00:11]
.
2012-04-14 c:\windows2\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 00:11]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
Supplementary scan did not complete!
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-dplaysvr - c:\documents and settings\Antonio.ANTONIO-LAPTOP\Application Data\dplaysvr.exe
HKU-Default-Run-Svc2dll - c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\svcxdcl32.exe
HKU-Default-Run-dplaysvr - c:\documents and settings\Antonio.ANTONIO-LAPTOP\Application Data\dplaysvr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-04-14 01:38
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows2\$NtUninstallKB44553$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [You must be registered and logged in to see this link.]
Windows 5.1.2600 Disk: Hitachi_HTS542512K9SA00 rev.BB2OC39P -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x83D2B2C6
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(912)
c:\windows2\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(972)
c:\windows2\system32\guard32.dll
.
Completion time: 2012-04-14 02:00:02
ComboFix-quarantined-files.txt 2012-04-14 05:59
ComboFix2.txt 2011-04-22 22:36
ComboFix3.txt 2011-04-22 03:28
.
Pre-Run: 14,167,347,200 bytes free
Post-Run: 15,555,403,776 bytes free
.
- - End Of File - - 0BCB3AE258D306C82FF0E35D2E74A899

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 14th April 2012, 3:56 pm

Just to give you updated, the laptop seems better, but this morning Comodo detected a file called QkqnRvQCEE.exe in C:\Documents and Settings\All Users.WINDOWS2\Application Data. I was able to block it and manually delete it in the folder.

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by Superdave on 14th April 2012, 5:43 pm

Re-running ComboFix to remove infections:


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::

    File::
    c:\documents and settings\All Users.WINDOWS2\Application Data\QkqnRvQCEE.exe
    c:\documents and settings\All Users.WINDOWS2\Application Data\eccccfaddeafacdfdct.exe

  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the top portion of the log that should show these two files removed.

***********************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 14th April 2012, 9:54 pm

ComboFix 12-04-13.01 - Antonio 04/14/2012 14:57:59.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.620 [GMT -4:00]
Running from: c:\documents and settings\Antonio.ANTONIO-LAPTOP\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Antonio.ANTONIO-LAPTOP\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
.
FILE ::
"c:\documents and settings\All Users.WINDOWS2\Application Data\eccccfaddeafacdfdct.exe"
"c:\documents and settings\All Users.WINDOWS2\Application Data\QkqnRvQCEE.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS2\Application Data\eccccfaddeafacdfdct.exe
c:\windows2\$NtUninstallKB44553$
c:\windows2\$NtUninstallKB44553$\3415827856\@
c:\windows2\$NtUninstallKB44553$\3415827856\cfg.ini
c:\windows2\$NtUninstallKB44553$\3415827856\Desktop.ini
c:\windows2\$NtUninstallKB44553$\3415827856\L\fayqarak
c:\windows2\$NtUninstallKB44553$\3415827856\U\00000001.@
c:\windows2\$NtUninstallKB44553$\3415827856\U\00000002.@
c:\windows2\$NtUninstallKB44553$\3415827856\U\00000004.@
c:\windows2\$NtUninstallKB44553$\3415827856\U\80000000.@
c:\windows2\$NtUninstallKB44553$\3415827856\U\80000004.@
c:\windows2\$NtUninstallKB44553$\3415827856\U\80000032.@
c:\windows2\$NtUninstallKB44553$\927523430
c:\windows2\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-14 15:41 . 2012-04-14 15:41 -------- d-----w- c:\windows2\system32\KB905474
2012-04-13 22:43 . 2012-04-13 22:43 -------- d-sh--w- c:\windows2\system32\config\systemprofile\PrivacIE
2012-04-13 22:41 . 2012-04-13 22:41 -------- d-sh--w- c:\windows2\system32\config\systemprofile\IETldCache
2012-04-13 00:19 . 2012-04-13 00:19 -------- d-----w- c:\documents and settings\Antonio.ANTONIO-LAPTOP\Application Data\SUPERAntiSpyware.com
2012-04-13 00:16 . 2012-04-13 00:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-13 00:16 . 2012-04-13 00:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\SUPERAntiSpyware.com
2012-04-12 04:47 . 2012-04-12 05:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-09 01:34 . 2012-04-09 01:34 -------- d-----w- C:\VritualRoot
2012-04-09 01:34 . 2012-04-09 01:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\COMODO
2012-04-09 01:34 . 2012-04-14 17:49 1474832 ----a-w- c:\windows2\system32\drivers\sfi.dat
2012-04-09 00:57 . 2012-04-09 00:59 -------- d-----w- c:\program files\COMODO
2012-04-09 00:53 . 2012-04-09 00:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\Comodo Downloader
2012-04-08 17:57 . 2012-04-08 17:57 -------- d-----w- c:\program files\CCleaner
2012-04-08 16:24 . 2009-08-06 23:24 44768 ----a-w- c:\windows2\system32\wups2.dll
2012-04-08 16:24 . 2009-08-06 23:24 21728 ----a-w- c:\windows2\system32\wucltui.dll.mui
2012-04-08 16:23 . 2009-08-06 23:24 17632 ----a-w- c:\windows2\system32\wuaueng.dll.mui
2012-04-08 16:23 . 2009-08-06 23:24 15072 ----a-w- c:\windows2\system32\wuaucpl.cpl.mui
2012-04-08 16:23 . 2009-08-06 23:24 15064 ----a-w- c:\windows2\system32\wuapi.dll.mui
2012-04-08 16:12 . 2012-04-08 16:14 -------- d-----w- c:\windows2\system32\NtmsData
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-04-03 03:51 . 2012-04-03 03:51 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2012-04-02 02:04 . 2012-04-02 02:04 418464 ----a-w- c:\windows2\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-12-10 22:23 22344 ----a-w- c:\windows2\system32\drivers\mbam.sys
2012-04-02 02:04 . 2011-06-03 16:01 70304 ----a-w- c:\windows2\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-14_05.40.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-14 19:35 . 2012-04-14 19:35 16384 c:\windows2\temp\Perflib_Perfdata_7d4.dat
+ 2001-08-23 12:00 . 2012-04-14 18:58 69412 c:\windows2\system32\perfc009.dat
- 2001-08-23 12:00 . 2012-04-14 05:40 69412 c:\windows2\system32\perfc009.dat
+ 2001-08-23 12:00 . 2012-04-14 18:58 437144 c:\windows2\system32\perfh009.dat
- 2001-08-23 12:00 . 2012-04-14 05:40 437144 c:\windows2\system32\perfh009.dat
+ 2012-04-14 15:41 . 2009-03-11 02:18 453512 c:\windows2\system32\KB905474\wgasetup.exe
+ 2012-04-14 15:41 . 2009-03-11 02:26 1403264 c:\windows2\system32\KB905474\wganotifypackageinner.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"NvCplDaemon"="c:\windows2\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NvMediaCenter"="c:\windows2\system32\NvMcTray.dll" [2008-02-22 86016]
"IMJPMIG8.1"="c:\windows2\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows2\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows2\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows2\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"OEM02Mon.exe"="c:\windows2\OEM02Mon.exe" [2007-05-10 36864]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-04-09 2029456]
"dplaysvr"="c:\documents and settings\Antonio.ANTONIO-LAPTOP\Application Data\dplaysvr.exe" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Svc2dll"="c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\svcxdcl32.exe" [BU]
"dplaysvr"="c:\documents and settings\Antonio.ANTONIO-LAPTOP\Application Data\dplaysvr.exe" [BU]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows2\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows2\system32\drivers\cmderd.sys [4/9/2010 1:25 AM 15464]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows2\system32\drivers\cmdGuard.sys [4/9/2010 1:25 AM 225344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows2\system32\drivers\cmdhlp.sys [4/9/2010 1:25 AM 25240]
R1 DLADiagM;DLADiagM;c:\windows2\system32\drivers\DLADiagM.SYS [10/3/2010 12:07 AM 13688]
R1 DLAPMonM;DLAPMonM;c:\windows2\system32\drivers\DLAPMonM.SYS [10/3/2010 12:07 AM 30744]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2/19/2010 5:00 PM 148744]
R2 SBKUPNT;SBKUPNT;c:\windows2\system32\drivers\SBKUPNT.SYS [10/17/2010 1:05 AM 14976]
S1 DLADHK_M;DLADHK_M;c:\windows2\system32\drivers\DLADHK_M.SYS [10/3/2010 12:07 AM 33592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 8:11 PM 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows2\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/1/2012 10:04 PM 253600]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 8:11 PM 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows2\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows2\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows2\Tasks\Adobe Flash Player Updater.job
- c:\windows2\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:04]
.
2011-12-26 c:\windows2\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2012-04-14 c:\windows2\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 00:11]
.
2012-04-14 c:\windows2\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 00:11]
.
2012-04-14 c:\windows2\Tasks\WGASetup.job
- c:\windows2\system32\KB905474\wgasetup.exe [2012-04-14 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-QkqnRvQCEE.exe - c:\documents and settings\All Users.WINDOWS2\Application Data\QkqnRvQCEE.exe
HKU-Default-Run-eccccfaddeafacdfdct - c:\documents and settings\All Users.WINDOWS2\Application Data\eccccfaddeafacdfdct.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-04-14 15:35
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [You must be registered and logged in to see this link.]
Windows 5.1.2600 Disk: Hitachi_HTS542512K9SA00 rev.BB2OC39P -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x839602C6
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(916)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(1348)
c:\windows2\system32\ieframe.dll
c:\windows2\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows2\system32\rundll32.exe
c:\windows2\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows2\system32\nvsvc32.exe
c:\windows2\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\COMODO\COMODO Internet Security\cfpupdat.exe
.
**************************************************************************
.
Completion time: 2012-04-14 15:44:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-14 19:44
ComboFix2.txt 2012-04-14 06:00
ComboFix3.txt 2011-04-22 22:36
ComboFix4.txt 2011-04-22 03:28
.
Pre-Run: 15,215,386,624 bytes free
Post-Run: 15,465,017,344 bytes free
.
- - End Of File - - 207EB39F375BB86D3871737C13935575

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 14th April 2012, 9:56 pm

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: Combo-Fix.sys
Service Name: ---
Module Base: F76F4000
Module End: F7703000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: F4839000
Module End: F4851000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7BC4000
Module End: F7BC6000
Hidden: Yes

Module Name: \??\C:\ComboFix\catchme.sys
Service Name: catchme
Module Base: F3ACE000
Module End: F3AD6000
Hidden: Yes

Module Name: \??\C:\WINDOWS2\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: F7C1E000
Module End: F7C20000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAdjustPrivilegesToken
Address: F4B38226
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwConnectPort
Address: F4B377CA
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateFile
Address: F4B37E8C
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateKey
Address: F4B38A7A
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreatePort
Address: F4B376A6
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateSection
Address: F4B3A7BA
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateSymbolicLinkObject
Address: F4B3AB50
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateThread
Address: F4B371EA
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDeleteKey
Address: F4B38412
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDeleteValueKey
Address: F4B38606
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDuplicateObject
Address: F4B3701C
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwEnumerateKey
Address: F4B3912C
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwEnumerateValueKey
Address: F4B3936A
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwLoadDriver
Address: F4B3A3F6
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwMakeTemporaryObject
Address: F4B37A66
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenFile
Address: F4B38068
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenKey
Address: F4B38A6A
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenProcess
Address: F4B36D00
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenSection
Address: F4B37D16
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenThread
Address: F4B36E98
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwQueryKey
Address: F4B39552
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwQueryMultipleValueKey
Address: F4B39916
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwQueryValueKey
Address: F4B3972E
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwRenameKey
Address: F4B38F44
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwRequestWaitReplyPort
Address: F4B39E8A
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSecureConnectPort
Address: F4B3A13E
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetSecurityObject
Address: F4B38842
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetSystemInformation
Address: F4B3A5C2
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetValueKey
Address: F4B38CCC
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwShutdownSystem
Address: F4B37A00
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSystemDebugControl
Address: F4B37C02
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwTerminateProcess
Address: F4B37544
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwTerminateThread
Address: F4B373EA
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\5AB073CC.TMP
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\6F0385AD.TMP
Status: Access denied

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied


furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by Superdave on 14th April 2012, 11:04 pm

Your computer should be running much better now.
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 15th April 2012, 4:12 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a15170fa456ed14893db49d48eb960ce
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-15 02:15:53
# local_time=2012-04-14 10:15:53 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 135391623 135391623 0 0
# compatibility_mode=3073 16777189 80 92 0 62734511 0 0
# compatibility_mode=8192 67108863 100 0 30770363 30770363 0 0
# scanned=147239
# found=0
# cleaned=0
# scan_time=9283

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 15th April 2012, 4:33 pm

Thank you for all the help. My laptop seems to be running smoothly so far, but I ran a full scan with COMODO for good measure and found the following:

1. UnclassifiedMalware@279312073-C:\TDSSKiller_Quarantine\12.04.2012_00.41.40\mbr0000\tdlfs0000\tsk0001.dta

2. UnclassifiedMalware@279451121-C:\TDSSKiller_Quarantine\12.04.2012_00.41.40\mbr0000\tdlfs0000\tsk0002.dta

3. TrojWare.Win32.Trojan.Agent.Gen@282108980- C:\System Volume Information\_restore{0BC7B696-48BC-4B67-B004-BEAA157F7FC8}\RP449\A0056099.exe

4. Heur.Suspicious@282101403- C:\System Volume Information\_restore{0BC7B696-48BC-4B67-B004-BEAA157F7FC8}\RP449\A0057220.exe

5. Heur.Suspicious@282101403- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS2\Application Data\eccccfaddeafacdfdct.exe.vir

All seemed to have been removed by COMODO. Please advice if there are any other procedures I should run. Thank you.

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by Superdave on 15th April 2012, 5:35 pm

Some of those are in quarantine and we'll set a new Restore Point.

To uninstall ComboFix


  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall




(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

*************************************************
Please check your Restore Points to see that a new one has been set after doing the above.

Clean out your temporary internet files and temp files.

Download [You must be registered and logged in to see this link.] to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
****************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) [You must be registered and logged in to see this link.] (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) [You must be registered and logged in to see this link.]
3) [You must be registered and logged in to see this link.]
4) [You must be registered and logged in to see this link.]

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
***************************************************
Use the [You must be registered and logged in to see this link.] to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to [You must be registered and logged in to see this link.] and get all critical updates.

----------

I suggest using [You must be registered and logged in to see this link.]. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

[You must be registered and logged in to see this link.]- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* [You must be registered and logged in to see this link.] from Spyware and Malware
* If you don't know what ActiveX controls are, see [You must be registered and logged in to see this link.]

Protect yourself against spyware using the Immunize feature in [You must be registered and logged in to see this link.] Guide: [You must be registered and logged in to see this link.] to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. [You must be registered and logged in to see this link.]

Check out [You must be registered and logged in to see this link.] for tips and free tools to help keep you safe in the future.

Also see [You must be registered and logged in to see this link.] for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 15th April 2012, 10:24 pm

When i tried to unistall combofix, COMODO warned me about something trying to get in my computer. Naturally I blocked it, but now going into GeekPolice with my laptop redirects to another website. Definitely infected again.

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by Superdave on 15th April 2012, 10:50 pm

Ok. Let's start with running TDSSKiller again. Update and run SAS and MBAM again and post the logs.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 16th April 2012, 4:10 am

