Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on Wed 11 Apr 2012, 9:50 am

Hello,

I suspect that there is probably some kind of spyware that is slowing down my laptop and using all the virtual memory. I've been getting messages about my virtual memory being very low recently.This is apparent when running different programs. I can't for example open up iTunes or Microsoft Excel after just a few minutes on my computer. I can't properly shut down or restart my computer anymore (only hard reset). I've used Malwarebytes and spybot, but found nothing. I also used Comodo and found 30 threats but I was able to get rid of them. I ran it again, and found nothing.

Please let me know what steps I should take to figure out why laptop is operating this way. Just a month ago, everything seemed fine.

Thanks,
A

furyofdawolfx

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2009-12-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on Wed 11 Apr 2012, 2:55 pm

OTL logfile created on: 4/10/2012 10:10:15 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 349.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS2 | %ProgramFiles% = C:\Program Files
Drive C: | 105.97 Gb Total Space | 14.07 Gb Free Space | 13.28% Space Free | Partition Type: NTFS

Computer Name: ANTONIO-LAPTOP | User Name: Antonio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/19 16:08:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\OTL.exe
PRC - [2010/04/09 01:26:14 | 001,769,216 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/04/09 01:26:02 | 002,029,456 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/02/19 17:00:24 | 000,148,744 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/07/03 15:57:38 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/05/10 01:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS2\OEM02Mon.exe
PRC - [2007/04/16 18:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2004/08/03 18:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/19 16:08:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\OTL.exe
MOD - [2010/04/09 01:26:12 | 000,277,240 | ---- | M] (COMODO) -- C:\WINDOWS2\system32\guard32.dll
MOD - [2007/07/03 15:56:56 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2004/08/03 18:57:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS2\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
SRV - [2012/04/01 22:04:15 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS2\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/04/09 01:26:14 | 001,769,216 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/02/19 17:00:24 | 000,148,744 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe -- (CLPSLS)


========== Driver Services (SafeList) ==========

DRV - [2010/04/09 01:25:46 | 000,225,344 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS2\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/04/09 01:25:46 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS2\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/04/09 01:25:44 | 000,015,464 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS2\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2007/10/11 01:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/08/12 20:05:34 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/07/16 22:26:46 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/07/16 22:26:46 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/07/16 22:26:46 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/07/10 16:22:22 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS2\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/10 16:22:20 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS2\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/10 16:22:18 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS2\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/06/08 01:00:02 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\OEM02Afx.sys -- (OEM02Afx)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/05 18:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/21 04:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS2\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/08/18 15:17:40 | 000,033,592 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\WINDOWS2\system32\drivers\DLADHK_M.SYS -- (DLADHK_M)
DRV - [2006/08/11 12:35:20 | 000,013,688 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS2\system32\drivers\DLADiagM.SYS -- (DLADiagM)
DRV - [2006/08/11 12:35:18 | 000,030,744 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS2\system32\drivers\DLAPMonM.SYS -- (DLAPMonM)
DRV - [2006/08/11 12:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS2\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS2\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS2\system32\drivers\SBKUPNT.SYS -- (SBKUPNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2011/04/19 00:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/04/22 18:32:33 | 000,000,027 | ---- | M]) - C:\WINDOWS2\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS2\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS2\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS2\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS2\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS2\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS2\System32\nwiz.exe ()
O4 - HKLM..\Run: [OEM02Mon.exe] C:\WINDOWS2\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS2\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS2\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Value error. File not found
O20 - AppInit_DLLs: (C:\WINDOWS2\system32\guard32.dll) - C:\WINDOWS2\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS2\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/03 18:56:48 | 000,588,800 | RH-- | M] (Microsoft Corporation) - C:\AUTOCHK.EXE -- [ NTFS ]
O32 - AutoRun File - [2004/08/03 18:56:48 | 000,188,711 | RH-- | M] () - C:\AUTOCONV.EX_ -- [ NTFS ]
O32 - AutoRun File - [2001/08/23 08:00:00 | 000,029,413 | RH-- | M] () - C:\AUTODISC.DL_ -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | RH-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/08/23 08:00:00 | 000,000,860 | RH-- | M] () - C:\AUTOEXEC.NT_ -- [ NTFS ]
O32 - AutoRun File - [2004/08/03 18:56:48 | 000,580,608 | RH-- | M] (Microsoft Corporation) - C:\AUTOFMT.EXE -- [ NTFS ]
O32 - AutoRun File - [2004/08/03 18:56:48 | 000,005,630 | RH-- | M] () - C:\AUTOLFN.EX_ -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: CLPSLS - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: CLPSLS - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS2\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS2\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS2\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS2\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS2\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS2\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS2\system32\rundll32.exe" "C:\WINDOWS2\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.divxa32 - C:\WINDOWS2\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS2\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS2\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS2\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS2\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS2\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS2\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS2\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - ff_vfw.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS2\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS2\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS2\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS2\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS2\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS2\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS2\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\WINDOWS2\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (61938105627705344)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/08 21:34:42 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2012/04/08 21:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\COMODO
[2012/04/08 20:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\COMODO
[2012/04/08 20:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012/04/08 20:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Comodo Downloader
[2012/04/08 14:06:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Recent
[2012/04/08 13:57:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\CCleaner
[2012/04/08 13:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/04/08 13:39:20 | 003,645,656 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\ccsetup317.exe
[2012/04/08 12:24:01 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\wups2.dll
[2012/04/08 12:24:00 | 000,021,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\wucltui.dll.mui
[2012/04/08 12:23:54 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS2\System32\wuapi.dll.mui
[2012/04/08 12:23:53 | 000,000,000 | ---D | C] -- C:\WINDOWS2\System32\SoftwareDistribution
[2012/04/08 12:12:51 | 000,000,000 | ---D | C] -- C:\WINDOWS2\System32\NtmsData
[2012/04/01 22:04:15 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS2\System32\FlashPlayerApp.exe