20:17:55.0609 2944 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
20:17:56.0328 2944 ============================================================
20:17:56.0328 2944 Current date / time: 2012/04/15 20:17:56.0328
20:17:56.0328 2944 SystemInfo:
20:17:56.0328 2944
20:17:56.0328 2944 OS Version: 5.1.2600 ServicePack: 2.0
20:17:56.0328 2944 Product type: Workstation
20:17:56.0328 2944 ComputerName: ANTONIO-LAPTOP
20:17:56.0328 2944 UserName: Antonio
20:17:56.0328 2944 Windows directory: C:\WINDOWS2
20:17:56.0328 2944 System windows directory: C:\WINDOWS2
20:17:56.0328 2944 Processor architecture: Intel x86
20:17:56.0328 2944 Number of processors: 2
20:17:56.0328 2944 Page size: 0x1000
20:17:56.0328 2944 Boot type: Normal boot
20:17:56.0328 2944 ============================================================
20:17:59.0359 2944 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:17:59.0359 2944 \Device\Harddisk0\DR0:
20:17:59.0359 2944 MBR used
20:17:59.0359 2944 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0xD3EEAC9
20:17:59.0890 2944 Initialize success
20:17:59.0890 2944 ============================================================
20:18:36.0984 2488 ============================================================
20:18:36.0984 2488 Scan started
20:18:36.0984 2488 Mode: Manual;
20:18:36.0984 2488 ============================================================
20:18:40.0046 2488 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:18:40.0046 2488 !SASCORE - ok
20:18:40.0359 2488 Abiosdsk - ok
20:18:41.0562 2488 abp480n5 - ok
20:18:42.0140 2488 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS2\system32\DRIVERS\ACPI.sys
20:18:42.0171 2488 ACPI - ok
20:18:42.0953 2488 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS2\system32\drivers\ACPIEC.sys
20:18:43.0000 2488 ACPIEC - ok
20:18:43.0484 2488 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS2\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:18:43.0515 2488 AdobeFlashPlayerUpdateSvc - ok
20:18:44.0171 2488 adpu160m - ok
20:18:44.0406 2488 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS2\system32\drivers\aec.sys
20:18:44.0421 2488 aec - ok
20:18:45.0250 2488 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS2\System32\drivers\afd.sys
20:18:45.0265 2488 AFD - ok
20:18:45.0562 2488 Aha154x - ok
20:18:45.0640 2488 aic78u2 - ok
20:18:45.0656 2488 aic78xx - ok
20:18:45.0859 2488 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS2\system32\alrsvc.dll
20:18:45.0906 2488 Alerter - ok
20:18:46.0328 2488 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS2\System32\alg.exe
20:18:46.0359 2488 ALG - ok
20:18:46.0468 2488 AliIde - ok
20:18:46.0718 2488 amsint - ok
20:18:46.0921 2488 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS2\SYSTEM32\DRIVERS\APPDRV.SYS
20:18:46.0921 2488 APPDRV - ok
20:18:47.0265 2488 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:18:47.0265 2488 Apple Mobile Device - ok
20:18:47.0625 2488 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS2\System32\appmgmts.dll
20:18:47.0687 2488 AppMgmt - ok
20:18:48.0093 2488 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS2\system32\DRIVERS\arp1394.sys
20:18:48.0093 2488 Arp1394 - ok
20:18:48.0250 2488 asc - ok
20:18:48.0437 2488 asc3350p - ok
20:18:48.0484 2488 asc3550 - ok
20:18:49.0796 2488 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS2\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:18:49.0968 2488 aspnet_state - ok
20:18:50.0359 2488 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS2\system32\DRIVERS\asyncmac.sys
20:18:50.0375 2488 AsyncMac - ok
20:18:51.0390 2488 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS2\system32\DRIVERS\atapi.sys
20:18:51.0390 2488 atapi - ok
20:18:51.0703 2488 Atdisk - ok
20:18:51.0812 2488 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS2\system32\DRIVERS\atmarpc.sys
20:18:51.0843 2488 Atmarpc - ok
20:18:52.0093 2488 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS2\System32\audiosrv.dll
20:18:52.0109 2488 AudioSrv - ok
20:18:52.0734 2488 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS2\system32\DRIVERS\audstub.sys
20:18:52.0765 2488 audstub - ok
20:18:53.0281 2488 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS2\system32\DRIVERS\bcm4sbxp.sys
20:18:53.0281 2488 bcm4sbxp - ok
20:18:53.0796 2488 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS2\system32\drivers\Beep.sys
20:18:53.0812 2488 Beep - ok
20:18:54.0828 2488 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS2\system32\qmgr.dll
20:18:55.0093 2488 BITS - ok
20:18:55.0390 2488 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:18:55.0390 2488 Bonjour Service - ok
20:18:56.0093 2488 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS2\System32\browser.dll
20:18:56.0125 2488 Browser - ok
20:18:57.0015 2488 catchme - ok
20:18:57.0484 2488 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS2\system32\drivers\cbidf2k.sys
20:18:57.0515 2488 cbidf2k - ok
20:18:57.0812 2488 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS2\system32\DRIVERS\CCDECODE.sys
20:18:57.0859 2488 CCDECODE - ok
20:18:57.0937 2488 cd20xrnt - ok
20:18:58.0046 2488 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS2\system32\drivers\Cdaudio.sys
20:18:58.0062 2488 Cdaudio - ok
20:18:58.0984 2488 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS2\system32\drivers\Cdfs.sys
20:18:58.0984 2488 Cdfs - ok
20:18:59.0250 2488 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS2\system32\DRIVERS\cdrom.sys
20:18:59.0265 2488 Cdrom - ok
20:18:59.0421 2488 Changer - ok
20:18:59.0703 2488 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS2\system32\cisvc.exe
20:18:59.0750 2488 CiSvc - ok
20:18:59.0765 2488 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS2\system32\clipsrv.exe
20:18:59.0781 2488 ClipSrv - ok
20:18:59.0890 2488 CLPSLS (56139566e462c1fb1775e140d4ee6b22) C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
20:18:59.0890 2488 CLPSLS - ok
20:19:00.0078 2488 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS2\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:19:00.0125 2488 clr_optimization_v2.0.50727_32 - ok
20:19:00.0234 2488 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS2\system32\DRIVERS\CmBatt.sys
20:19:00.0234 2488 CmBatt - ok
20:19:01.0000 2488 cmdAgent (8e0528204ca034cbc3af65cf1831a4f4) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
20:19:01.0687 2488 cmdAgent - ok
20:19:03.0046 2488 cmderd (ae1c31d030a21f0afabe2df269d1181f) C:\WINDOWS2\system32\DRIVERS\cmderd.sys
20:19:03.0062 2488 cmderd - ok
20:19:04.0078 2488 cmdGuard (ee8d7168cbbe3af052ea93015f51abe9) C:\WINDOWS2\system32\DRIVERS\cmdguard.sys
20:19:04.0156 2488 cmdGuard - ok
20:19:05.0984 2488 cmdHlp (45a1f7d2890681f22406458d93d03cc1) C:\WINDOWS2\system32\DRIVERS\cmdhlp.sys
20:19:05.0984 2488 cmdHlp - ok
20:19:06.0328 2488 CmdIde - ok
20:19:06.0406 2488 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS2\system32\DRIVERS\compbatt.sys
20:19:06.0406 2488 Compbatt - ok
20:19:06.0531 2488 COMSysApp - ok
20:19:06.0578 2488 Cpqarray - ok
20:19:06.0750 2488 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS2\System32\cryptsvc.dll
20:19:06.0765 2488 CryptSvc - ok
20:19:07.0062 2488 dac2w2k - ok
20:19:07.0093 2488 dac960nt - ok
20:19:07.0296 2488 DcomLaunch (5c83a4408604f737717ab96371201680) C:\WINDOWS2\system32\rpcss.dll
20:19:07.0375 2488 DcomLaunch - ok
20:19:07.0421 2488 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS2\System32\dhcpcsvc.dll
20:19:07.0468 2488 Dhcp - ok
20:19:08.0281 2488 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS2\system32\DRIVERS\disk.sys
20:19:08.0296 2488 Disk - ok
20:19:08.0390 2488 DLADHK_M (6b2c6d29bb1954f1a328faedfbec31d9) C:\WINDOWS2\system32\Drivers\DLADHK_M.SYS
20:19:08.0406 2488 DLADHK_M - ok
20:19:08.0703 2488 DLADiagM (2c31280ba21446e89ba2265fafba45b9) C:\WINDOWS2\system32\Drivers\DLADiagM.SYS
20:19:08.0718 2488 DLADiagM - ok
20:19:09.0203 2488 DLAPMonM (8ea0b56da6197d557aed3f2a843738aa) C:\WINDOWS2\system32\Drivers\DLAPMonM.SYS
20:19:09.0218 2488 DLAPMonM - ok
20:19:11.0312 2488 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS2\system32\Drivers\DLARTL_M.SYS
20:19:11.0343 2488 DLARTL_M - ok
20:19:11.0968 2488 dmadmin - ok
20:19:12.0250 2488 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS2\system32\drivers\dmboot.sys
20:19:12.0281 2488 dmboot - ok
20:19:12.0781 2488 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS2\system32\drivers\dmio.sys
20:19:12.0796 2488 dmio - ok
20:19:12.0984 2488 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS2\system32\drivers\dmload.sys
20:19:12.0984 2488 dmload - ok
20:19:13.0375 2488 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS2\System32\dmserver.dll
20:19:13.0406 2488 dmserver - ok
20:19:14.0078 2488 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS2\system32\drivers\DMusic.sys
20:19:14.0078 2488 DMusic - ok
20:19:14.0390 2488 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS2\System32\dnsrslvr.dll
20:19:14.0406 2488 Dnscache - ok
20:19:15.0390 2488 dpti2o - ok
20:19:16.0140 2488 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS2\system32\drivers\drmkaud.sys
20:19:16.0156 2488 drmkaud - ok
20:19:17.0078 2488 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS2\System32\ersvc.dll
20:19:17.0078 2488 ERSvc - ok
20:19:17.0796 2488 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS2\system32\services.exe
20:19:17.0796 2488 Eventlog - ok
20:19:18.0578 2488 EventSystem (acd36a2dd7d1e9d8a060aa651dc07e63) C:\WINDOWS2\system32\es.dll
20:19:18.0687 2488 EventSystem - ok
20:19:19.0265 2488 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS2\system32\drivers\Fastfat.sys
20:19:19.0328 2488 Fastfat - ok
20:19:20.0218 2488 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS2\System32\shsvcs.dll
20:19:20.0265 2488 FastUserSwitchingCompatibility - ok
20:19:20.0734 2488 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS2\system32\drivers\Fdc.sys
20:19:20.0734 2488 Fdc - ok
20:19:20.0843 2488 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS2\system32\drivers\Fips.sys
20:19:20.0843 2488 Fips - ok
20:19:20.0921 2488 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS2\system32\drivers\Flpydisk.sys
20:19:20.0921 2488 Flpydisk - ok
20:19:24.0937 2488 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS2\system32\DRIVERS\fltMgr.sys
20:19:25.0281 2488 FltMgr - ok
20:19:26.0796 2488 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS2\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:19:26.0890 2488 FontCache3.0.0.0 - ok
20:19:27.0046 2488 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS2\system32\drivers\Fs_Rec.sys
20:19:27.0046 2488 Fs_Rec - ok
20:19:27.0234 2488 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS2\system32\DRIVERS\ftdisk.sys
20:19:27.0328 2488 Ftdisk - ok
20:19:28.0343 2488 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS2\system32\DRIVERS\GEARAspiWDM.sys
20:19:28.0359 2488 GEARAspiWDM - ok
20:19:28.0921 2488 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS2\system32\DRIVERS\msgpc.sys
20:19:28.0921 2488 Gpc - ok
20:19:29.0437 2488 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
20:19:29.0468 2488 gupdate - ok
20:19:29.0484 2488 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
20:19:29.0484 2488 gupdatem - ok
20:19:29.0984 2488 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS2\system32\DRIVERS\HDAudBus.sys
20:19:29.0984 2488 HDAudBus - ok
20:19:30.0125 2488 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS2\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:19:30.0125 2488 helpsvc - ok
20:19:30.0281 2488 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS2\System32\hidserv.dll
20:19:30.0343 2488 HidServ - ok
20:19:31.0312 2488 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS2\system32\DRIVERS\hidusb.sys
20:19:31.0312 2488 HidUsb - ok
20:19:31.0421 2488 hpn - ok
20:19:32.0000 2488 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS2\system32\DRIVERS\HSFHWAZL.sys
20:19:32.0015 2488 HSFHWAZL - ok
20:19:32.0171 2488 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS2\system32\DRIVERS\HSF_DPV.sys
20:19:32.0187 2488 HSF_DPV - ok
20:19:32.0984 2488 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS2\system32\Drivers\HTTP.sys
20:19:32.0984 2488 HTTP - ok
20:19:33.0375 2488 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS2\System32\w3ssl.dll
20:19:33.0421 2488 HTTPFilter - ok
20:19:34.0453 2488 i2omgmt - ok
20:19:34.0953 2488 i2omp - ok
20:19:35.0734 2488 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS2\system32\DRIVERS\i8042prt.sys
20:19:35.0734 2488 i8042prt - ok
20:19:37.0281 2488 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:19:37.0781 2488 idsvc - ok
20:19:38.0203 2488 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS2\system32\DRIVERS\imapi.sys
20:19:38.0234 2488 Imapi - ok
20:19:38.0375 2488 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS2\system32\imapi.exe
20:19:38.0390 2488 ImapiService - ok
20:19:38.0828 2488 ini910u - ok
20:19:41.0437 2488 IntelIde - ok
20:19:42.0359 2488 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS2\system32\DRIVERS\intelppm.sys
20:19:42.0359 2488 intelppm - ok
20:19:43.0484 2488 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS2\system32\DRIVERS\Ip6Fw.sys
20:19:43.0625 2488 Ip6Fw - ok
20:19:43.0968 2488 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS2\system32\DRIVERS\ipinip.sys
20:19:43.0968 2488 IpInIp - ok
20:19:44.0046 2488 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS2\system32\DRIVERS\ipnat.sys
20:19:44.0062 2488 IpNat - ok
20:19:44.0406 2488 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
20:19:44.0640 2488 iPod Service - ok
20:19:45.0046 2488 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS2\system32\DRIVERS\ipsec.sys
20:19:45.0062 2488 IPSec - ok
20:19:45.0171 2488 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS2\system32\DRIVERS\irenum.sys
20:19:45.0171 2488 IRENUM - ok
20:19:46.0937 2488 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS2\system32\DRIVERS\isapnp.sys
20:19:46.0984 2488 isapnp - ok
20:19:48.0265 2488 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
20:19:48.0281 2488 JavaQuickStarterService - ok
20:19:49.0000 2488 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS2\system32\DRIVERS\kbdclass.sys
20:19:49.0078 2488 Kbdclass - ok
20:19:50.0062 2488 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS2\system32\drivers\kmixer.sys
20:19:50.0156 2488 kmixer - ok
20:19:51.0218 2488 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS2\system32\drivers\KSecDD.sys
20:19:51.0250 2488 KSecDD - ok
20:19:51.0500 2488 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS2\System32\srvsvc.dll
20:19:51.0515 2488 lanmanserver - ok
20:19:51.0875 2488 lanmanworkstation (2c0a7b2ae9c26f2c163627679b42783c) C:\WINDOWS2\System32\wkssvc.dll
20:19:51.0890 2488 lanmanworkstation - ok
20:19:52.0156 2488 lbrtfdc - ok
20:19:52.0250 2488 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS2\System32\lmhsvc.dll
20:19:52.0250 2488 LmHosts - ok
20:19:52.0687 2488 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:19:52.0750 2488 MDM - ok
20:19:53.0328 2488 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS2\system32\DRIVERS\mdmxsdk.sys
20:19:53.0359 2488 mdmxsdk - ok
20:19:54.0265 2488 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS2\System32\msgsvc.dll
20:19:54.0296 2488 Messenger - ok
20:19:54.0781 2488 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS2\system32\drivers\mnmdd.sys
20:19:54.0796 2488 mnmdd - ok
20:19:55.0234 2488 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS2\system32\mnmsrvc.exe
20:19:55.0234 2488 mnmsrvc - ok
20:19:55.0390 2488 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS2\system32\drivers\Modem.sys
20:19:55.0421 2488 Modem - ok
20:19:56.0281 2488 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS2\system32\DRIVERS\mouclass.sys
20:19:56.0281 2488 Mouclass - ok
20:19:56.0453 2488 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS2\system32\DRIVERS\mouhid.sys
20:19:56.0468 2488 mouhid - ok
20:19:57.0187 2488 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS2\system32\drivers\MountMgr.sys
20:19:57.0234 2488 MountMgr - ok
20:19:57.0343 2488 mraid35x - ok
20:19:57.0593 2488 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS2\system32\DRIVERS\mrxdav.sys
20:19:57.0687 2488 MRxDAV - ok
20:19:57.0890 2488 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS2\system32\DRIVERS\mrxsmb.sys
20:19:57.0953 2488 MRxSmb - ok
20:19:59.0015 2488 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS2\system32\msdtc.exe
20:19:59.0046 2488 MSDTC - ok
20:20:00.0187 2488 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS2\system32\drivers\Msfs.sys
20:20:00.0203 2488 Msfs - ok
20:20:00.0218 2488 MSIServer - ok
20:20:00.0468 2488 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS2\system32\drivers\MSKSSRV.sys
20:20:00.0500 2488 MSKSSRV - ok
20:20:03.0265 2488 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS2\system32\drivers\MSPCLOCK.sys
20:20:03.0265 2488 MSPCLOCK - ok
20:20:03.0703 2488 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS2\system32\drivers\MSPQM.sys
20:20:03.0703 2488 MSPQM - ok
20:20:03.0843 2488 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS2\system32\DRIVERS\mssmbios.sys
20:20:03.0875 2488 mssmbios - ok
20:20:05.0375 2488 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS2\system32\drivers\MSTEE.sys
20:20:05.0375 2488 MSTEE - ok
20:20:06.0593 2488 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS2\system32\drivers\Mup.sys
20:20:06.0656 2488 Mup - ok
20:20:07.0015 2488 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS2\system32\DRIVERS\NABTSFEC.sys
20:20:07.0015 2488 NABTSFEC - ok
20:20:07.0203 2488 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS2\system32\drivers\NDIS.sys
20:20:07.0468 2488 NDIS - ok
20:20:08.0015 2488 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS2\system32\DRIVERS\NdisIP.sys
20:20:08.0015 2488 NdisIP - ok
20:20:08.0234 2488 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS2\system32\DRIVERS\ndistapi.sys
20:20:08.0265 2488 NdisTapi - ok
20:20:08.0843 2488 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS2\system32\DRIVERS\ndisuio.sys
20:20:08.0859 2488 Ndisuio - ok
20:20:09.0968 2488 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS2\system32\DRIVERS\ndiswan.sys
20:20:10.0140 2488 NdisWan - ok
20:20:10.0500 2488 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS2\system32\drivers\NDProxy.sys
20:20:10.0515 2488 NDProxy - ok
20:20:10.0843 2488 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS2\system32\DRIVERS\netbios.sys
20:20:10.0859 2488 NetBIOS - ok
20:20:11.0812 2488 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS2\system32\DRIVERS\netbt.sys
20:20:11.0812 2488 NetBT - ok
20:20:12.0171 2488 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS2\system32\netdde.exe
20:20:12.0218 2488 NetDDE - ok
20:20:12.0234 2488 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS2\system32\netdde.exe
20:20:12.0234 2488 NetDDEdsdm - ok
20:20:12.0296 2488 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS2\system32\lsass.exe
20:20:12.0312 2488 Netlogon - ok
20:20:13.0250 2488 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS2\System32\netman.dll
20:20:13.0265 2488 Netman - ok
20:20:13.0890 2488 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:20:13.0906 2488 NetTcpPortSharing - ok
20:20:15.0312 2488 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS2\system32\DRIVERS\NETw4x32.sys
20:20:16.0015 2488 NETw4x32 - ok
20:20:16.0921 2488 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS2\system32\DRIVERS\nic1394.sys
20:20:16.0953 2488 NIC1394 - ok
20:20:18.0031 2488 Nla (4e74af063c3271fbea20dd940cfd1184) C:\WINDOWS2\System32\mswsock.dll
20:20:18.0187 2488 Nla - ok
20:20:19.0421 2488 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS2\system32\drivers\Npfs.sys
20:20:19.0453 2488 Npfs - ok
20:20:22.0484 2488 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS2\system32\drivers\Ntfs.sys
20:20:23.0687 2488 Ntfs - ok
20:20:23.0937 2488 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS2\system32\lsass.exe
20:20:23.0937 2488 NtLmSsp - ok
20:20:24.0234 2488 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS2\system32\ntmssvc.dll
20:20:24.0468 2488 NtmsSvc - ok
20:20:27.0125 2488 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS2\system32\drivers\Null.sys
20:20:27.0171 2488 Null - ok
20:20:34.0218 2488 nv (0390b9368ea20dfb9e416a520b28a555) C:\WINDOWS2\system32\DRIVERS\nv4_mini.sys
20:20:40.0062 2488 nv - ok
20:20:43.0875 2488 NVSvc (a9fb3ef9a6385b56e8a6bd758ac01b94) C:\WINDOWS2\system32\nvsvc32.exe
20:20:43.0906 2488 NVSvc - ok
20:20:44.0625 2488 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS2\system32\DRIVERS\nwlnkflt.sys
20:20:44.0703 2488 NwlnkFlt - ok
20:20:46.0062 2488 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS2\system32\DRIVERS\nwlnkfwd.sys
20:20:46.0078 2488 NwlnkFwd - ok
20:20:46.0765 2488 OEM02Afx (58f478fd0115012ceec75fb73628901c) C:\WINDOWS2\system32\Drivers\OEM02Afx.sys
20:20:46.0765 2488 OEM02Afx - ok
20:20:47.0500 2488 OEM02Dev (19cac780b858822055f46c58a111723c) C:\WINDOWS2\system32\DRIVERS\OEM02Dev.sys
20:20:47.0515 2488 OEM02Dev - ok
20:20:47.0609 2488 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS2\system32\DRIVERS\OEM02Vfx.sys
20:20:47.0625 2488 OEM02Vfx - ok
20:20:47.0671 2488 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS2\system32\DRIVERS\ohci1394.sys
20:20:47.0703 2488 ohci1394 - ok
20:20:47.0843 2488 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:20:48.0078 2488 ose - ok
20:20:49.0437 2488 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS2\system32\drivers\Parport.sys
20:20:50.0031 2488 Parport - ok
20:20:51.0796 2488 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS2\system32\drivers\PartMgr.sys
20:20:51.0796 2488 PartMgr - ok
20:20:52.0500 2488 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS2\system32\drivers\ParVdm.sys
20:20:52.0578 2488 ParVdm - ok
20:20:53.0265 2488 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS2\system32\DRIVERS\pci.sys
20:20:53.0359 2488 PCI - ok
20:20:54.0328 2488 PCIDump - ok
20:20:56.0750 2488 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS2\system32\DRIVERS\pciide.sys
20:20:56.0750 2488 PCIIde - ok
20:20:58.0296 2488 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS2\system32\drivers\Pcmcia.sys
20:20:58.0406 2488 Pcmcia - ok
20:20:58.0687 2488 PDCOMP - ok
20:20:58.0812 2488 PDFRAME - ok
20:20:59.0453 2488 PDRELI - ok
20:20:59.0609 2488 PDRFRAME - ok
20:20:59.0625 2488 perc2 - ok
20:20:59.0640 2488 perc2hib - ok
20:20:59.0765 2488 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS2\system32\services.exe
20:20:59.0843 2488 PlugPlay - ok
20:21:00.0031 2488 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS2\system32\lsass.exe
20:21:00.0062 2488 PolicyAgent - ok
20:21:00.0703 2488 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS2\system32\DRIVERS\raspptp.sys
20:21:00.0734 2488 PptpMiniport - ok
20:21:00.0843 2488 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS2\system32\lsass.exe
20:21:00.0843 2488 ProtectedStorage - ok
20:21:02.0796 2488 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS2\system32\DRIVERS\psched.sys
20:21:02.0828 2488 PSched - ok
20:21:03.0687 2488 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS2\system32\DRIVERS\ptilink.sys
20:21:03.0718 2488 Ptilink - ok
20:21:04.0203 2488 ql1080 - ok
20:21:04.0281 2488 Ql10wnt - ok
20:21:04.0296 2488 ql12160 - ok
20:21:04.0312 2488 ql1240 - ok
20:21:04.0343 2488 ql1280 - ok
20:21:04.0515 2488 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS2\system32\DRIVERS\rasacd.sys
20:21:04.0531 2488 RasAcd - ok
20:21:04.0671 2488 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS2\System32\rasauto.dll
20:21:04.0734 2488 RasAuto - ok
20:21:05.0437 2488 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS2\system32\DRIVERS\rasl2tp.sys
20:21:05.0531 2488 Rasl2tp - ok
20:21:06.0234 2488 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS2\System32\rasmans.dll
20:21:06.0265 2488 RasMan - ok
20:21:06.0609 2488 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS2\system32\DRIVERS\raspppoe.sys
20:21:06.0625 2488 RasPppoe - ok
20:21:07.0281 2488 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS2\system32\DRIVERS\raspti.sys
20:21:07.0281 2488 Raspti - ok
20:21:07.0609 2488 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS2\system32\DRIVERS\rdbss.sys
20:21:07.0609 2488 Rdbss - ok
20:21:08.0968 2488 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS2\system32\DRIVERS\RDPCDD.sys
20:21:08.0968 2488 RDPCDD - ok
20:21:10.0078 2488 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS2\system32\DRIVERS\rdpdr.sys
20:21:10.0093 2488 rdpdr - ok
20:21:10.0859 2488 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS2\system32\drivers\RDPWD.sys
20:21:11.0015 2488 RDPWD - ok
20:21:11.0625 2488 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS2\system32\sessmgr.exe
20:21:11.0640 2488 RDSessMgr - ok
20:21:11.0953 2488 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS2\system32\DRIVERS\redbook.sys
20:21:11.0968 2488 redbook - ok
20:21:12.0578 2488 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS2\System32\mprdim.dll
20:21:12.0578 2488 RemoteAccess - ok
20:21:13.0125 2488 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS2\system32\regsvc.dll
20:21:13.0187 2488 RemoteRegistry - ok
20:21:14.0375 2488 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS2\system32\DRIVERS\rimmptsk.sys
20:21:14.0406 2488 rimmptsk - ok
20:21:15.0281 2488 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS2\system32\DRIVERS\rimsptsk.sys
20:21:15.0281 2488 rimsptsk - ok
20:21:16.0250 2488 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS2\system32\DRIVERS\rixdptsk.sys
20:21:16.0250 2488 rismxdp - ok
20:21:16.0593 2488 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS2\system32\locator.exe
20:21:16.0703 2488 RpcLocator - ok
20:21:17.0203 2488 RpcSs (5c83a4408604f737717ab96371201680) C:\WINDOWS2\System32\rpcss.dll
20:21:17.0375 2488 RpcSs - ok
20:21:19.0812 2488 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS2\system32\rsvp.exe
20:21:19.0937 2488 RSVP - ok
20:21:20.0468 2488 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS2\system32\lsass.exe
20:21:20.0500 2488 SamSs - ok
20:21:20.0796 2488 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:21:20.0843 2488 SASDIFSV - ok
20:21:20.0875 2488 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:21:20.0937 2488 SASKUTIL - ok
20:21:22.0625 2488 SBKUPNT (729248b54aff21e740054acebfdbcb1c) C:\WINDOWS2\system32\Drivers\SBKUPNT.SYS
20:21:22.0656 2488 SBKUPNT - ok
20:21:23.0187 2488 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS2\System32\SCardSvr.exe
20:21:23.0218 2488 SCardSvr - ok
20:21:23.0531 2488 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS2\system32\schedsvc.dll
20:21:23.0578 2488 Schedule - ok
20:21:24.0328 2488 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS2\system32\DRIVERS\sdbus.sys
20:21:24.0421 2488 sdbus - ok
20:21:25.0531 2488 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS2\system32\DRIVERS\secdrv.sys
20:21:25.0562 2488 Secdrv - ok
20:21:25.0937 2488 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS2\System32\seclogon.dll
20:21:25.0937 2488 seclogon - ok
20:21:25.0984 2488 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS2\system32\sens.dll
20:21:26.0015 2488 SENS - ok
20:21:26.0343 2488 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS2\system32\drivers\Serial.sys
20:21:26.0406 2488 Serial - ok
20:21:27.0156 2488 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS2\system32\DRIVERS\sffdisk.sys
20:21:27.0187 2488 sffdisk - ok
20:21:27.0281 2488 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS2\system32\DRIVERS\sffp_sd.sys
20:21:27.0296 2488 sffp_sd - ok
20:21:27.0468 2488 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS2\system32\drivers\Sfloppy.sys
20:21:27.0500 2488 Sfloppy - ok
20:21:28.0640 2488 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS2\System32\ipnathlp.dll
20:21:29.0390 2488 SharedAccess - ok
20:21:29.0906 2488 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS2\System32\shsvcs.dll
20:21:29.0921 2488 ShellHWDetection - ok
20:21:31.0296 2488 Simbad - ok
20:21:31.0890 2488 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS2\system32\DRIVERS\SLIP.sys
20:21:31.0984 2488 SLIP - ok
20:21:33.0875 2488 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS2\system32\DRIVERS\SONYPVU1.SYS
20:21:34.0031 2488 SONYPVU1 - ok
20:21:34.0906 2488 Sparrow - ok
20:21:36.0734 2488 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS2\system32\drivers\splitter.sys
20:21:36.0796 2488 splitter - ok
20:21:37.0750 2488 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS2\system32\spoolsv.exe
20:21:37.0765 2488 Spooler - ok
20:21:38.0171 2488 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS2\system32\DRIVERS\sr.sys
20:21:38.0281 2488 sr - ok
20:21:38.0390 2488 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS2\system32\srsvc.dll
20:21:38.0437 2488 srservice - ok
20:21:39.0500 2488 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS2\system32\DRIVERS\srv.sys
20:21:40.0937 2488 Srv - ok
20:21:42.0609 2488 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS2\System32\ssdpsrv.dll
20:21:42.0750 2488 SSDPSRV - ok
20:21:45.0203 2488 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS2\system32\drivers\sthda.sys
20:21:45.0531 2488 STHDA - ok
20:21:46.0125 2488 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS2\system32\wiaservc.dll
20:21:46.0437 2488 stisvc - ok
20:21:47.0937 2488 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS2\system32\DRIVERS\StreamIP.sys
20:21:47.0937 2488 streamip - ok
20:21:49.0171 2488 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS2\system32\DRIVERS\swenum.sys
20:21:49.0187 2488 swenum - ok
20:21:51.0234 2488 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS2\system32\drivers\swmidi.sys
20:21:51.0281 2488 swmidi - ok
20:21:51.0718 2488 SwPrv - ok
20:21:51.0781 2488 symc810 - ok
20:21:51.0937 2488 symc8xx - ok
20:21:51.0953 2488 sym_hi - ok
20:21:52.0562 2488 sym_u3 - ok
20:21:52.0843 2488 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS2\system32\drivers\sysaudio.sys
20:21:52.0859 2488 sysaudio - ok
20:21:53.0093 2488 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS2\system32\smlogsvc.exe
20:21:53.0125 2488 SysmonLog - ok
20:21:53.0953 2488 SysProtDrv.sys (7d5b6655442dbcf5e3b86a134ab90584) C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\SysProt\SysProt\SysProtDrv.sys
20:21:54.0468 2488 SysProtDrv.sys - ok
20:21:54.0765 2488 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS2\System32\tapisrv.dll
20:21:54.0796 2488 TapiSrv - ok
20:21:54.0890 2488 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS2\system32\DRIVERS\tcpip.sys
20:21:54.0906 2488 Tcpip - ok
20:21:55.0156 2488 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS2\system32\drivers\TDPIPE.sys
20:21:55.0171 2488 TDPIPE - ok
20:21:55.0234 2488 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS2\system32\drivers\TDTCP.sys
20:21:55.0281 2488 TDTCP - ok
20:21:55.0343 2488 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS2\system32\DRIVERS\termdd.sys
20:21:55.0343 2488 TermDD - ok
20:21:55.0609 2488 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS2\System32\termsrv.dll
20:21:55.0640 2488 TermService - ok
20:21:55.0718 2488 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS2\System32\shsvcs.dll
20:21:55.0718 2488 Themes - ok
20:21:55.0859 2488 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS2\system32\tlntsvr.exe
20:21:56.0546 2488 TlntSvr - ok
20:21:57.0437 2488 TosIde - ok
20:21:58.0000 2488 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS2\system32\trkwks.dll
20:21:58.0000 2488 TrkWks - ok
20:21:58.0500 2488 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS2\system32\drivers\Udfs.sys
20:21:58.0593 2488 Udfs - ok
20:21:59.0015 2488 ultra - ok
20:21:59.0625 2488 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS2\system32\DRIVERS\update.sys
20:21:59.0625 2488 Update - ok
20:22:00.0765 2488 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS2\System32\upnphost.dll
20:22:00.0984 2488 upnphost - ok
20:22:01.0281 2488 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS2\System32\ups.exe
20:22:01.0296 2488 UPS - ok
20:22:01.0500 2488 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS2\system32\Drivers\usbaapl.sys
20:22:01.0515 2488 USBAAPL - ok
20:22:01.0750 2488 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS2\system32\DRIVERS\usbccgp.sys
20:22:01.0765 2488 usbccgp - ok
20:22:02.0078 2488 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS2\system32\DRIVERS\usbehci.sys
20:22:02.0125 2488 usbehci - ok
20:22:03.0218 2488 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS2\system32\DRIVERS\usbhub.sys
20:22:03.0250 2488 usbhub - ok
20:22:04.0296 2488 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS2\system32\DRIVERS\usbscan.sys
20:22:04.0359 2488 usbscan - ok
20:22:05.0562 2488 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS2\system32\DRIVERS\USBSTOR.SYS
20:22:05.0781 2488 USBSTOR - ok
20:22:06.0328 2488 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS2\system32\DRIVERS\usbuhci.sys
20:22:06.0406 2488 usbuhci - ok
20:22:08.0078 2488 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS2\system32\Drivers\usbvideo.sys
20:22:08.0406 2488 usbvideo - ok
20:22:09.0578 2488 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS2\System32\drivers\vga.sys
20:22:09.0578 2488 VgaSave - ok
20:22:11.0359 2488 ViaIde - ok
20:22:13.0468 2488 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS2\system32\drivers\VolSnap.sys
20:22:13.0609 2488 VolSnap - ok
20:22:14.0734 2488 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS2\System32\vssvc.exe
20:22:14.0750 2488 VSS - ok
20:22:15.0421 2488 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS2\system32\w32time.dll
20:22:15.0593 2488 W32Time - ok
20:22:20.0281 2488 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS2\system32\DRIVERS\wanarp.sys
20:22:20.0359 2488 Wanarp - ok
20:22:21.0546 2488 WDICA - ok
20:22:22.0625 2488 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS2\system32\drivers\wdmaud.sys
20:22:22.0687 2488 wdmaud - ok
20:22:23.0406 2488 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS2\System32\webclnt.dll
20:22:23.0484 2488 WebClient - ok
20:22:32.0468 2488 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS2\system32\DRIVERS\HSF_CNXT.sys
20:22:33.0375 2488 winachsf - ok
20:22:35.0078 2488 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS2\system32\wbem\WMIsvc.dll
20:22:35.0406 2488 winmgmt - ok
20:22:38.0468 2488 WmdmPmSN (c086483e3dba8c1c0a687ec8d5b3d4c1) C:\WINDOWS2\system32\mspmsnsv.dll
20:22:38.0656 2488 WmdmPmSN - ok
20:22:41.0250 2488 Wmi (1aff244ca134956c54474f4e2433e4ce) C:\WINDOWS2\System32\advapi32.dll
20:22:41.0328 2488 Wmi - ok
20:22:41.0796 2488 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS2\system32\DRIVERS\wmiacpi.sys
20:22:41.0859 2488 WmiAcpi - ok
20:22:48.0625 2488 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS2\system32\wbem\wmiapsrv.exe
20:22:48.0984 2488 WmiApSrv - ok
20:22:49.0218 2488 WPFFontCache_v0400 - ok
20:22:52.0750 2488 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS2\System32\drivers\ws2ifsl.sys
20:22:52.0843 2488 WS2IFSL - ok
20:22:54.0968 2488 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS2\system32\wscsvc.dll
20:22:55.0421 2488 wscsvc - ok
20:22:58.0515 2488 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS2\system32\DRIVERS\WSTCODEC.SYS
20:22:58.0609 2488 WSTCODEC - ok
20:23:00.0734 2488 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:23:04.0312 2488 wuauserv - ok
20:23:06.0453 2488 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS2\System32\wzcsvc.dll
20:23:06.0984 2488 WZCSVC - ok
20:23:09.0468 2488 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS2\System32\xmlprov.dll
20:23:09.0531 2488 xmlprov - ok
20:23:09.0625 2488 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
20:23:09.0656 2488 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
20:23:09.0656 2488 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
20:23:09.0781 2488 Boot (0x1200) (b555b91f577cbb009e14078586928726) \Device\Harddisk0\DR0\Partition0
20:23:09.0796 2488 \Device\Harddisk0\DR0\Partition0 - ok
20:23:09.0812 2488 ============================================================
20:23:09.0812 2488 Scan finished
20:23:09.0812 2488 ============================================================
20:23:09.0859 2480 Detected object count: 1
20:23:09.0859 2480 Actual detected object count: 1
20:28:10.0156 2480 \Device\Harddisk0\DR0\# - copied to quarantine
20:28:10.0156 2480 \Device\Harddisk0\DR0 - copied to quarantine
20:28:10.0203 2480 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
20:28:10.0234 2480 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
20:28:10.0234 2480 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
20:28:10.0250 2480 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
20:28:10.0250 2480 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
20:28:10.0312 2480 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
20:28:10.0406 2480 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
20:28:10.0453 2480 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
20:28:10.0453 2480 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
20:28:10.0468 2480 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
20:28:10.0468 2480 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
20:28:10.0484 2480 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
20:28:10.0531 2480 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
20:28:10.0531 2480 \Device\Harddisk0\DR0 - ok
20:28:10.0546 2480 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
20:28:22.0656 3564 Deinitialize success