========== Files - Modified Within 30 Days ==========

[2012/04/10 22:52:04 | 000,000,888 | ---- | M] () -- C:\WINDOWS2\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/10 22:45:56 | 001,000,256 | ---- | M] () -- C:\WINDOWS2\System32\drivers\sfi.dat
[2012/04/10 22:29:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS2\System32\d3d9caps.dat
[2012/04/10 22:10:33 | 000,437,144 | ---- | M] () -- C:\WINDOWS2\System32\perfh009.dat
[2012/04/10 22:10:33 | 000,069,412 | ---- | M] () -- C:\WINDOWS2\System32\perfc009.dat
[2012/04/10 22:06:27 | 000,028,029 | ---- | M] () -- C:\WINDOWS2\System32\nvModes.001
[2012/04/10 22:05:46 | 000,000,884 | ---- | M] () -- C:\WINDOWS2\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/10 22:05:45 | 000,169,472 | ---- | M] () -- C:\WINDOWS2\System32\nvapps.xml
[2012/04/10 22:05:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS2\System32\wpa.dbl
[2012/04/10 22:05:37 | 000,002,048 | ---- | M] () -- C:\WINDOWS2\bootstat.dat
[2012/04/09 19:01:02 | 000,000,832 | ---- | M] () -- C:\WINDOWS2\tasks\Adobe Flash Player Updater.job
[2012/04/08 21:02:45 | 000,001,655 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\COMODO Antivirus.lnk
[2012/04/08 13:57:35 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\CCleaner.lnk
[2012/04/08 12:45:20 | 000,002,188 | ---- | M] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\Inspiron1520CleanUp.rtf
[2012/04/08 12:41:32 | 003,645,656 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\ccsetup317.exe
[2012/04/07 12:15:49 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/02 22:17:52 | 000,267,800 | ---- | M] () -- C:\WINDOWS2\System32\FNTCACHE.DAT
[2012/04/01 23:24:52 | 000,000,379 | ---- | M] () -- C:\WINDOWS2\ODBC.INI
[2012/04/01 22:04:15 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS2\System32\FlashPlayerApp.exe
[2012/04/01 22:04:15 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS2\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/04/08 21:34:16 | 000,881,456 | ---- | C] () -- C:\WINDOWS2\System32\drivers\sfi.dat
[2012/04/08 21:02:45 | 000,001,655 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\COMODO Antivirus.lnk
[2012/04/08 13:57:34 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Desktop\CCleaner.lnk
[2012/04/08 13:39:20 | 000,002,188 | ---- | C] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\Inspiron1520CleanUp.rtf
[2012/04/01 22:04:17 | 000,000,832 | ---- | C] () -- C:\WINDOWS2\tasks\Adobe Flash Player Updater.job
[2012/03/29 01:16:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS2\System32\d3d9caps.dat
[2011/09/11 23:00:43 | 000,056,640 | -H-- | C] () -- C:\WINDOWS2\System32\mlfcache.dat
[2011/08/03 20:30:33 | 000,645,632 | ---- | C] () -- C:\WINDOWS2\System32\xvidcore.dll
[2011/08/03 20:30:33 | 000,240,640 | ---- | C] () -- C:\WINDOWS2\System32\xvidvfw.dll
[2011/04/21 23:17:35 | 000,256,512 | ---- | C] () -- C:\WINDOWS2\PEV.exe
[2011/04/21 23:17:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS2\sed.exe
[2011/04/21 23:17:35 | 000,089,088 | ---- | C] () -- C:\WINDOWS2\MBR.exe
[2011/04/21 23:17:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS2\grep.exe
[2011/04/21 23:17:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS2\zip.exe
[2010/10/17 01:05:33 | 000,014,976 | ---- | C] () -- C:\WINDOWS2\System32\drivers\SBKUPNT.SYS
[2010/10/17 01:05:33 | 000,013,312 | ---- | C] () -- C:\WINDOWS2\System32\DEVLOAD.EXE
[2010/10/17 01:05:31 | 000,000,543 | ---- | C] () -- C:\WINDOWS2\SWISV3.INI
[2010/10/17 01:05:20 | 000,000,288 | ---- | C] () -- C:\WINDOWS2\SKNIFE.INI
[2010/10/17 01:04:45 | 000,002,799 | ---- | C] () -- C:\WINDOWS2\SKLANG.INI
[2010/10/03 00:07:04 | 000,000,139 | ---- | C] () -- C:\WINDOWS2\wininit.ini
[2010/10/02 23:57:23 | 000,198,144 | ---- | C] () -- C:\WINDOWS2\System32\_psisdecd.dll
[2010/10/02 14:47:05 | 000,000,076 | ---- | C] () -- C:\WINDOWS2\CT4CET.bin
[2010/09/28 19:58:52 | 000,001,917 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS2\Application Data\LUInstall.LiveUpdate
[2010/09/26 19:28:10 | 000,000,379 | ---- | C] () -- C:\WINDOWS2\ODBC.INI
[2010/09/26 10:43:09 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/26 10:11:30 | 000,028,029 | ---- | C] () -- C:\WINDOWS2\System32\nvModes.dat
[2010/09/26 09:51:40 | 001,626,112 | ---- | C] () -- C:\WINDOWS2\System32\nwiz.exe
[2010/09/26 09:51:39 | 001,703,936 | ---- | C] () -- C:\WINDOWS2\System32\nvwdmcpl.dll
[2010/09/26 09:51:39 | 001,019,904 | ---- | C] () -- C:\WINDOWS2\System32\nvwimg.dll