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 16th April 2012, 4:10 am

SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 04/15/2012 at 07:48 PM

Application Version : 5.0.1146

Core Rules Database Version : 8451
Trace Rules Database Version: 6263

Scan type : Quick Scan
Total Scan Time : 01:29:21

Operating System Information
Windows XP Professional 32-bit, Service Pack 2 (Build 5.01.2600)
Administrator

Memory items scanned : 426
Memory threats detected : 0
Registry items scanned : 28456
Registry threats detected : 0
File items scanned : 27277
File threats detected : 80

Adware.Tracking Cookie
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@adinterax[1].txt [ /adinterax ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@ads.pointroll[2].txt [ /ads.pointroll ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@adxpose[1].txt [ /adxpose ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@apmebf[2].txt [ /apmebf ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@atdmt[2].txt [ /atdmt ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@collective-media[2].txt [ /collective-media ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@doubleclick[2].txt [ /doubleclick ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@eset.122.2o7[1].txt [ /eset.122.2o7 ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@fastclick[2].txt [ /fastclick ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@imrworldwide[2].txt [ /imrworldwide ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@invitemedia[1].txt [ /invitemedia ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@mediaplex[2].txt [ /mediaplex ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@pointroll[1].txt [ /pointroll ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@pro-market[1].txt [ /pro-market ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@revsci[1].txt [ /revsci ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@serving-sys[2].txt [ /serving-sys ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@statcounter[2].txt [ /statcounter ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@tribalfusion[1].txt [ /tribalfusion ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@imrworldwide[2].txt [ Cookie:system@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@fastclick[2].txt [ Cookie:system@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@ads.gamersmedia[1].txt [ Cookie:system@ads.gamersmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@dc.tremormedia[1].txt [ Cookie:system@dc.tremormedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@ox-d.enveromedia[2].txt [ Cookie:system@ox-d.enveromedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@pointroll[1].txt [ Cookie:system@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@media6degrees[1].txt [ Cookie:system@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@goclicker[1].txt [ Cookie:system@goclicker.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@adsonar[2].txt [ Cookie:system@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@lucidmedia[2].txt [ Cookie:system@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@adnetwork[1].txt [ Cookie:system@adnetwork.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@collective-media[2].txt [ Cookie:system@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@burstbeacon[2].txt [ Cookie:system@burstbeacon.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@ads.pointroll[2].txt [ Cookie:system@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@realmedia[1].txt [ Cookie:system@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@[You must be registered and logged in to see this link.] [ Cookie:system@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@ads.footballmedia[2].txt [ Cookie:system@ads.footballmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@burstnet[1].txt [ Cookie:system@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@yieldmanager[1].txt [ Cookie:system@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@apmebf[1].txt [ Cookie:system@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@click.pmi5media[1].txt [ Cookie:system@click.pmi5media.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@ad2.adfarm1.adition[1].txt [ Cookie:system@ad2.adfarm1.adition.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@t.pointroll[2].txt [ Cookie:system@t.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@casalemedia[2].txt [ Cookie:system@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@adserver.adtechus[1].txt [ Cookie:system@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@questionmarket[1].txt [ Cookie:system@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@mtvn.112.2o7[1].txt [ Cookie:system@mtvn.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@s3.trafficno[2].txt [ Cookie:system@s3.trafficno.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@adtech[1].txt [ Cookie:system@adtech.de/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@mm.chitika[2].txt [ Cookie:system@mm.chitika.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@findology[2].txt [ Cookie:system@findology.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@xml.trafficengine[1].txt [ Cookie:system@xml.trafficengine.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@revsci[5].txt [ Cookie:system@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@ox-d.fondnessmedia[5].txt [ Cookie:system@ox-d.fondnessmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@lucidmedia[4].txt [ Cookie:system@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@CA7NBGRB.txt [ Cookie:system@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@specificclick[5].txt [ Cookie:system@specificclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@invitemedia[7].txt [ Cookie:system@invitemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@delivery.adserver.manutd[1].txt [ Cookie:system@delivery.adserver.manutd.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@media.adfrontiers[3].txt [ Cookie:system@media.adfrontiers.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@[You must be registered and logged in to see this link.] [ Cookie:system@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@click.pmi5media[1].txt [ Cookie:system@click.pmi5media.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@ad2.adfarm1.adition[2].txt [ Cookie:system@ad2.adfarm1.adition.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@serving-sys[6].txt [ Cookie:system@serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@s3.trafficno[6].txt [ Cookie:system@s3.trafficno.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@adfarm1.adition[3].txt [ Cookie:system@adfarm1.adition.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@adsonar[2].txt [ Cookie:system@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@adserver.adtechus[1].txt [ Cookie:system@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@ru4[8].txt [ Cookie:system@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@insightexpressai[8].txt [ Cookie:system@insightexpressai.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@invitemedia[11].txt [ Cookie:system@invitemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@advertising[2].txt [ Cookie:system@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@adnetwork[1].txt [ Cookie:system@adnetwork.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@collective-media[10].txt [ Cookie:system@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@enhance[6].txt [ Cookie:system@enhance.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@apmebf[7].txt [ Cookie:system@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@adxpose[2].txt [ Cookie:system@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@[You must be registered and logged in to see this link.] [ Cookie:system@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@CAW61GFR.txt [ Cookie:system@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@collective-media[9].txt [ Cookie:system@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@ads.gamersmedia[4].txt [ Cookie:system@ads.gamersmedia.com/ ]

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 16th April 2012, 4:11 am

Malwarebytes Anti-Malware 1.61.0.1400
[You must be registered and logged in to see this link.]

Database version: v2012.04.13.01

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Antonio :: ANTONIO-LAPTOP [administrator]

4/15/2012 8:37:34 PM
mbam-log-2012-04-15 (20-37-34).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 389213
Time elapsed: 3 hour(s), 20 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: %APPDATA%\dplaysvr.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 16th April 2012, 4:16 am

Also in the folder TDSSKiller_Quarantine, should I delete all the different folders there with the quanratined objects?

Thanks again.

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by Superdave on 16th April 2012, 5:52 pm

Also in the folder TDSSKiller_Quarantine, should I delete all the different folders there with the quanratined objects?
Yes, go ahead and delete.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.
*********************************************************
Please run ComboFix again and post the log.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 16th April 2012, 11:12 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 136):
0x804D7000 \WINDOWS2\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS2\system32\hal.dll
0xF7B84000 \WINDOWS2\system32\KDCOM.DLL
0xF7A94000 \WINDOWS2\system32\BOOTVID.dll
0xF7555000 ACPI.sys
0xF7B86000 \WINDOWS2\system32\DRIVERS\WMILIB.SYS
0xF7544000 pci.sys
0xF7684000 isapnp.sys
0xF7694000 ohci1394.sys
0xF76A4000 \WINDOWS2\system32\DRIVERS\1394BUS.SYS
0xF7A98000 compbatt.sys
0xF7A9C000 \WINDOWS2\system32\DRIVERS\BATTC.SYS
0xF7C4C000 pciide.sys
0xF7904000 \WINDOWS2\system32\DRIVERS\PCIIDEX.SYS
0xF76B4000 MountMgr.sys
0xF7525000 ftdisk.sys
0xF7B88000 dmload.sys
0xF74FF000 dmio.sys
0xF790C000 PartMgr.sys
0xF76C4000 VolSnap.sys
0xF74E7000 atapi.sys
0xF76D4000 disk.sys
0xF76E4000 \WINDOWS2\system32\DRIVERS\CLASSPNP.SYS
0xF74C8000 fltMgr.sys
0xF74B6000 sr.sys
0xF749F000 KSecDD.sys
0xF7412000 Ntfs.sys
0xF73E5000 NDIS.sys
0xF73CA000 Mup.sys
0xF78A4000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF69A8000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6994000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF79C4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6971000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79CC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF694B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF672F000 \SystemRoot\system32\DRIVERS\NETw4x32.sys
0xF78B4000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF78C4000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF671E000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF78D4000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xF670A000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xF66B9000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xF78E4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF79D4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79DC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF78F4000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7704000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7714000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6696000 \SystemRoot\system32\DRIVERS\ks.sys
0xF79E4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF73A2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF739E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF7D69000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7724000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF739A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF667F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7734000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7744000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF79EC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF666E000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7754000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF79F4000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF79FC000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF663D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7764000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B9C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6569000 \SystemRoot\system32\DRIVERS\update.sys
0xF7026000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7774000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7784000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BA4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF53B9000 \SystemRoot\system32\drivers\sthda.sys
0xF5397000 \SystemRoot\system32\drivers\portcls.sys
0xF7794000 \SystemRoot\system32\drivers\drmk.sys
0xF5374000 \??\C:\WINDOWS2\system32\Drivers\OEM02Afx.sys
0xF5340000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xF524E000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xF519B000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7A04000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7B54000 \SystemRoot\System32\DRIVERS\cmderd.sys
0xF513D000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xF7A34000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF7B5C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF77A4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7A3C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF5103000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0xF7BAE000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0xF7B60000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7BB0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7D28000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BB2000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A4C000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xF7BB6000 \SystemRoot\System32\Drivers\DLADiagM.SYS
0xF7A54000 \SystemRoot\System32\Drivers\DLAPMonM.SYS
0xF7A64000 \SystemRoot\System32\drivers\vga.sys
0xF7BB8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BBA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A6C000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A74000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7B70000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF50D0000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF5078000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF502F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7A7C000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xF5007000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF77B4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF654D000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF77E4000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF4FE5000 \SystemRoot\System32\drivers\afd.sys
0xF77F4000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF4FC3000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7A84000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF4F97000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF4F28000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7804000 \SystemRoot\System32\Drivers\Fips.SYS
0xF6545000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF7824000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF4EE8000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7BC8000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF793C000 \SystemRoot\System32\watchdog.sys
0xF517B000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF9C1000 \SystemRoot\System32\drivers\dxg.sys
0xF7CBE000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D3000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBAFE8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBAC7B000 \SystemRoot\system32\drivers\wdmaud.sys
0xBADD0000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA689000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA5BE000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA75A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xBA5B6000 \??\C:\WINDOWS2\system32\Drivers\SBKUPNT.SYS
0xBA0F5000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS2\system32\ntdll.dll

Processes (total 40):
0 System Idle Process
4 System
816 C:\WINDOWS2\system32\smss.exe
880 csrss.exe
912 C:\WINDOWS2\system32\winlogon.exe
956 C:\WINDOWS2\system32\services.exe
968 C:\WINDOWS2\system32\lsass.exe
1136 C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
1148 C:\WINDOWS2\system32\svchost.exe
1216 svchost.exe
1256 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1284 C:\WINDOWS2\system32\svchost.exe
1440 svchost.exe
1464 svchost.exe
1840 C:\WINDOWS2\system32\spoolsv.exe
196 C:\WINDOWS2\explorer.exe
272 C:\WINDOWS2\system32\rundll32.exe
352 C:\WINDOWS2\system32\rundll32.exe
396 C:\Program Files\Dell\QuickSet\quickset.exe
416 C:\WINDOWS2\OEM02Mon.exe
424 C:\Program Files\Dell\MediaDirect\PCMService.exe
556 C:\Program Files\Common Files\Java\Java Update\jusched.exe
672 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
716 C:\Program Files\iTunes\iTunesHelper.exe
772 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
1712 C:\WINDOWS2\system32\ctfmon.exe
652 C:\Program Files\SUPERAntiSpyware\SASCore.exe
2004 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
736 C:\Program Files\Bonjour\mDNSResponder.exe
2132 C:\Program Files\Google\Update\GoogleUpdate.exe
2140 C:\Program Files\Java\jre6\bin\jqs.exe
2256 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
2360 C:\WINDOWS2\system32\nvsvc32.exe
2444 C:\WINDOWS2\system32\svchost.exe
2896 wmiprvse.exe
3016 C:\Program Files\iPod\bin\iPodService.exe
3444 alg.exe
4000 C:\WINDOWS2\system32\wuauclt.exe
3360 C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\MBRCheck.exe
2060 C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`04e71400 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS542512K9SA00, Rev: BB2OC39P

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 16th April 2012, 11:13 pm

ComboFix 12-04-13.01 - Antonio 04/16/2012 18:48:36.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.786 [GMT -4:00]
Running from: c:\documents and settings\Antonio.ANTONIO-LAPTOP\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-14 22:02 . 2012-04-14 22:21 -------- d-----w- C:\96c0d17019026f4c64899da603beb5
2012-04-14 15:41 . 2012-04-14 15:41 -------- d-----w- c:\windows2\system32\KB905474
2012-04-13 22:43 . 2012-04-13 22:43 -------- d-sh--w- c:\windows2\system32\config\systemprofile\PrivacIE
2012-04-13 22:41 . 2012-04-13 22:41 -------- d-sh--w- c:\windows2\system32\config\systemprofile\IETldCache
2012-04-13 00:19 . 2012-04-13 00:19 -------- d-----w- c:\documents and settings\Antonio.ANTONIO-LAPTOP\Application Data\SUPERAntiSpyware.com
2012-04-13 00:16 . 2012-04-13 00:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-13 00:16 . 2012-04-13 00:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\SUPERAntiSpyware.com
2012-04-12 04:47 . 2012-04-16 22:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-09 01:34 . 2012-04-09 01:34 -------- d-----w- C:\VritualRoot
2012-04-09 01:34 . 2012-04-09 01:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\COMODO
2012-04-09 01:34 . 2012-04-16 22:38 1474832 ----a-w- c:\windows2\system32\drivers\sfi.dat
2012-04-09 00:57 . 2012-04-09 00:59 -------- d-----w- c:\program files\COMODO
2012-04-09 00:53 . 2012-04-09 00:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\Comodo Downloader
2012-04-08 17:57 . 2012-04-08 17:57 -------- d-----w- c:\program files\CCleaner
2012-04-08 16:24 . 2009-08-06 23:24 44768 ----a-w- c:\windows2\system32\wups2.dll
2012-04-08 16:24 . 2009-08-06 23:24 21728 ----a-w- c:\windows2\system32\wucltui.dll.mui
2012-04-08 16:23 . 2009-08-06 23:24 17632 ----a-w- c:\windows2\system32\wuaueng.dll.mui
2012-04-08 16:23 . 2009-08-06 23:24 15072 ----a-w- c:\windows2\system32\wuaucpl.cpl.mui
2012-04-08 16:23 . 2009-08-06 23:24 15064 ----a-w- c:\windows2\system32\wuapi.dll.mui
2012-04-08 16:12 . 2012-04-08 16:14 -------- d-----w- c:\windows2\system32\NtmsData
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-04-03 03:51 . 2012-04-03 03:51 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2012-04-02 02:04 . 2012-04-02 02:04 418464 ----a-w- c:\windows2\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-12-10 22:23 22344 ----a-w- c:\windows2\system32\drivers\mbam.sys
2012-04-02 02:04 . 2011-06-03 16:01 70304 ----a-w- c:\windows2\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-14_05.40.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-16 22:29 . 2012-04-16 22:29 16384 c:\windows2\temp\Perflib_Perfdata_85c.dat
- 2001-08-23 12:00 . 2012-04-14 05:40 69412 c:\windows2\system32\perfc009.dat
+ 2001-08-23 12:00 . 2012-04-14 22:31 69412 c:\windows2\system32\perfc009.dat
+ 2012-04-15 16:54 . 2012-02-15 15:01 43520 c:\windows2\system32\DRVSTORE\usbaapl_87F84F5DA3368BC69CA5BE7F6A79CAA709E36E13\usbaapl.sys
+ 2012-04-14 23:16 . 2012-04-14 23:16 60928 c:\windows2\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\fd23e35a951d31ea22e802cb811ec8d4\UIAutomationProvider.ni.dll
+ 2012-04-15 00:54 . 2012-04-15 00:54 37888 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\7b56bca5f163bd90e873e057a2ed9b27\System.Windows.Presentation.ni.dll
+ 2012-04-15 00:54 . 2012-04-15 00:54 36864 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\8d8382c70ffd32dad40458e2ea48392f\System.Web.DynamicData.Design.ni.dll
+ 2012-04-15 00:50 . 2012-04-15 00:50 94208 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\b0a3077511dfcbd3a94489749e867908\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-04-15 00:50 . 2012-04-15 00:50 82944 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\188a8e4b692c01a330f1e5486b22e2c5\System.AddIn.Contract.ni.dll
+ 2012-04-14 23:12 . 2012-04-14 23:12 47104 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e32bbe37990199c04777207187e32148\PresentationFontCache.ni.exe
+ 2012-04-14 23:11 . 2012-04-14 23:11 39424 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\7d2c7c871a7bfb3a7b511dc0656555d8\PresentationCFFRasterizer.ni.dll
+ 2012-04-15 00:52 . 2012-04-15 00:52 55296 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\0d2787cee2f4367d8de2cc2bf250402d\Microsoft.Vsa.ni.dll
+ 2012-04-15 00:36 . 2012-04-15 00:36 65024 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\946c582dd68fd3bd12479841e90391d4\Microsoft.Build.Framework.ni.dll
+ 2012-04-15 00:35 . 2012-04-15 00:35 74752 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\140a057c468f700fa6f11da9fc446184\Microsoft.Build.Framework.ni.dll
+ 2012-04-15 00:10 . 2012-04-15 00:10 14336 c:\windows2\assembly\NativeImages_v2.0.50727_32\dfsvc\e3adb754fc181d07ba9798064436efab\dfsvc.ni.exe
+ 2012-04-14 23:44 . 2012-04-14 23:44 25600 c:\windows2\assembly\NativeImages_v2.0.50727_32\Accessibility\4fa74462ee1789cab005c46417ab29d4\Accessibility.ni.dll
+ 2012-04-14 22:17 . 2012-04-14 22:17 77824 c:\windows2\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 77824 c:\windows2\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 81920 c:\windows2\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-04-14 22:17 . 2012-04-14 22:17 81920 c:\windows2\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 81920 c:\windows2\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-14 22:28 . 2012-04-14 22:28 81920 c:\windows2\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-14 22:18 . 2012-04-14 22:18 32768 c:\windows2\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 32768 c:\windows2\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-04-14 22:19 . 2012-04-14 22:19 12800 c:\windows2\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 12800 c:\windows2\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 28672 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-04-14 22:19 . 2012-04-14 22:19 28672 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 77824 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-04-14 22:21 . 2012-04-14 22:21 77824 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 36864 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-04-14 22:20 . 2012-04-14 22:20 36864 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 77824 c:\windows2\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-04-14 22:18 . 2012-04-14 22:18 77824 c:\windows2\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 13312 c:\windows2\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-04-14 22:18 . 2012-04-14 22:18 13312 c:\windows2\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-04-14 22:18 . 2012-04-14 22:18 10752 c:\windows2\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 10752 c:\windows2\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 72192 c:\windows2\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-14 22:19 . 2012-04-14 22:19 72192 c:\windows2\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 69120 c:\windows2\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-14 22:18 . 2012-04-14 22:18 69120 c:\windows2\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-14 22:18 . 2012-04-14 22:18 8192 c:\windows2\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 8192 c:\windows2\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-04-14 22:18 . 2012-04-14 22:18 7168 c:\windows2\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 7168 c:\windows2\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2012-04-14 22:28 . 2012-04-14 22:28 5632 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-12-24 07:52 . 2011-12-24 07:52 5632 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-12-24 07:52 . 2011-12-24 07:52 6656 c:\windows2\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-04-14 22:18 . 2012-04-14 22:18 6656 c:\windows2\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 8192 c:\windows2\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-04-14 22:18 . 2012-04-14 22:18 8192 c:\windows2\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2012-04-14 22:20 . 2012-04-14 22:20 113664 c:\windows2\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 113664 c:\windows2\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-04-14 22:20 . 2012-04-14 22:20 258048 c:\windows2\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 258048 c:\windows2\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2001-08-23 12:00 . 2012-04-14 05:40 437144 c:\windows2\system32\perfh009.dat
+ 2001-08-23 12:00 . 2012-04-14 22:31 437144 c:\windows2\system32\perfh009.dat
+ 2012-04-14 15:41 . 2009-03-11 02:18 453512 c:\windows2\system32\KB905474\wgasetup.exe
+ 2009-08-08 03:51 . 2009-08-08 03:51 989016 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2012-04-15 17:03 . 2012-04-15 17:03 380928 c:\windows2\Installer\{23B8A91D-680B-462B-87AD-3D70F7341731}\iTunesIco.exe
+ 2012-04-15 00:35 . 2012-04-15 00:35 321024 c:\windows2\assembly\NativeImages_v2.0.50727_32\WsatConfig\25d9533907decb903a8e41094e3ebe5f\WsatConfig.ni.exe
+ 2012-04-14 23:18 . 2012-04-14 23:18 240128 c:\windows2\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\b3da65983c80cac308599cbb88a53e6d\WindowsFormsIntegration.ni.dll
+ 2012-04-14 23:16 . 2012-04-14 23:16 187904 c:\windows2\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d3636894f6b04b5abf405f2505f2ee07\UIAutomationTypes.ni.dll
+ 2012-04-14 23:15 . 2012-04-14 23:15 447488 c:\windows2\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\7db8f36114d5f0d885ef34ffde39140d\UIAutomationClient.ni.dll
+ 2012-04-15 00:55 . 2012-04-15 00:55 400896 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\4a3ca352b2ea03fe42829c66d11541bd\System.Xml.Linq.ni.dll
+ 2012-04-15 00:53 . 2012-04-15 00:53 129536 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\e5e4f4355808bc02c6cbfe955ad90c8e\System.Web.Routing.ni.dll
+ 2012-04-15 00:54 . 2012-04-15 00:54 202240 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\f5c7138d9d04f3a1561f41aec9835ea2\System.Web.RegularExpressions.ni.dll
+ 2012-04-15 00:54 . 2012-04-15 00:54 858112 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\845b20e03fdee0ee98d68c77ae8c08cc\System.Web.Extensions.Design.ni.dll
+ 2012-04-15 00:54 . 2012-04-15 00:54 328192 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\b886c2a07da8b0007706fda98b563a2f\System.Web.Entity.ni.dll
+ 2012-04-15 00:54 . 2012-04-15 00:54 300544 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\2367344e4c94a232f1a0d80a83daf928\System.Web.Entity.Design.ni.dll
+ 2012-04-15 00:54 . 2012-04-15 00:54 542720 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\7e541c40696a65b9e30bc5efc951b496\System.Web.DynamicData.ni.dll
+ 2012-04-15 00:53 . 2012-04-15 00:53 141312 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\95a2024323b35fd51d1295fee4375d31\System.Web.Abstractions.ni.dll
+ 2012-04-15 00:53 . 2012-04-15 00:53 627200 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Transactions\b0fe8f366b80db700a9ddd6ca535cc91\System.Transactions.ni.dll
+ 2012-04-15 00:53 . 2012-04-15 00:53 212992 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7c95f4d3cbeb0dd34d76358bbec3047\System.ServiceProcess.ni.dll
+ 2012-04-15 00:36 . 2012-04-15 00:36 676352 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Security\78612dcaab25f029217743b04c525984\System.Security.ni.dll
+ 2012-04-15 00:52 . 2012-04-15 00:52 311296 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\e7df99e5f027dbdc47b8d31cc9c03913\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-04-15 00:52 . 2012-04-15 00:52 621056 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Net\ee263d7d5bdcfcf9d3fae242582213a3\System.Net.ni.dll
+ 2012-04-15 00:52 . 2012-04-15 00:52 998400 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Management\54e83b3b4e4dd558e8ecb2e213407c1f\System.Management.ni.dll
+ 2012-04-15 00:52 . 2012-04-15 00:52 330752 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Management.I#\4afda85897db6a1baa26f0af7029d1db\System.Management.Instrumentation.ni.dll
+ 2012-04-15 00:07 . 2012-04-15 00:07 381440 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.IO.Log\c24b1e4145080e43c8e47cba30c3fccd\System.IO.Log.ni.dll
+ 2012-04-15 00:03 . 2012-04-15 00:03 212992 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\c200cc4b43b75cd446629ebdce90afd4\System.IdentityModel.Selectors.ni.dll
+ 2012-04-15 00:51 . 2012-04-15 00:51 280064 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\6631ed8566af6d3d8563fc4c0c2578d9\System.EnterpriseServices.Wrapper.dll
+ 2012-04-15 00:51 . 2012-04-15 00:51 627712 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\6631ed8566af6d3d8563fc4c0c2578d9\System.EnterpriseServices.ni.dll
+ 2012-04-14 23:13 . 2012-04-14 23:13 208384 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e79cacbe1259ef88b1fa03a01b6fc6bf\System.Drawing.Design.ni.dll
+ 2012-04-15 00:51 . 2012-04-15 00:51 880640 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f923615471c1d999a8473981776bb87c\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-04-15 00:51 . 2012-04-15 00:51 455680 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\5a685b5957b5155da7a937049a06956c\System.DirectoryServices.Protocols.ni.dll
+ 2012-04-15 00:51 . 2012-04-15 00:51 354816 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\98b4ebd2fe024c5c364880e09e0d36df\System.Data.Services.Design.ni.dll
+ 2012-04-15 00:51 . 2012-04-15 00:51 939520 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\2cde19c145cbec7ccc5e0a4014da2026\System.Data.Services.Client.ni.dll
+ 2012-04-15 00:51 . 2012-04-15 00:51 755712 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\1480455acca1a4c217e9a41c287b7d3c\System.Data.Entity.Design.ni.dll
+ 2012-04-15 00:50 . 2012-04-15 00:50 135680 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\878b4efbeab0fd4d858ec53e4c480552\System.Data.DataSetExtensions.ni.dll
+ 2012-04-15 00:35 . 2012-04-15 00:35 970752 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Configuration\60b25b27fbf5f0f94fd65fcbdc3f3b2b\System.Configuration.ni.dll
+ 2012-04-15 00:52 . 2012-04-15 00:52 141312 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\59e3fd820ada873e4386d896eef9be47\System.Configuration.Install.ni.dll
+ 2012-04-15 00:50 . 2012-04-15 00:50 632832 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.AddIn\3d4a850973028354fca7ef9fc96ee8a8\System.AddIn.ni.dll
+ 2012-04-15 00:35 . 2012-04-15 00:35 365056 c:\windows2\assembly\NativeImages_v2.0.50727_32\SMSvcHost\3d643a4e02904807643405cc066e5608\SMSvcHost.ni.exe
+ 2012-04-15 00:35 . 2012-04-15 00:35 255488 c:\windows2\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\79211ea9793c2a07bc28c7de65b2350f\SMDiagnostics.ni.dll
+ 2012-04-15 00:35 . 2012-04-15 00:35 319488 c:\windows2\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\7903871129d7e06eb08204f239a23c47\ServiceModelReg.ni.exe
+ 2012-04-14 23:12 . 2012-04-14 23:12 258048 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\cdce2437c0a2820bd1a7465792a1c433\PresentationFramework.Royale.ni.dll
+ 2012-04-14 23:12 . 2012-04-14 23:12 368128 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7fa8ee532e6629cb90d65e486b922691\PresentationFramework.Aero.ni.dll
+ 2012-04-14 23:12 . 2012-04-14 23:12 539648 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70ac14c28100d0ca7ed1170597fbc172\PresentationFramework.Luna.ni.dll
+ 2012-04-14 23:12 . 2012-04-14 23:12 224768 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\203c63d75c419ded87c657a05d8ae7b8\PresentationFramework.Classic.ni.dll
+ 2012-04-15 00:35 . 2012-04-15 00:35 133632 c:\windows2\assembly\NativeImages_v2.0.50727_32\MSBuild\ec254c94553f453faeac64fea1d4933f\MSBuild.ni.exe
+ 2012-04-15 00:20 . 2012-04-15 00:20 386560 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\fc33f030b62548bd9e04315172c49164\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-04-15 00:36 . 2012-04-15 00:36 144384 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\5d384f36fdd4c4d3cce61de683838265\Microsoft.Build.Utilities.ni.dll
+ 2012-04-15 00:36 . 2012-04-15 00:36 175104 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\5bcafa6f8ab237a635d1ac1f09732109\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-04-15 00:36 . 2012-04-15 00:36 838656 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\647ad95bdbd360b742b66bbb6ec24b3f\Microsoft.Build.Engine.ni.dll
+ 2012-04-15 00:36 . 2012-04-15 00:36 222720 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\b9b775368ce8d1e0362b02e38a1f72cf\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-04-15 00:36 . 2012-04-15 00:36 220672 c:\windows2\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\ed7165f230179ddb231ebfc2a6177bc8\CustomMarshalers.ni.dll
+ 2012-04-15 00:13 . 2012-04-15 00:13 409600 c:\windows2\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\db904c838645ec5261e5740166e1bbe4\ComSvcConfig.ni.exe
+ 2012-04-14 23:58 . 2012-04-14 23:58 842240 c:\windows2\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\41f25f2d4d997096a964c47068035da2\AspNetMMCExt.ni.dll
+ 2012-04-14 22:16 . 2012-04-14 22:16 839680 c:\windows2\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 839680 c:\windows2\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-04-14 22:17 . 2012-04-14 22:17 835584 c:\windows2\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 835584 c:\windows2\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-04-14 22:18 . 2012-04-14 22:18 114688 c:\windows2\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 114688 c:\windows2\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-14 22:20 . 2012-04-14 22:20 258048 c:\windows2\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 258048 c:\windows2\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 131072 c:\windows2\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-04-14 22:20 . 2012-04-14 22:20 131072 c:\windows2\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-04-14 22:20 . 2012-04-14 22:20 303104 c:\windows2\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 303104 c:\windows2\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-04-14 22:21 . 2012-04-14 22:21 258048 c:\windows2\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 258048 c:\windows2\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-04-14 22:21 . 2012-04-14 22:21 372736 c:\windows2\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 372736 c:\windows2\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 626688 c:\windows2\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-04-14 22:20 . 2012-04-14 22:20 626688 c:\windows2\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 401408 c:\windows2\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-04-14 22:19 . 2012-04-14 22:19 401408 c:\windows2\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-04-14 22:17 . 2012-04-14 22:17 188416 c:\windows2\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 188416 c:\windows2\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 970752 c:\windows2\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-14 22:28 . 2012-04-14 22:28 970752 c:\windows2\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-14 22:28 . 2012-04-14 22:28 745472 c:\windows2\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 745472 c:\windows2\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 425984 c:\windows2\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-14 22:28 . 2012-04-14 22:28 425984 c:\windows2\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 110592 c:\windows2\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-04-14 22:28 . 2012-04-14 22:28 110592 c:\windows2\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-04-14 22:18 . 2012-04-14 22:18 659456 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 659456 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-14 22:19 . 2012-04-14 22:19 372736 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 372736 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 110592 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-04-14 22:19 . 2012-04-14 22:19 110592 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 749568 c:\windows2\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-04-14 22:19 . 2012-04-14 22:19 749568 c:\windows2\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-04-14 22:21 . 2012-04-14 22:21 655360 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 655360 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-04-14 22:20 . 2012-04-14 22:20 348160 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 348160 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 507904 c:\windows2\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-04-14 22:16 . 2012-04-14 22:16 507904 c:\windows2\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-04-14 22:20 . 2012-04-14 22:20 261632 c:\windows2\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 261632 c:\windows2\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 113664 c:\windows2\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-14 22:20 . 2012-04-14 22:20 113664 c:\windows2\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 258048 c:\windows2\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-14 22:20 . 2012-04-14 22:20 258048 c:\windows2\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-14 22:28 . 2012-04-14 22:28 486400 c:\windows2\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 486400 c:\windows2\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-04-14 15:41 . 2009-03-11 02:26 1403264 c:\windows2\system32\KB905474\wganotifypackageinner.exe
+ 2012-04-15 16:54 . 2012-02-15 15:01 4547944 c:\windows2\system32\DRVSTORE\usbaapl_87F84F5DA3368BC69CA5BE7F6A79CAA709E36E13\usbaaplrc.dll
+ 2009-08-08 03:51 . 2009-08-08 03:51 5812560 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2009-08-08 03:51 . 2009-08-08 03:51 4546560 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2008-07-25 16:17 . 2008-07-25 16:17 4546560 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2012-04-15 17:03 . 2012-04-15 17:03 4288000 c:\windows2\Installer\3111d7.msi
+ 2012-04-15 16:54 . 2012-04-15 16:54 1718784 c:\windows2\Installer\310649.msi
+ 2012-04-15 16:52 . 2012-04-15 16:52 1530368 c:\windows2\Installer\3105fa.msi
+ 2012-04-14 23:11 . 2012-04-14 23:11 3312128 c:\windows2\assembly\NativeImages_v2.0.50727_32\WindowsBase\c770cdb4fc7f26c9b5fe858d4147ae57\WindowsBase.ni.dll
+ 2012-04-14 23:15 . 2012-04-14 23:15 1049600 c:\windows2\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\fd463597ccb0d17afb9ed0491bfb996a\UIAutomationClientsideProviders.ni.dll
+ 2012-04-14 23:11 . 2012-04-14 23:11 7868416 c:\windows2\assembly\NativeImages_v2.0.50727_32\System\2e356db128ec7354bd70a3ecc84b1f87\System.ni.dll
+ 2012-04-14 23:15 . 2012-04-14 23:15 5450240 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Xml\28cee07c1277b35abcb83560cd8c677c\System.Xml.ni.dll
+ 2012-04-15 00:55 . 2012-04-15 00:55 1355776 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\9c196402a2fb13fb2aa38af5443bfdbe\System.WorkflowServices.ni.dll
+ 2012-04-15 00:55 . 2012-04-15 00:55 1904640 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\f52a5a56dc55c1aaa6d58dc424f1a66b\System.Workflow.Runtime.ni.dll
+ 2012-04-15 00:55 . 2012-04-15 00:55 4511744 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\c5cbcb790872f5752a77ff317ffe9cef\System.Workflow.ComponentModel.ni.dll
+ 2012-04-15 00:55 . 2012-04-15 00:55 2990080 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\2e5a0405b6f55ae6c7f43fd044a4f33e\System.Workflow.Activities.ni.dll
+ 2012-04-15 00:54 . 2012-04-15 00:54 1840128 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f4f2da215c1558cc952f993b46cee500\System.Web.Services.ni.dll
+ 2012-04-15 00:54 . 2012-04-15 00:54 2209280 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\2c2359a43c0623f343893805ed50e320\System.Web.Mobile.ni.dll
+ 2012-04-15 00:54 . 2012-04-15 00:54 2400256 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\9b143a7495238f7dcfb4aa4186793810\System.Web.Extensions.ni.dll
+ 2012-04-14 23:14 . 2012-04-14 23:14 1913344 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Speech\75cf391f0ecb47c6a614a66d6b51253a\System.Speech.ni.dll
+ 2012-04-15 00:53 . 2012-04-15 00:53 1705984 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\244eb842bea60d1f6cfdc18179187ec5\System.ServiceModel.Web.ni.dll
+ 2012-04-15 00:52 . 2012-04-15 00:52 2338304 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\7140256b1e3bf35d44a8dd98a4417252\System.Runtime.Serialization.ni.dll
+ 2012-04-14 23:13 . 2012-04-14 23:13 1035264 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Printing\571e33db0f70fd1184e3ba25dea0dc0b\System.Printing.ni.dll
+ 2012-04-15 00:51 . 2012-04-15 00:51 1056768 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2899af558a530772289cb4b022ef8d59\System.IdentityModel.ni.dll
+ 2012-04-14 23:13 . 2012-04-14 23:13 1587200 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Drawing\f9c517646d0706b9c61a41af685ff6b7\System.Drawing.ni.dll
+ 2012-04-15 00:51 . 2012-04-15 00:51 1116672 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\35ed64ce9b52d5c0d8fd7bc57b4d7567\System.DirectoryServices.ni.dll
+ 2012-04-15 00:51 . 2012-04-15 00:51 1801216 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Deployment\6d697a2d4a40e33d2bef6f013bc24172\System.Deployment.ni.dll
+ 2012-04-14 23:13 . 2012-04-14 23:13 6615040 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data\288044f77c184ff68e0200f762c395f4\System.Data.ni.dll
+ 2012-04-15 00:35 . 2012-04-15 00:35 2508800 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\f147fcb77773d92459234364453d999d\System.Data.SqlXml.ni.dll
+ 2012-04-15 00:51 . 2012-04-15 00:51 1326080 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data.Services\189318a2dd4c865bc4a2e72690e539c8\System.Data.Services.ni.dll
+ 2012-04-14 23:13 . 2012-04-14 23:13 2510848 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c8fe4e187a8f4b17a0448268fa3e0b6b\System.Data.Linq.ni.dll
+ 2012-04-15 00:51 . 2012-04-15 00:51 9903104 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\19c31313c619dd2a20c8a5f2db6f3c49\System.Data.Entity.ni.dll
+ 2012-04-14 23:12 . 2012-04-14 23:12 2295296 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Core\349efab7d4325e3cf4bc57b8a1b0f605\System.Core.ni.dll
+ 2012-04-14 23:12 . 2012-04-14 23:12 2126336 c:\windows2\assembly\NativeImages_v2.0.50727_32\ReachFramework\3b35e47f4876f2eed2e86b2829da0fbf\ReachFramework.ni.dll
+ 2012-04-14 23:12 . 2012-04-14 23:12 1657344 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationUI\f256e6ef01b68fbc8d60628b5479185b\PresentationUI.ni.dll
+ 2012-04-14 23:11 . 2012-04-14 23:11 1451008 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\647e0b340467d8b9ef7c6474ed5bde64\PresentationBuildTasks.ni.dll
+ 2012-04-15 00:49 . 2012-04-15 00:49 1711616 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\78e5f513b0f72eefd2520487234e2682\Microsoft.VisualBasic.ni.dll
+ 2012-04-15 00:17 . 2012-04-15 00:17 1092608 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\352ff12172320422fba0a1f3c897effd\Microsoft.Transactions.Bridge.ni.dll
+ 2012-04-15 00:52 . 2012-04-15 00:52 2332160 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\f343123b61afde383fa8802b4036406d\Microsoft.JScript.ni.dll
+ 2012-04-15 00:36 . 2012-04-15 00:36 1620480 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\8f93d800182e905d077708000000c2ed\Microsoft.Build.Tasks.ni.dll
+ 2012-04-15 00:36 . 2012-04-15 00:36 1965568 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\43283a953017aea23fba571fee822242\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-04-15 00:35 . 2012-04-15 00:35 1886208 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\be9d5f8a9c2c4bed5477e8fd55a97c50\Microsoft.Build.Engine.ni.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 3149824 c:\windows2\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-04-14 22:28 . 2012-04-14 22:28 3149824 c:\windows2\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2012-04-14 22:28 . 2012-04-14 22:28 2048000 c:\windows2\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 2048000 c:\windows2\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 5025792 c:\windows2\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-14 22:17 . 2012-04-14 22:17 5025792 c:\windows2\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-14 22:17 . 2012-04-14 22:17 5062656 c:\windows2\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 5062656 c:\windows2\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 5238784 c:\windows2\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-04-14 22:16 . 2012-04-14 22:16 5238784 c:\windows2\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-04-14 22:28 . 2012-04-14 22:28 2933248 c:\windows2\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 2933248 c:\windows2\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-04-14 22:21 . 2012-04-14 22:21 4546560 c:\windows2\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2011-12-24 07:52 . 2011-12-24 07:52 4546560 c:\windows2\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-08-15 00:32 . 2009-08-15 00:32 11110912 c:\windows2\Installer\c1559.msp
+ 2012-04-14 23:14 . 2012-04-14 23:14 12430848 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1d1239cae67610d8659752751abc7856\System.Windows.Forms.ni.dll
+ 2012-04-15 00:53 . 2012-04-15 00:53 11792384 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web\7ab978a5d4256384ba0af0dc24198117\System.Web.ni.dll
+ 2012-04-15 00:53 . 2012-04-15 00:53 17314816 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\6546b83e8dc6bda9d61e2b969ac380f3\System.ServiceModel.ni.dll
+ 2012-04-14 23:13 . 2012-04-14 23:13 10682368 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Design\5f5f201fb2705a1523212fcaf593bf5e\System.Design.ni.dll
+ 2012-04-14 23:12 . 2012-04-14 23:12 14322688 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e3d4d240794478ea8067ceed63bbad1e\PresentationFramework.ni.dll
+ 2012-04-14 23:12 . 2012-04-14 23:12 12215296 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationCore\4619e16b34a37586c8dbae5f71359156\PresentationCore.ni.dll
+ 2012-04-14 23:11 . 2012-04-14 23:11 11485184 c:\windows2\assembly\NativeImages_v2.0.50727_32\mscorlib\4b10d8196bb368996ec5d24fca777456\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"NvCplDaemon"="c:\windows2\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NvMediaCenter"="c:\windows2\system32\NvMcTray.dll" [2008-02-22 86016]
"IMJPMIG8.1"="c:\windows2\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows2\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows2\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows2\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"OEM02Mon.exe"="c:\windows2\OEM02Mon.exe" [2007-05-10 36864]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-04-09 2029456]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Svc2dll"="c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\svcxdcl32.exe" [BU]
"dplaysvr"="c:\documents and settings\Antonio.ANTONIO-LAPTOP\Application Data\dplaysvr.exe" [BU]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows2\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows2\system32\drivers\cmderd.sys [4/9/2010 1:25 AM 15464]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows2\system32\drivers\cmdGuard.sys [4/9/2010 1:25 AM 225344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows2\system32\drivers\cmdhlp.sys [4/9/2010 1:25 AM 25240]
R1 DLADiagM;DLADiagM;c:\windows2\system32\drivers\DLADiagM.SYS [10/3/2010 12:07 AM 13688]
R1 DLAPMonM;DLAPMonM;c:\windows2\system32\drivers\DLAPMonM.SYS [10/3/2010 12:07 AM 30744]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2/19/2010 5:00 PM 148744]
R2 SBKUPNT;SBKUPNT;c:\windows2\system32\drivers\SBKUPNT.SYS [10/17/2010 1:05 AM 14976]
S1 DLADHK_M;DLADHK_M;c:\windows2\system32\drivers\DLADHK_M.SYS [10/3/2010 12:07 AM 33592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 8:11 PM 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows2\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/1/2012 10:04 PM 253600]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 8:11 PM 135664]
S3 SysProtDrv.sys;SysProtDrv.sys;c:\documents and settings\Antonio.ANTONIO-LAPTOP\Desktop\SysProt\SysProt\SysProtDrv.sys [4/14/2012 3:52 PM 44288]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows2\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows2\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-16 c:\windows2\Tasks\Adobe Flash Player Updater.job
- c:\windows2\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:04]
.
2011-12-26 c:\windows2\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2012-04-16 c:\windows2\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 00:11]
.
2012-04-16 c:\windows2\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 00:11]
.
2012-04-16 c:\windows2\Tasks\WGASetup.job
- c:\windows2\system32\KB905474\wgasetup.exe [2012-04-14 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-04-16 19:05
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(912)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(1596)
c:\windows2\system32\msi.dll
c:\windows2\system32\ieframe.dll
c:\windows2\system32\webcheck.dll
.
Completion time: 2012-04-16 19:07:51
ComboFix-quarantined-files.txt 2012-04-16 23:07
ComboFix2.txt 2012-04-14 19:44
ComboFix3.txt 2012-04-14 06:00
ComboFix4.txt 2011-04-22 22:36
ComboFix5.txt 2012-04-16 22:46
.
Pre-Run: 13,517,705,216 bytes free
Post-Run: 14,075,211,776 bytes free
.
- - End Of File - - 1451A9E4005D5526E01F8B3F98D7A45F