[2010/09/26 09:51:37 | 000,466,944 | ---- | C] () -- C:\WINDOWS2\System32\nvshell.dll
[2010/09/26 09:51:35 | 001,482,752 | ---- | C] () -- C:\WINDOWS2\System32\nview.dll
[2010/09/26 09:51:34 | 001,339,392 | ---- | C] () -- C:\WINDOWS2\System32\nvdspsch.exe
[2010/09/26 09:51:28 | 000,442,368 | ---- | C] () -- C:\WINDOWS2\System32\nvappbar.exe
[2010/09/26 09:51:26 | 000,425,984 | ---- | C] () -- C:\WINDOWS2\System32\keystone.exe
[2010/09/19 22:47:22 | 000,002,048 | ---- | C] () -- C:\WINDOWS2\bootstat.dat
[2010/09/19 22:20:23 | 000,021,640 | ---- | C] () -- C:\WINDOWS2\System32\emptyregdb.dat
[2010/09/19 16:30:26 | 000,004,205 | ---- | C] () -- C:\WINDOWS2\ODBCINST.INI
[2010/09/19 16:26:57 | 000,267,800 | ---- | C] () -- C:\WINDOWS2\System32\FNTCACHE.DAT
[2010/05/24 15:33:00 | 001,529,856 | ---- | C] () -- C:\WINDOWS2\System32\ff_samplerate.dll
[2010/05/24 15:33:00 | 001,447,921 | ---- | C] () -- C:\WINDOWS2\System32\ffmpegmt.dll
[2010/05/24 15:33:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS2\System32\ff_libfaad2.dll
[2010/05/24 15:33:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS2\System32\TomsMoComp_ff.dll
[2010/05/24 15:33:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS2\System32\ff_kernelDeint.dll
[2010/05/24 15:33:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS2\System32\ff_libdts.dll
[2010/05/24 15:33:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS2\System32\ff_libmad.dll
[2010/05/24 15:33:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS2\System32\libmpeg2_ff.dll
[2010/05/24 15:33:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS2\System32\ff_liba52.dll
[2010/05/24 15:33:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS2\System32\ff_tremor.dll
[2010/05/24 15:33:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS2\System32\ff_unrar.dll
[2010/05/19 16:59:20 | 000,150,528 | ---- | C] () -- C:\WINDOWS2\System32\mkx.dll
[2010/05/19 16:59:10 | 000,109,568 | ---- | C] () -- C:\WINDOWS2\System32\avi.dll
[2010/05/19 16:59:02 | 000,141,824 | ---- | C] () -- C:\WINDOWS2\System32\mp4.dll
[2010/05/19 16:58:52 | 000,123,392 | ---- | C] () -- C:\WINDOWS2\System32\ogm.dll
[2010/05/19 16:58:24 | 000,113,152 | ---- | C] () -- C:\WINDOWS2\System32\dsmux.exe
[2010/05/19 16:58:18 | 000,154,112 | ---- | C] () -- C:\WINDOWS2\System32\ts.dll
[2010/05/19 16:58:08 | 000,249,856 | ---- | C] () -- C:\WINDOWS2\System32\dxr.dll
[2010/05/19 16:57:42 | 000,097,792 | ---- | C] () -- C:\WINDOWS2\System32\avs.dll
[2010/05/19 16:57:38 | 000,137,728 | ---- | C] () -- C:\WINDOWS2\System32\mkv2vfr.exe
[2010/05/19 16:57:26 | 000,093,184 | ---- | C] () -- C:\WINDOWS2\System32\avss.dll
[2010/05/19 16:57:20 | 000,358,400 | ---- | C] () -- C:\WINDOWS2\System32\gdsmux.exe
[2010/05/19 16:55:40 | 000,080,384 | ---- | C] () -- C:\WINDOWS2\System32\mkzlib.dll
[2010/05/19 16:55:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS2\System32\mkunicode.dll
[2009/08/11 17:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS2\System32\ac3config.exe
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS2\System32\mmfinfo.dll
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS2\System32\qt-dx331.dll
[2007/12/20 03:16:30 | 000,016,480 | ---- | C] () -- C:\WINDOWS2\System32\rixdicon.dll
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS2\System32\Registration.ini
[2006/11/02 12:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS2\System32\sherlock2.exe
[2004/08/03 19:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS2\System32\Dcache.bin
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS2\System32\secupd.dat
[2004/07/17 05:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS2\System32\drivers\secdrv.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS2\System32\OUTLPERF.INI
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS2\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS2\System32\mlang.dat
[2001/08/23 08:00:00 | 000,437,144 | ---- | C] () -- C:\WINDOWS2\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS2\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS2\System32\dssec.dat
[2001/08/23 08:00:00 | 000,069,412 | ---- | C] () -- C:\WINDOWS2\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS2\System32\mib.bin
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS2\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS2\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS2\System32\noise.dat