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by Superdave on 17th April 2012, 12:32 am

TDSSKiller is the one scan that found anything the second time around. Could you please run it again and post the log.

Save these instructions so you can have access to them while in Safe Mode.

Please click [You must be registered and logged in to see this link.] to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 17th April 2012, 3:05 am

22:58:11.0968 1960 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
22:58:12.0562 1960 ============================================================
22:58:12.0562 1960 Current date / time: 2012/04/16 22:58:12.0562
22:58:12.0562 1960 SystemInfo:
22:58:12.0562 1960
22:58:12.0562 1960 OS Version: 5.1.2600 ServicePack: 2.0
22:58:12.0562 1960 Product type: Workstation
22:58:12.0562 1960 ComputerName: ANTONIO-LAPTOP
22:58:12.0562 1960 UserName: Antonio
22:58:12.0562 1960 Windows directory: C:\WINDOWS2
22:58:12.0562 1960 System windows directory: C:\WINDOWS2
22:58:12.0562 1960 Processor architecture: Intel x86
22:58:12.0562 1960 Number of processors: 2
22:58:12.0562 1960 Page size: 0x1000
22:58:12.0562 1960 Boot type: Normal boot
22:58:12.0562 1960 ============================================================
22:58:16.0078 1960 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:58:16.0078 1960 \Device\Harddisk0\DR0:
22:58:16.0078 1960 MBR used
22:58:16.0078 1960 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0xD3EEAC9
22:58:16.0203 1960 Initialize success
22:58:16.0203 1960 ============================================================
22:58:32.0359 0184 ============================================================
22:58:32.0359 0184 Scan started
22:58:32.0359 0184 Mode: Manual;
22:58:32.0359 0184 ============================================================
22:58:32.0671 0184 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
22:58:32.0671 0184 !SASCORE - ok
22:58:32.0812 0184 Abiosdsk - ok
22:58:32.0828 0184 abp480n5 - ok
22:58:32.0875 0184 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS2\system32\DRIVERS\ACPI.sys
22:58:32.0890 0184 ACPI - ok
22:58:32.0921 0184 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS2\system32\drivers\ACPIEC.sys
22:58:32.0937 0184 ACPIEC - ok
22:58:33.0031 0184 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS2\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:58:33.0031 0184 AdobeFlashPlayerUpdateSvc - ok
22:58:33.0140 0184 adpu160m - ok
22:58:33.0203 0184 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS2\system32\drivers\aec.sys
22:58:33.0203 0184 aec - ok
22:58:33.0265 0184 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS2\System32\drivers\afd.sys
22:58:33.0265 0184 AFD - ok
22:58:33.0281 0184 Aha154x - ok
22:58:33.0281 0184 aic78u2 - ok
22:58:33.0296 0184 aic78xx - ok
22:58:33.0359 0184 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS2\system32\alrsvc.dll
22:58:33.0359 0184 Alerter - ok
22:58:33.0390 0184 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS2\System32\alg.exe
22:58:33.0390 0184 ALG - ok
22:58:33.0515 0184 AliIde - ok
22:58:33.0531 0184 amsint - ok
22:58:33.0562 0184 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS2\SYSTEM32\DRIVERS\APPDRV.SYS
22:58:33.0578 0184 APPDRV - ok
22:58:33.0750 0184 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:58:33.0750 0184 Apple Mobile Device - ok
22:58:33.0875 0184 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS2\System32\appmgmts.dll
22:58:33.0890 0184 AppMgmt - ok
22:58:33.0953 0184 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS2\system32\DRIVERS\arp1394.sys
22:58:33.0953 0184 Arp1394 - ok
22:58:33.0968 0184 asc - ok
22:58:34.0000 0184 asc3350p - ok
22:58:34.0015 0184 asc3550 - ok
22:58:34.0140 0184 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS2\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:58:34.0140 0184 aspnet_state - ok
22:58:34.0312 0184 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS2\system32\DRIVERS\asyncmac.sys
22:58:34.0312 0184 AsyncMac - ok
22:58:34.0390 0184 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS2\system32\DRIVERS\atapi.sys
22:58:34.0390 0184 atapi - ok
22:58:34.0406 0184 Atdisk - ok
22:58:34.0453 0184 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS2\system32\DRIVERS\atmarpc.sys
22:58:34.0453 0184 Atmarpc - ok
22:58:34.0562 0184 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS2\System32\audiosrv.dll
22:58:34.0562 0184 AudioSrv - ok
22:58:34.0656 0184 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS2\system32\DRIVERS\audstub.sys
22:58:34.0656 0184 audstub - ok
22:58:34.0718 0184 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS2\system32\DRIVERS\bcm4sbxp.sys
22:58:34.0718 0184 bcm4sbxp - ok
22:58:34.0781 0184 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS2\system32\drivers\Beep.sys
22:58:34.0781 0184 Beep - ok
22:58:34.0843 0184 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS2\system32\qmgr.dll
22:58:34.0859 0184 BITS - ok
22:58:34.0984 0184 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:58:35.0000 0184 Bonjour Service - ok
22:58:35.0125 0184 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS2\System32\browser.dll
22:58:35.0140 0184 Browser - ok
22:58:35.0234 0184 catchme - ok
22:58:35.0296 0184 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS2\system32\drivers\cbidf2k.sys
22:58:35.0296 0184 cbidf2k - ok
22:58:35.0343 0184 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS2\system32\DRIVERS\CCDECODE.sys
22:58:35.0359 0184 CCDECODE - ok
22:58:35.0453 0184 cd20xrnt - ok
22:58:35.0515 0184 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS2\system32\drivers\Cdaudio.sys
22:58:35.0515 0184 Cdaudio - ok
22:58:35.0562 0184 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS2\system32\drivers\Cdfs.sys
22:58:35.0562 0184 Cdfs - ok
22:58:35.0640 0184 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS2\system32\DRIVERS\cdrom.sys
22:58:35.0640 0184 Cdrom - ok
22:58:35.0656 0184 Changer - ok
22:58:35.0687 0184 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS2\system32\cisvc.exe
22:58:35.0703 0184 CiSvc - ok
22:58:35.0812 0184 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS2\system32\clipsrv.exe
22:58:35.0812 0184 ClipSrv - ok
22:58:35.0890 0184 CLPSLS (56139566e462c1fb1775e140d4ee6b22) C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
22:58:35.0906 0184 CLPSLS - ok
22:58:36.0015 0184 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS2\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:58:36.0031 0184 clr_optimization_v2.0.50727_32 - ok
22:58:36.0109 0184 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS2\system32\DRIVERS\CmBatt.sys
22:58:36.0125 0184 CmBatt - ok
22:58:36.0218 0184 cmdAgent (8e0528204ca034cbc3af65cf1831a4f4) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
22:58:36.0265 0184 cmdAgent - ok
22:58:36.0421 0184 cmderd (ae1c31d030a21f0afabe2df269d1181f) C:\WINDOWS2\system32\DRIVERS\cmderd.sys
22:58:36.0421 0184 cmderd - ok
22:58:36.0453 0184 cmdGuard (ee8d7168cbbe3af052ea93015f51abe9) C:\WINDOWS2\system32\DRIVERS\cmdguard.sys
22:58:36.0453 0184 cmdGuard - ok
22:58:36.0515 0184 cmdHlp (45a1f7d2890681f22406458d93d03cc1) C:\WINDOWS2\system32\DRIVERS\cmdhlp.sys
22:58:36.0515 0184 cmdHlp - ok
22:58:36.0531 0184 CmdIde - ok
22:58:36.0578 0184 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS2\system32\DRIVERS\compbatt.sys
22:58:36.0578 0184 Compbatt - ok
22:58:36.0609 0184 COMSysApp - ok
22:58:36.0625 0184 Cpqarray - ok
22:58:36.0687 0184 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS2\System32\cryptsvc.dll
22:58:36.0687 0184 CryptSvc - ok
22:58:36.0796 0184 dac2w2k - ok
22:58:36.0812 0184 dac960nt - ok
22:58:36.0875 0184 DcomLaunch (5c83a4408604f737717ab96371201680) C:\WINDOWS2\system32\rpcss.dll
22:58:36.0890 0184 DcomLaunch - ok
22:58:36.0984 0184 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS2\System32\dhcpcsvc.dll
22:58:36.0984 0184 Dhcp - ok
22:58:37.0015 0184 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS2\system32\DRIVERS\disk.sys
22:58:37.0031 0184 Disk - ok
22:58:37.0062 0184 DLADHK_M (6b2c6d29bb1954f1a328faedfbec31d9) C:\WINDOWS2\system32\Drivers\DLADHK_M.SYS
22:58:37.0062 0184 DLADHK_M - ok
22:58:37.0125 0184 DLADiagM (2c31280ba21446e89ba2265fafba45b9) C:\WINDOWS2\system32\Drivers\DLADiagM.SYS
22:58:37.0125 0184 DLADiagM - ok
22:58:37.0140 0184 DLAPMonM (8ea0b56da6197d557aed3f2a843738aa) C:\WINDOWS2\system32\Drivers\DLAPMonM.SYS
22:58:37.0140 0184 DLAPMonM - ok
22:58:37.0156 0184 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS2\system32\Drivers\DLARTL_M.SYS
22:58:37.0156 0184 DLARTL_M - ok
22:58:37.0171 0184 dmadmin - ok
22:58:37.0250 0184 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS2\system32\drivers\dmboot.sys
22:58:37.0265 0184 dmboot - ok
22:58:37.0421 0184 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS2\system32\drivers\dmio.sys
22:58:37.0437 0184 dmio - ok
22:58:37.0468 0184 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS2\system32\drivers\dmload.sys
22:58:37.0468 0184 dmload - ok
22:58:37.0531 0184 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS2\System32\dmserver.dll
22:58:37.0531 0184 dmserver - ok
22:58:37.0593 0184 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS2\system32\drivers\DMusic.sys
22:58:37.0593 0184 DMusic - ok
22:58:37.0609 0184 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS2\System32\dnsrslvr.dll
22:58:37.0609 0184 Dnscache - ok
22:58:37.0734 0184 dpti2o - ok
22:58:37.0781 0184 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS2\system32\drivers\drmkaud.sys
22:58:37.0781 0184 drmkaud - ok
22:58:37.0843 0184 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS2\System32\ersvc.dll
22:58:37.0843 0184 ERSvc - ok
22:58:37.0890 0184 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS2\system32\services.exe
22:58:37.0906 0184 Eventlog - ok
22:58:37.0968 0184 EventSystem (acd36a2dd7d1e9d8a060aa651dc07e63) C:\WINDOWS2\system32\es.dll
22:58:37.0968 0184 EventSystem - ok
22:58:38.0140 0184 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS2\system32\drivers\Fastfat.sys
22:58:38.0140 0184 Fastfat - ok
22:58:38.0171 0184 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS2\System32\shsvcs.dll
22:58:38.0187 0184 FastUserSwitchingCompatibility - ok
22:58:38.0203 0184 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS2\system32\drivers\Fdc.sys
22:58:38.0203 0184 Fdc - ok
22:58:38.0234 0184 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS2\system32\drivers\Fips.sys
22:58:38.0234 0184 Fips - ok
22:58:38.0250 0184 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS2\system32\drivers\Flpydisk.sys
22:58:38.0250 0184 Flpydisk - ok
22:58:38.0328 0184 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS2\system32\DRIVERS\fltMgr.sys
22:58:38.0328 0184 FltMgr - ok
22:58:38.0484 0184 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS2\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:58:38.0500 0184 FontCache3.0.0.0 - ok
22:58:38.0609 0184 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS2\system32\drivers\Fs_Rec.sys
22:58:38.0609 0184 Fs_Rec - ok
22:58:38.0671 0184 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS2\system32\DRIVERS\ftdisk.sys
22:58:38.0687 0184 Ftdisk - ok
22:58:38.0734 0184 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS2\system32\DRIVERS\GEARAspiWDM.sys
22:58:38.0734 0184 GEARAspiWDM - ok
22:58:38.0875 0184 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS2\system32\DRIVERS\msgpc.sys
22:58:38.0890 0184 Gpc - ok
22:58:39.0031 0184 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:58:39.0031 0184 gupdate - ok
22:58:39.0031 0184 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:58:39.0031 0184 gupdatem - ok
22:58:39.0093 0184 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS2\system32\DRIVERS\HDAudBus.sys
22:58:39.0093 0184 HDAudBus - ok
22:58:39.0218 0184 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS2\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:58:39.0218 0184 helpsvc - ok
22:58:39.0296 0184 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS2\System32\hidserv.dll
22:58:39.0296 0184 HidServ - ok
22:58:39.0390 0184 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS2\system32\DRIVERS\hidusb.sys
22:58:39.0390 0184 HidUsb - ok
22:58:39.0406 0184 hpn - ok
22:58:39.0484 0184 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS2\system32\DRIVERS\HSFHWAZL.sys
22:58:39.0484 0184 HSFHWAZL - ok
22:58:39.0609 0184 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS2\system32\DRIVERS\HSF_DPV.sys
22:58:39.0656 0184 HSF_DPV - ok
22:58:39.0828 0184 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS2\system32\Drivers\HTTP.sys
22:58:39.0828 0184 HTTP - ok
22:58:39.0906 0184 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS2\System32\w3ssl.dll
22:58:39.0906 0184 HTTPFilter - ok
22:58:39.0921 0184 i2omgmt - ok
22:58:39.0937 0184 i2omp - ok
22:58:40.0000 0184 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS2\system32\DRIVERS\i8042prt.sys
22:58:40.0000 0184 i8042prt - ok
22:58:40.0234 0184 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:58:40.0328 0184 idsvc - ok
22:58:40.0500 0184 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS2\system32\DRIVERS\imapi.sys
22:58:40.0500 0184 Imapi - ok
22:58:40.0546 0184 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS2\system32\imapi.exe
22:58:40.0562 0184 ImapiService - ok
22:58:40.0578 0184 ini910u - ok
22:58:40.0593 0184 IntelIde - ok
22:58:40.0640 0184 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS2\system32\DRIVERS\intelppm.sys
22:58:40.0656 0184 intelppm - ok
22:58:40.0687 0184 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS2\system32\DRIVERS\Ip6Fw.sys
22:58:40.0687 0184 Ip6Fw - ok
22:58:40.0828 0184 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS2\system32\DRIVERS\ipinip.sys
22:58:40.0828 0184 IpInIp - ok
22:58:40.0859 0184 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS2\system32\DRIVERS\ipnat.sys
22:58:40.0875 0184 IpNat - ok
22:58:41.0062 0184 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
22:58:41.0109 0184 iPod Service - ok
22:58:41.0281 0184 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS2\system32\DRIVERS\ipsec.sys
22:58:41.0281 0184 IPSec - ok
22:58:41.0359 0184 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS2\system32\DRIVERS\irenum.sys
22:58:41.0359 0184 IRENUM - ok
22:58:41.0421 0184 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS2\system32\DRIVERS\isapnp.sys
22:58:41.0421 0184 isapnp - ok
22:58:41.0562 0184 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
22:58:41.0578 0184 JavaQuickStarterService - ok
22:58:41.0734 0184 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS2\system32\DRIVERS\kbdclass.sys
22:58:41.0750 0184 Kbdclass - ok
22:58:41.0796 0184 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS2\system32\drivers\kmixer.sys
22:58:41.0812 0184 kmixer - ok
22:58:41.0843 0184 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS2\system32\drivers\KSecDD.sys
22:58:41.0859 0184 KSecDD - ok
22:58:41.0906 0184 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS2\System32\srvsvc.dll
22:58:41.0921 0184 lanmanserver - ok
22:58:42.0046 0184 lanmanworkstation (2c0a7b2ae9c26f2c163627679b42783c) C:\WINDOWS2\System32\wkssvc.dll
22:58:42.0046 0184 lanmanworkstation - ok
22:58:42.0093 0184 lbrtfdc - ok
22:58:42.0125 0184 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS2\System32\lmhsvc.dll
22:58:42.0125 0184 LmHosts - ok
22:58:42.0234 0184 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:58:42.0234 0184 MDM - ok
22:58:42.0421 0184 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS2\system32\DRIVERS\mdmxsdk.sys
22:58:42.0421 0184 mdmxsdk - ok
22:58:42.0500 0184 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS2\System32\msgsvc.dll
22:58:42.0515 0184 Messenger - ok
22:58:42.0593 0184 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS2\system32\drivers\mnmdd.sys
22:58:42.0593 0184 mnmdd - ok
22:58:42.0656 0184 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS2\system32\mnmsrvc.exe
22:58:42.0671 0184 mnmsrvc - ok
22:58:42.0781 0184 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS2\system32\drivers\Modem.sys
22:58:42.0781 0184 Modem - ok
22:58:42.0828 0184 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS2\system32\DRIVERS\mouclass.sys
22:58:42.0828 0184 Mouclass - ok
22:58:42.0906 0184 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS2\system32\DRIVERS\mouhid.sys
22:58:42.0906 0184 mouhid - ok
22:58:42.0984 0184 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS2\system32\drivers\MountMgr.sys
22:58:42.0984 0184 MountMgr - ok
22:58:43.0046 0184 mraid35x - ok
22:58:43.0062 0184 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS2\system32\DRIVERS\mrxdav.sys
22:58:43.0062 0184 MRxDAV - ok
22:58:43.0109 0184 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS2\system32\DRIVERS\mrxsmb.sys
22:58:43.0203 0184 MRxSmb - ok
22:58:43.0328 0184 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS2\system32\msdtc.exe
22:58:43.0328 0184 MSDTC - ok
22:58:43.0453 0184 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS2\system32\drivers\Msfs.sys
22:58:43.0453 0184 Msfs - ok
22:58:43.0468 0184 MSIServer - ok
22:58:43.0546 0184 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS2\system32\drivers\MSKSSRV.sys
22:58:43.0546 0184 MSKSSRV - ok
22:58:43.0593 0184 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS2\system32\drivers\MSPCLOCK.sys
22:58:43.0593 0184 MSPCLOCK - ok
22:58:43.0750 0184 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS2\system32\drivers\MSPQM.sys
22:58:43.0750 0184 MSPQM - ok
22:58:43.0796 0184 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS2\system32\DRIVERS\mssmbios.sys
22:58:43.0812 0184 mssmbios - ok
22:58:43.0828 0184 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS2\system32\drivers\MSTEE.sys
22:58:43.0843 0184 MSTEE - ok
22:58:43.0890 0184 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS2\system32\drivers\Mup.sys
22:58:43.0906 0184 Mup - ok
22:58:43.0937 0184 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS2\system32\DRIVERS\NABTSFEC.sys
22:58:43.0937 0184 NABTSFEC - ok
22:58:44.0093 0184 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS2\system32\drivers\NDIS.sys
22:58:44.0109 0184 NDIS - ok
22:58:44.0125 0184 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS2\system32\DRIVERS\NdisIP.sys
22:58:44.0125 0184 NdisIP - ok
22:58:44.0203 0184 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS2\system32\DRIVERS\ndistapi.sys
22:58:44.0203 0184 NdisTapi - ok
22:58:44.0250 0184 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS2\system32\DRIVERS\ndisuio.sys
22:58:44.0250 0184 Ndisuio - ok
22:58:44.0312 0184 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS2\system32\DRIVERS\ndiswan.sys
22:58:44.0328 0184 NdisWan - ok
22:58:44.0468 0184 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS2\system32\drivers\NDProxy.sys
22:58:44.0468 0184 NDProxy - ok
22:58:44.0515 0184 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS2\system32\DRIVERS\netbios.sys
22:58:44.0515 0184 NetBIOS - ok
22:58:44.0546 0184 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS2\system32\DRIVERS\netbt.sys
22:58:44.0546 0184 NetBT - ok
22:58:44.0609 0184 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS2\system32\netdde.exe
22:58:44.0625 0184 NetDDE - ok
22:58:44.0625 0184 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS2\system32\netdde.exe
22:58:44.0640 0184 NetDDEdsdm - ok
22:58:44.0687 0184 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS2\system32\lsass.exe
22:58:44.0687 0184 Netlogon - ok
22:58:44.0828 0184 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS2\System32\netman.dll
22:58:44.0843 0184 Netman - ok
22:58:44.0984 0184 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:58:44.0984 0184 NetTcpPortSharing - ok
22:58:45.0156 0184 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS2\system32\DRIVERS\NETw4x32.sys
22:58:45.0234 0184 NETw4x32 - ok
22:58:45.0375 0184 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS2\system32\DRIVERS\nic1394.sys
22:58:45.0390 0184 NIC1394 - ok
22:58:45.0468 0184 Nla (4e74af063c3271fbea20dd940cfd1184) C:\WINDOWS2\System32\mswsock.dll
22:58:45.0484 0184 Nla - ok
22:58:45.0531 0184 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS2\system32\drivers\Npfs.sys
22:58:45.0531 0184 Npfs - ok
22:58:45.0562 0184 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS2\system32\drivers\Ntfs.sys
22:58:45.0562 0184 Ntfs - ok
22:58:45.0703 0184 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS2\system32\lsass.exe
22:58:45.0703 0184 NtLmSsp - ok
22:58:45.0765 0184 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS2\system32\ntmssvc.dll
22:58:45.0781 0184 NtmsSvc - ok
22:58:45.0937 0184 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS2\system32\drivers\Null.sys
22:58:45.0937 0184 Null - ok
22:58:46.0203 0184 nv (0390b9368ea20dfb9e416a520b28a555) C:\WINDOWS2\system32\DRIVERS\nv4_mini.sys
22:58:46.0437 0184 nv - ok
22:58:46.0578 0184 NVSvc (a9fb3ef9a6385b56e8a6bd758ac01b94) C:\WINDOWS2\system32\nvsvc32.exe
22:58:46.0593 0184 NVSvc - ok
22:58:46.0671 0184 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS2\system32\DRIVERS\nwlnkflt.sys
22:58:46.0671 0184 NwlnkFlt - ok
22:58:46.0703 0184 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS2\system32\DRIVERS\nwlnkfwd.sys
22:58:46.0703 0184 NwlnkFwd - ok
22:58:46.0750 0184 OEM02Afx (58f478fd0115012ceec75fb73628901c) C:\WINDOWS2\system32\Drivers\OEM02Afx.sys
22:58:46.0765 0184 OEM02Afx - ok
22:58:46.0812 0184 OEM02Dev (19cac780b858822055f46c58a111723c) C:\WINDOWS2\system32\DRIVERS\OEM02Dev.sys
22:58:46.0828 0184 OEM02Dev - ok
22:58:46.0968 0184 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS2\system32\DRIVERS\OEM02Vfx.sys
22:58:46.0968 0184 OEM02Vfx - ok
22:58:47.0015 0184 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS2\system32\DRIVERS\ohci1394.sys
22:58:47.0031 0184 ohci1394 - ok
22:58:47.0125 0184 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:58:47.0125 0184 ose - ok
22:58:47.0203 0184 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS2\system32\drivers\Parport.sys
22:58:47.0203 0184 Parport - ok
22:58:47.0343 0184 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS2\system32\drivers\PartMgr.sys
22:58:47.0343 0184 PartMgr - ok
22:58:47.0421 0184 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS2\system32\drivers\ParVdm.sys
22:58:47.0421 0184 ParVdm - ok
22:58:47.0453 0184 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS2\system32\DRIVERS\pci.sys
22:58:47.0453 0184 PCI - ok
22:58:47.0468 0184 PCIDump - ok
22:58:47.0484 0184 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS2\system32\DRIVERS\pciide.sys
22:58:47.0484 0184 PCIIde - ok
22:58:47.0531 0184 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS2\system32\drivers\Pcmcia.sys
22:58:47.0531 0184 Pcmcia - ok
22:58:47.0546 0184 PDCOMP - ok
22:58:47.0562 0184 PDFRAME - ok
22:58:47.0578 0184 PDRELI - ok
22:58:47.0593 0184 PDRFRAME - ok
22:58:47.0609 0184 perc2 - ok
22:58:47.0625 0184 perc2hib - ok
22:58:47.0703 0184 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS2\system32\services.exe
22:58:47.0718 0184 PlugPlay - ok
22:58:47.0812 0184 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS2\system32\lsass.exe
22:58:47.0812 0184 PolicyAgent - ok
22:58:47.0906 0184 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS2\system32\DRIVERS\raspptp.sys
22:58:47.0906 0184 PptpMiniport - ok
22:58:47.0921 0184 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS2\system32\lsass.exe
22:58:47.0921 0184 ProtectedStorage - ok
22:58:47.0937 0184 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS2\system32\DRIVERS\psched.sys
22:58:47.0937 0184 PSched - ok
22:58:47.0984 0184 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS2\system32\DRIVERS\ptilink.sys
22:58:47.0984 0184 Ptilink - ok
22:58:48.0000 0184 ql1080 - ok
22:58:48.0015 0184 Ql10wnt - ok
22:58:48.0031 0184 ql12160 - ok
22:58:48.0046 0184 ql1240 - ok
22:58:48.0062 0184 ql1280 - ok
22:58:48.0109 0184 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS2\system32\DRIVERS\rasacd.sys
22:58:48.0109 0184 RasAcd - ok
22:58:48.0156 0184 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS2\System32\rasauto.dll
22:58:48.0171 0184 RasAuto - ok
22:58:48.0328 0184 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS2\system32\DRIVERS\rasl2tp.sys
22:58:48.0328 0184 Rasl2tp - ok
22:58:48.0390 0184 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS2\System32\rasmans.dll
22:58:48.0406 0184 RasMan - ok
22:58:48.0421 0184 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS2\system32\DRIVERS\raspppoe.sys
22:58:48.0421 0184 RasPppoe - ok
22:58:48.0468 0184 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS2\system32\DRIVERS\raspti.sys
22:58:48.0468 0184 Raspti - ok
22:58:48.0515 0184 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS2\system32\DRIVERS\rdbss.sys
22:58:48.0515 0184 Rdbss - ok
22:58:48.0546 0184 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS2\system32\DRIVERS\RDPCDD.sys
22:58:48.0546 0184 RDPCDD - ok
22:58:48.0718 0184 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS2\system32\DRIVERS\rdpdr.sys
22:58:48.0734 0184 rdpdr - ok
22:58:48.0781 0184 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS2\system32\drivers\RDPWD.sys
22:58:48.0796 0184 RDPWD - ok
22:58:48.0812 0184 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS2\system32\sessmgr.exe
22:58:48.0828 0184 RDSessMgr - ok
22:58:48.0890 0184 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS2\system32\DRIVERS\redbook.sys
22:58:48.0890 0184 redbook - ok
22:58:49.0046 0184 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS2\System32\mprdim.dll
22:58:49.0062 0184 RemoteAccess - ok
22:58:49.0109 0184 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS2\system32\regsvc.dll
22:58:49.0109 0184 RemoteRegistry - ok
22:58:49.0203 0184 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS2\system32\DRIVERS\rimmptsk.sys
22:58:49.0203 0184 rimmptsk - ok
22:58:49.0218 0184 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS2\system32\DRIVERS\rimsptsk.sys
22:58:49.0218 0184 rimsptsk - ok
22:58:49.0234 0184 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS2\system32\DRIVERS\rixdptsk.sys
22:58:49.0250 0184 rismxdp - ok
22:58:49.0312 0184 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS2\system32\locator.exe
22:58:49.0312 0184 RpcLocator - ok
22:58:49.0484 0184 RpcSs (5c83a4408604f737717ab96371201680) C:\WINDOWS2\System32\rpcss.dll
22:58:49.0484 0184 RpcSs - ok
22:58:49.0531 0184 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS2\system32\rsvp.exe
22:58:49.0546 0184 RSVP - ok
22:58:49.0562 0184 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS2\system32\lsass.exe
22:58:49.0578 0184 SamSs - ok
22:58:49.0718 0184 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:58:49.0718 0184 SASDIFSV - ok
22:58:49.0750 0184 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:58:49.0750 0184 SASKUTIL - ok
22:58:49.0906 0184 SBKUPNT (729248b54aff21e740054acebfdbcb1c) C:\WINDOWS2\system32\Drivers\SBKUPNT.SYS
22:58:49.0906 0184 SBKUPNT - ok
22:58:49.0984 0184 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS2\System32\SCardSvr.exe
22:58:50.0000 0184 SCardSvr - ok
22:58:50.0062 0184 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS2\system32\schedsvc.dll
22:58:50.0078 0184 Schedule - ok
22:58:50.0109 0184 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS2\system32\DRIVERS\sdbus.sys
22:58:50.0109 0184 sdbus - ok
22:58:50.0140 0184 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS2\system32\DRIVERS\secdrv.sys
22:58:50.0140 0184 Secdrv - ok
22:58:50.0281 0184 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS2\System32\seclogon.dll
22:58:50.0296 0184 seclogon - ok
22:58:50.0343 0184 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS2\system32\sens.dll
22:58:50.0343 0184 SENS - ok
22:58:50.0437 0184 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS2\system32\drivers\Serial.sys
22:58:50.0437 0184 Serial - ok
22:58:50.0515 0184 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS2\system32\DRIVERS\sffdisk.sys
22:58:50.0531 0184 sffdisk - ok
22:58:50.0671 0184 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS2\system32\DRIVERS\sffp_sd.sys
22:58:50.0671 0184 sffp_sd - ok
22:58:50.0703 0184 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS2\system32\drivers\Sfloppy.sys
22:58:50.0703 0184 Sfloppy - ok
22:58:50.0781 0184 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS2\System32\ipnathlp.dll
22:58:50.0781 0184 SharedAccess - ok
22:58:50.0937 0184 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS2\System32\shsvcs.dll
22:58:50.0937 0184 ShellHWDetection - ok
22:58:50.0968 0184 Simbad - ok
22:58:51.0031 0184 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS2\system32\DRIVERS\SLIP.sys
22:58:51.0046 0184 SLIP - ok
22:58:51.0093 0184 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS2\system32\DRIVERS\SONYPVU1.SYS
22:58:51.0093 0184 SONYPVU1 - ok
22:58:51.0218 0184 Sparrow - ok
22:58:51.0281 0184 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS2\system32\drivers\splitter.sys
22:58:51.0281 0184 splitter - ok
22:58:51.0359 0184 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS2\system32\spoolsv.exe
22:58:51.0359 0184 Spooler - ok
22:58:51.0406 0184 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS2\system32\DRIVERS\sr.sys
22:58:51.0406 0184 sr - ok
22:58:51.0437 0184 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS2\system32\srsvc.dll
22:58:51.0453 0184 srservice - ok
22:58:51.0500 0184 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS2\system32\DRIVERS\srv.sys
22:58:51.0500 0184 Srv - ok
22:58:51.0640 0184 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS2\System32\ssdpsrv.dll
22:58:51.0640 0184 SSDPSRV - ok
22:58:51.0796 0184 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS2\system32\drivers\sthda.sys
22:58:51.0812 0184 STHDA - ok
22:58:51.0968 0184 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS2\system32\wiaservc.dll
22:58:51.0984 0184 stisvc - ok
22:58:52.0062 0184 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS2\system32\DRIVERS\StreamIP.sys
22:58:52.0078 0184 streamip - ok
22:58:52.0125 0184 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS2\system32\DRIVERS\swenum.sys
22:58:52.0125 0184 swenum - ok
22:58:52.0265 0184 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS2\system32\drivers\swmidi.sys
22:58:52.0265 0184 swmidi - ok
22:58:52.0281 0184 SwPrv - ok
22:58:52.0296 0184 symc810 - ok
22:58:52.0312 0184 symc8xx - ok
22:58:52.0343 0184 sym_hi - ok
22:58:52.0359 0184 sym_u3 - ok
22:58:52.0406 0184 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS2\system32\drivers\sysaudio.sys
22:58:52.0406 0184 sysaudio - ok
22:58:52.0453 0184 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS2\system32\smlogsvc.exe
22:58:52.0468 0184 SysmonLog - ok
22:58:52.0703 0184 SysProtDrv.sys (7d5b6655442dbcf5e3b86a134ab90584) C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\SysProt\SysProt\SysProtDrv.sys
22:58:52.0828 0184 SysProtDrv.sys - ok
22:58:52.0953 0184 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS2\System32\tapisrv.dll
22:58:52.0968 0184 TapiSrv - ok
22:58:53.0078 0184 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS2\system32\DRIVERS\tcpip.sys
22:58:53.0078 0184 Tcpip - ok
22:58:53.0218 0184 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS2\system32\drivers\TDPIPE.sys
22:58:53.0218 0184 TDPIPE - ok
22:58:53.0250 0184 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS2\system32\drivers\TDTCP.sys
22:58:53.0265 0184 TDTCP - ok
22:58:53.0328 0184 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS2\system32\DRIVERS\termdd.sys
22:58:53.0343 0184 TermDD - ok
22:58:53.0406 0184 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS2\System32\termsrv.dll
22:58:53.0421 0184 TermService - ok
22:58:53.0562 0184 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS2\System32\shsvcs.dll
22:58:53.0578 0184 Themes - ok
22:58:53.0625 0184 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS2\system32\tlntsvr.exe
22:58:53.0625 0184 TlntSvr - ok
22:58:53.0671 0184 TosIde - ok
22:58:53.0734 0184 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS2\system32\trkwks.dll
22:58:53.0734 0184 TrkWks - ok
22:58:53.0781 0184 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS2\system32\drivers\Udfs.sys
22:58:53.0781 0184 Udfs - ok
22:58:53.0890 0184 ultra - ok
22:58:53.0953 0184 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS2\system32\DRIVERS\update.sys
22:58:53.0953 0184 Update - ok
22:58:54.0031 0184 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS2\System32\upnphost.dll
22:58:54.0031 0184 upnphost - ok
22:58:54.0078 0184 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS2\System32\ups.exe
22:58:54.0078 0184 UPS - ok
22:58:54.0140 0184 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS2\system32\Drivers\usbaapl.sys
22:58:54.0156 0184 USBAAPL - ok
22:58:54.0281 0184 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS2\system32\DRIVERS\usbccgp.sys
22:58:54.0281 0184 usbccgp - ok
22:58:54.0359 0184 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS2\system32\DRIVERS\usbehci.sys
22:58:54.0375 0184 usbehci - ok
22:58:54.0390 0184 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS2\system32\DRIVERS\usbhub.sys
22:58:54.0406 0184 usbhub - ok
22:58:54.0453 0184 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS2\system32\DRIVERS\usbscan.sys
22:58:54.0453 0184 usbscan - ok
22:58:54.0515 0184 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS2\system32\DRIVERS\USBSTOR.SYS
22:58:54.0515 0184 USBSTOR - ok
22:58:54.0562 0184 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS2\system32\DRIVERS\usbuhci.sys
22:58:54.0562 0184 usbuhci - ok
22:58:54.0703 0184 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS2\system32\Drivers\usbvideo.sys
22:58:54.0703 0184 usbvideo - ok
22:58:54.0750 0184 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS2\System32\drivers\vga.sys
22:58:54.0750 0184 VgaSave - ok
22:58:54.0781 0184 ViaIde - ok
22:58:54.0843 0184 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS2\system32\drivers\VolSnap.sys
22:58:54.0843 0184 VolSnap - ok
22:58:54.0921 0184 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS2\System32\vssvc.exe
22:58:54.0937 0184 VSS - ok
22:58:55.0078 0184 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS2\system32\w32time.dll
22:58:55.0078 0184 W32Time - ok
22:58:55.0187 0184 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS2\system32\DRIVERS\wanarp.sys
22:58:55.0187 0184 Wanarp - ok
22:58:55.0203 0184 WDICA - ok
22:58:55.0250 0184 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS2\system32\drivers\wdmaud.sys
22:58:55.0265 0184 wdmaud - ok
22:58:55.0312 0184 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS2\System32\webclnt.dll
22:58:55.0328 0184 WebClient - ok
22:58:55.0406 0184 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS2\system32\DRIVERS\HSF_CNXT.sys
22:58:55.0421 0184 winachsf - ok
22:58:55.0625 0184 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS2\system32\wbem\WMIsvc.dll
22:58:55.0625 0184 winmgmt - ok
22:58:55.0718 0184 WmdmPmSN (c086483e3dba8c1c0a687ec8d5b3d4c1) C:\WINDOWS2\system32\mspmsnsv.dll
22:58:55.0718 0184 WmdmPmSN - ok
22:58:55.0796 0184 Wmi (1aff244ca134956c54474f4e2433e4ce) C:\WINDOWS2\System32\advapi32.dll
22:58:55.0812 0184 Wmi - ok
22:58:56.0000 0184 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS2\system32\DRIVERS\wmiacpi.sys
22:58:56.0000 0184 WmiAcpi - ok
22:58:56.0078 0184 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS2\system32\wbem\wmiapsrv.exe
22:58:56.0078 0184 WmiApSrv - ok
22:58:56.0125 0184 WPFFontCache_v0400 - ok
22:58:56.0187 0184 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS2\System32\drivers\ws2ifsl.sys
22:58:56.0187 0184 WS2IFSL - ok
22:58:56.0328 0184 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS2\system32\wscsvc.dll
22:58:56.0343 0184 wscsvc - ok
22:58:56.0421 0184 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS2\system32\DRIVERS\WSTCODEC.SYS
22:58:56.0421 0184 WSTCODEC - ok
22:58:56.0531 0184 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:58:56.0625 0184 wuauserv - ok
22:58:56.0765 0184 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS2\System32\wzcsvc.dll
22:58:56.0781 0184 WZCSVC - ok
22:58:56.0843 0184 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS2\System32\xmlprov.dll
22:58:56.0843 0184 xmlprov - ok
22:58:56.0906 0184 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:58:57.0453 0184 \Device\Harddisk0\DR0 - ok
22:58:57.0453 0184 Boot (0x1200) (b555b91f577cbb009e14078586928726) \Device\Harddisk0\DR0\Partition0
22:58:57.0453 0184 \Device\Harddisk0\DR0\Partition0 - ok
22:58:57.0453 0184 ============================================================
22:58:57.0453 0184 Scan finished
22:58:57.0453 0184 ============================================================
22:58:57.0468 2904 Detected object count: 0
22:58:57.0468 2904 Actual detected object count: 0