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/04/08 12:41:32 | 003,645,656 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\ccsetup317.exe
[2011/04/22 18:18:47 | 004,327,458 | R--- | M] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\Combo-Fix.exe
[2011/04/17 21:12:22 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\iExplore.exe
[2010/09/28 20:57:58 | 075,019,048 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\iTunesSetup.exe
[2011/04/24 01:42:41 | 016,537,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\jre-6u25-windows-i586.exe
[2011/04/19 16:08:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\OTL.exe
[2010/10/17 01:04:34 | 004,556,134 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\swissknife.exe
[2007/04/02 11:07:44 | 004,719,104 | ---- | M] (SWE von Schleusen) -- C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\uzip.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS2\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS2\system32\dxtrans.dll
[2010/09/19 18:10:40 | 000,000,000 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS2\system32\h323log.txt
[2009/03/08 04:31:02 | 001,638,912 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS2\system32\mshtml.tlb
[2001/08/23 08:00:00 | 000,017,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS2\system32\stdole2.tlb

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >
[2012/04/10 22:55:57 | 001,021,280 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS2\system32\drivers\sfi.dat

< %PROGRAMFILES%\*. >
[2011/07/10 23:10:59 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/12/01 22:47:55 | 000,000,000 | ---D | M] -- C:\Program Files\AIM6
[2011/08/03 21:10:36 | 000,000,000 | ---D | M] -- C:\Program Files\AnvSoft
[2011/12/26 17:25:41 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/12/26 18:35:38 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2007/12/20 03:43:16 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2012/04/08 13:57:38 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/04/22 18:29:57 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2012/04/08 20:59:05 | 000,000,000 | ---D | M] -- C:\Program Files\COMODO
[2004/08/10 15:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2007/12/20 03:46:55 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/06/16 02:01:43 | 000,000,000 | ---D | M] -- C:\Program Files\Convert AVI to MP4
[2007/12/20 03:45:20 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2007/12/20 03:45:06 | 000,000,000 | ---D | M] -- C:\Program Files\Creative Live! Cam
[2007/12/20 03:57:19 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/07/03 20:14:32 | 000,000,000 | ---D | M] -- C:\Program Files\dcmsvc
[2007/12/20 04:03:45 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2007/12/20 03:59:51 | 000,000,000 | ---D | M] -- C:\Program Files\Dell DataSafe Online
[2007/12/20 04:01:25 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2007/12/29 10:40:14 | 000,000,000 | ---D | M] -- C:\Program Files\Design Science
[2011/08/12 12:41:33 | 000,000,000 | ---D | M] -- C:\Program Files\Dev-Cpp
[2007/12/20 03:43:02 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2010/09/29 03:05:59 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2011/04/23 16:21:50 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2009/04/26 04:25:57 | 000,000,000 | ---D | M] -- C:\Program Files\eSoftware
[2011/06/20 01:22:33 | 000,000,000 | ---D | M] -- C:\Program Files\FrostWire
[2010/04/02 17:20:03 | 000,000,000 | ---D | M] -- C:\Program Files\GMATPrep
[2010/10/10 20:41:03 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/10/02 23:44:55 | 000,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information
[2007/12/20 03:43:55 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2007/12/20 03:44:49 | 000,000,000 | ---D | M] -- C:\Program Files\Intel, Inc
[2008/07/25 22:13:09 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2010/09/28 21:42:30 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/12/26 18:39:25 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/12/26 18:40:21 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/10/27 00:33:24 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/06/14 20:41:02 | 000,000,000 | ---D | M] -- C:\Program Files\LG Electronics
[2012/02/06 22:03:16 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/10 17:32:45 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2010/09/19 22:19:06 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/07/03 19:36:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2004/08/10 15:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2012/03/22 19:48:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2007/12/29 10:40:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Picture It! 9
[2007/12/20 04:03:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2007/12/20 04:03:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2012/03/01 21:43:48 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/09/26 19:25:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/10/18 23:19:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/10/17 02:19:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2007/12/20 03:42:53 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Diagnostic Tool
[2010/09/19 22:24:20 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/07/20 11:45:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/03/13 04:02:21 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/08/31 14:25:01 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2008/12/19 00:18:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/10 15:01:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/03/10 23:08:01 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2007/12/29 09:46:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/12/20 03:38:51 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2007/12/20 04:02:10 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2010/09/19 22:23:41 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2007/12/20 03:42:59 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2010/03/31 02:42:50 | 000,000,000 | ---D | M] -- C:\Program Files\Nitro PDF
[2004/08/10 15:01:34 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/09/19 22:23:32 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/01/05 22:50:39 | 000,000,000 | ---D | M] -- C:\Program Files\PictureMover
[2011/12/26 17:33:03 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/12/29 19:04:55 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/03/13 04:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2007/12/20 03:54:02 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2007/12/20 03:49:04 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2010/09/28 21:05:37 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/07/10 18:02:28 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2007/12/20 03:24:24 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2007/12/20 03:54:10 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/12/23 03:04:47 | 000,000,000 | ---D | M] -- C:\Program Files\TrendMicro
[2011/11/28 22:15:38 | 000,000,000 | ---D | M] -- C:\Program Files\UltimateZip
[2010/09/28 19:55:56 | 000,000,000 | ---D | M] -- C:\Program Files\UltimateZip 2007
[2004/08/10 15:08:30 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2007/12/29 11:58:27 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2010/07/03 20:12:40 | 000,000,000 | ---D | M] -- C:\Program Files\Warner Bros. Digital Copy Manager
[2007/12/30 04:03:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Favorites
[2009/04/26 04:32:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Safety Center
[2008/02/03 04:03:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Toolbar
[2009/06/22 04:47:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/09/19 22:24:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/09/19 22:17:47 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2004/08/10 15:02:52 | 000,000,000 | ---D | M] -- C:\Program Files\WindowsUpdate
[2004/08/10 15:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/09/29 03:17:52 | 000,000,000 | ---D | M] -- C:\Program Files\XP Codec Pack
[2011/08/03 20:30:46 | 000,000,000 | ---D | M] -- C:\Program Files\Xvid
[2008/02/03 04:01:52 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/03/09 00:21:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/03/09 00:21:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2004/08/03 19:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/03/09 00:21:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/03/09 00:21:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2004/08/03 19:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\cmdcons\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS2\ERDNT\cache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS2\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS2\system32\drivers\atapi.sys
[2004/08/03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS2\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS2\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/03/09 00:21:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/03/09 00:21:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 19:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS2\Driver Cache\i386\sp2.cab:disk.sys
[2004/08/04 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\cmdcons\disk.sys
[2004/08/04 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2004/08/04 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2004/08/03 16:59:56 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS2\system32\drivers\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: IASTOR.SYS >
[2007/05/08 22:22:56 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\storage\R154200\iastor.sys
[2007/05/08 22:22:58 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\i386\iastor.sys
[2007/05/08 22:22:58 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/03 18:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS2\ERDNT\cache\netlogon.dll
[2004/08/03 18:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS2\system32\dllcache\netlogon.dll
[2004/08/03 18:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS2\system32\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS2\system32\ie4uinit.exe" -reinstall [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS2\system32\ie4uinit.exe" -hide [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS2\system32\ie4uinit.exe" -show [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS2\system32\ie4uinit.exe" -reinstall [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS2\system32\ie4uinit.exe" -hide [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS2\system32\ie4uinit.exe" -show [2009/03/08 04:32:54 | 000,173,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >

furyofdawolfx

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2009-12-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on Wed 11 Apr 2012, 2:56 pm

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-10 23:25:56
-----------------------------
23:25:56.515 OS Version: Windows 5.1.2600 Service Pack 2
23:25:56.515 Number of processors: 2 586 0xF0D
23:25:56.562 ComputerName: ANTONIO-LAPTOP UserName: Antonio
23:26:50.906 Initialize success
23:40:32.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
23:40:32.187 Disk 0 Vendor: Hitachi_HTS542512K9SA00 BB2OC39P Size: 114473MB BusType: 3
23:40:32.187 Device \Driver\atapi -> DriverStartIo 868382c6
23:40:32.187 Disk 0 MBR read successfully
23:40:32.187 Disk 0 MBR scan
23:40:32.203 Disk 0 TDL4@MBR code has been found
23:40:32.203 Disk 0 Windows XP default MBR code found via API
23:40:32.203 Disk 0 MBR hidden
23:40:32.203 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
23:40:32.234 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 108509 MB offset 160650
23:40:32.250 Disk 0 Partition - 00 0F Extended LBA 2557 MB offset 222387795
23:40:32.281 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3325 MB offset 227624985
23:40:32.297 Disk 0 Partition 4 00 DD MSWIN4.1 2557 MB offset 222387858
23:40:32.312 Disk 0 MBR [TDL4] **ROOTKIT**
23:40:32.531 Disk 0 trace - called modules:
23:40:32.531 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8683849f]<<
23:40:32.547 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86cacab8]
23:40:32.547 3 CLASSPNP.SYS[f76e505b] -> nt!IofCallDriver -> [0x868bb248]
23:40:32.547 \Driver\atapi[0x86834268] -> IRP_MJ_CREATE -> 0x8683849f
23:40:32.562 Scan finished successfully
23:41:02.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\MBR.dat"
23:41:02.265 The log file has been saved successfully to "C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\aswMBR.txt"



furyofdawolfx

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2009-12-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on Wed 11 Apr 2012, 2:58 pm

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 2 x86
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
COMODO Internet Security
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
CCleaner
Java(TM) 6 Update 29
Java version out of date!
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````End of Log````````````





A file called "Extras.txt" was not created for when running OTL

furyofdawolfx

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2009-12-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by Superdave on Thu 12 Apr 2012, 6:12 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.



  • If an infected file is detected, the default action will be Cure, click on Continue.



  • If a suspicious file is detected, the default action will be Skip, click on Continue.



  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.



  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on Thu 12 Apr 2012, 4:15 pm

I did the scan and it detected a malware. I clicked on "reboot now" but my laptop wouldn't reboot properly. It froze and I had to do a hard reset. This is the only thing that showe dup in the report:


00:56:25.0312 2484 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
00:56:27.0328 2484 ============================================================
00:56:27.0328 2484 Current date / time: 2012/04/12 00:56:27.0328
00:56:27.0328 2484 SystemInfo:
00:56:27.0328 2484
00:56:27.0328 2484 OS Version: 5.1.2600 ServicePack: 2.0
00:56:27.0328 2484 Product type: Workstation
00:56:27.0672 2484 ComputerName: ANTONIO-LAPTOP
00:56:27.0672 2484 UserName: Antonio
00:56:27.0672 2484 Windows directory: C:\WINDOWS2
00:56:27.0672 2484 System windows directory: C:\WINDOWS2
00:56:27.0672 2484 Processor architecture: Intel x86
00:56:27.0672 2484 Number of processors: 2
00:56:27.0672 2484 Page size: 0x1000
00:56:27.0672 2484 Boot type: Normal boot
00:56:27.0672 2484 ============================================================
00:56:32.0469 2484 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:56:32.0484 2484 \Device\Harddisk0\DR0:
00:56:32.0484 2484 MBR used
00:56:32.0484 2484 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0xD3EEAC9
00:56:33.0047 2484 Initialize success
00:56:33.0047 2484 ============================================================







also I notice that when going to this website in my laptop, I am redirected somewhere else. Please let me know what further steps I can take

furyofdawolfx

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2009-12-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on Thu 12 Apr 2012, 4:28 pm

I did the scan again, and this is the report i got before clicking on the reboot button:


00:56:25.0312 2484 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
00:56:27.0328 2484 ============================================================
00:56:27.0328 2484 Current date / time: 2012/04/12 00:56:27.0328
00:56:27.0328 2484 SystemInfo:
00:56:27.0328 2484
00:56:27.0328 2484 OS Version: 5.1.2600 ServicePack: 2.0
00:56:27.0328 2484 Product type: Workstation
00:56:27.0672 2484 ComputerName: ANTONIO-LAPTOP
00:56:27.0672 2484 UserName: Antonio
00:56:27.0672 2484 Windows directory: C:\WINDOWS2
00:56:27.0672 2484 System windows directory: C:\WINDOWS2
00:56:27.0672 2484 Processor architecture: Intel x86
00:56:27.0672 2484 Number of processors: 2
00:56:27.0672 2484 Page size: 0x1000
00:56:27.0672 2484 Boot type: Normal boot
00:56:27.0672 2484 ============================================================
00:56:32.0469 2484 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:56:32.0484 2484 \Device\Harddisk0\DR0:
00:56:32.0484 2484 MBR used
00:56:32.0484 2484 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0xD3EEAC9
00:56:33.0047 2484 Initialize success
00:56:33.0047 2484 ============================================================
01:10:57.0021 1188 ============================================================
01:10:57.0021 1188 Scan started
01:10:57.0021 1188 Mode: Manual;
01:10:57.0021 1188 ============================================================
01:11:01.0646 1188 Abiosdsk - ok
01:11:01.0708 1188 abp480n5 - ok
01:11:01.0833 1188 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS2\system32\DRIVERS\ACPI.sys
01:11:02.0380 1188 ACPI - ok
01:11:02.0677 1188 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS2\system32\drivers\ACPIEC.sys
01:11:02.0677 1188 ACPIEC - ok
01:11:02.0802 1188 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS2\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:11:02.0818 1188 AdobeFlashPlayerUpdateSvc - ok
01:11:03.0021 1188 adpu160m - ok
01:11:03.0146 1188 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS2\system32\drivers\aec.sys
01:11:03.0146 1188 aec - ok
01:11:03.0208 1188 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS2\System32\drivers\afd.sys
01:11:03.0208 1188 AFD - ok
01:11:03.0208 1188 Aha154x - ok
01:11:03.0224 1188 aic78u2 - ok
01:11:03.0240 1188 aic78xx - ok
01:11:03.0318 1188 Alerter (c7ae0fd3867db0d42b03b73c18f3d671) C:\WINDOWS2\system32\alrsvc.dll
01:11:