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by Superdave on 17th April 2012, 7:01 pm

It didn't pick up anything that time. Did you run AVP?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 17th April 2012, 11:39 pm

Yes I did. It too a very very long time and I had to leave on as I went to work.

The AVP tool detected 3 threats and I opted to delete them all when I was prompted to. I saved a text file the results in my desktop, but for some reason I am unable to open it. Maybe because of the size of the scan log?

So far my laptop seems a lot faster and alot more responsive.

Comodo however detected something called Verclsid.exe. I googled and it seems to be part of a download from Microsoft. Please advice if I should run the program. and remove it from Comodo's sandbox

[You must be registered and logged in to see this link.]

Again, thanks for all your help.

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 17th April 2012, 11:49 pm

The text file was able to open! Below are the the 3 deleted files:



4/17/2012 6:29:32 PM Deleted: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{0BC7B696-48BC-4B67-B004-BEAA157F7FC8}\RP452\A0059877.dll

4/17/2012 5:50:39 AM Deleted: Exploit.Java.CVE-2012-0507.ax C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Sun\Java\Deployment\cache\6.0\63\278cad7f-14b34e46/ya/yc.class

4/17/2012 5:51:13 AM Deleted: HEUR:Trojan.Win32.Generic C:\WINDOWS\system32\setuph.dll

Also, please advice on what to do with Verclsid.exe.

Thanks

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by Superdave on 18th April 2012, 6:42 pm

Comodo however detected something called Verclsid.exe. I googled and it seems to be part of a download from Microsoft. Please advice if I should run the program. and remove it from Comodo's sandbox
Yes, it seems safe.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 19th April 2012, 3:07 am

ysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: F4EE8000
Module End: F4F00000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7C24000
Module End: F7C26000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAdjustPrivilegesToken
Address: F5147226
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwConnectPort
Address: F51467CA
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateFile
Address: F5146E8C
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateKey
Address: F5147A7A
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreatePort
Address: F51466A6
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateSection
Address: F51497BA
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateSymbolicLinkObject
Address: F5149B50
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateThread
Address: F51461EA
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDeleteKey
Address: F5147412
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDeleteValueKey
Address: F5147606
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDuplicateObject
Address: F514601C
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwEnumerateKey
Address: F514812C
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwEnumerateValueKey
Address: F514836A
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwLoadDriver
Address: F51493F6
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwMakeTemporaryObject
Address: F5146A66
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenFile
Address: F5147068
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenKey
Address: F5147A6A
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenProcess
Address: F5145D00
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenSection
Address: F5146D16
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenThread
Address: F5145E98
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwQueryKey
Address: F5148552
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwQueryMultipleValueKey
Address: F5148916
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwQueryValueKey
Address: F514872E
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwRenameKey
Address: F5147F44
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwRequestWaitReplyPort
Address: F5148E8A
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSecureConnectPort
Address: F514913E
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetSecurityObject
Address: F5147842
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetSystemInformation
Address: F51495C2
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetValueKey
Address: F5147CCC
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwShutdownSystem
Address: F5146A00
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSystemDebugControl
Address: F5146C02
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwTerminateProcess
Address: F5146544
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwTerminateThread
Address: F51463EA
Driver Base: F513D000
Driver End: F5173000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\5AB073CC.TMP
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\6F0385AD.TMP
Status: Access denied

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by Superdave on 19th April 2012, 6:03 pm

Please give me an update on how your computer is working.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 19th April 2012, 11:47 pm

Hello,

The computer is working really well! I am currently running the scan with ESET online and will be posting the results soon.

From what I read online, the Qoobox folder is a part of ComboFix. Inside that folder is a folder called "BackEnv" and "Quarantine." Is it okay to delete the Quarantine folder?

Thanks.

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 20th April 2012, 3:20 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a15170fa456ed14893db49d48eb960ce
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-15 02:15:53
# local_time=2012-04-14 10:15:53 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 135391623 135391623 0 0
# compatibility_mode=3073 16777189 80 92 0 62734511 0 0
# compatibility_mode=8192 67108863 100 0 30770363 30770363 0 0
# scanned=147239
# found=0
# cleaned=0
# scan_time=9283
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a15170fa456ed14893db49d48eb960ce
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-20 03:10:42
# local_time=2012-04-19 11:10:42 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 135820223 135820223 0 0
# compatibility_mode=3073 16777173 80 92 0 63163111 0 0
# compatibility_mode=8192 67108863 100 0 31198963 31198963 0 0
# scanned=130133
# found=1
# cleaned=1
# scan_time=15970
C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Sun\Java\Deployment\cache\6.0\63\278cad7f-14b34e46 a variant of Java/Exploit.Agent.NAY trojan (deleted - quarantined) 00000000000000000000000000000000 C

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by Superdave on 20th April 2012, 6:28 pm

Is it okay to delete the Quarantine folder?
We will do that in this cleanup.

To uninstall ComboFix


  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall




(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

**************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
****************************************************
Clean out your temporary internet files and temp files.

Download [You must be registered and logged in to see this link.] to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) [You must be registered and logged in to see this link.] (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) [You must be registered and logged in to see this link.]
3) [You must be registered and logged in to see this link.]
4) [You must be registered and logged in to see this link.]

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*************************************************************
Use the [You must be registered and logged in to see this link.] to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to [You must be registered and logged in to see this link.] and get all critical updates.

----------

I suggest using [You must be registered and logged in to see this link.]. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

[You must be registered and logged in to see this link.]- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* [You must be registered and logged in to see this link.] from Spyware and Malware
* If you don't know what ActiveX controls are, see [You must be registered and logged in to see this link.]

Protect yourself against spyware using the Immunize feature in [You must be registered and logged in to see this link.] Guide: [You must be registered and logged in to see this link.] to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. [You must be registered and logged in to see this link.]

Check out [You must be registered and logged in to see this link.] for tips and free tools to help keep you safe in the future.

Also see [You must be registered and logged in to see this link.] for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 21st April 2012, 12:46 am

Thank you for all your help! My computer seems better than ever!

This might be a silly question, but I decided to download COMODO firewall, and after isntalling, I cannot locate my COMDO Antivirus. Did the firewall completely save over and replace my Antivirus??

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by Superdave on 21st April 2012, 5:45 pm

Did the firewall completely save over and replace my Antivirus??
I seriously doubt that. Please run this scanner and post the log.

Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 21st April 2012, 11:57 pm

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
COMODO Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
SUPERAntiSpyware
CCleaner
Java(TM) 6 Update 29
Java version out of date!
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````End of Log````````````

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by Superdave on 22nd April 2012, 11:36 pm

I would say that your COMODO Internet Security is an all-in-program. You can google it to verify.

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.


First [You must be registered and logged in to see this link.]

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the [You must be registered and logged in to see this link.].

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download [You must be registered and logged in to see this link.] and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: [You must be registered and logged in to see this link.] adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on 23rd April 2012, 12:19 am

Thank you for all the help.

On the JQS link, I don't seem to see any prompt do download JQS.

Do you know of any free AV I can get online?

Thanks

furyofdawolfx
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2009-12-11
OS OS : Windows XP
Points Points : 26542
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by Superdave on 23rd April 2012, 12:27 am

On the JQS link, I don't seem to see any prompt do download JQS.
Click on the Verify your Java version. When it recognizes that your version is out-of-date it will give you a download link.
Do you know of any free AV I can get online?
If it's free AV's that you want, here's what I have. I prefer MSE for its liteweight and no hassle policies.

Remember to only install one antivirus!

1) [You must be registered and logged in to see this link.]
2) [You must be registered and logged in to see this link.]
3) [You must be registered and logged in to see this link.]
4) [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]
4-a) [You must be registered and logged in to see this link.]
5) [You must be registered and logged in to see this link.] (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) [You must be registered and logged in to see this link.]
7) [You must be registered and logged in to see this link.]

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum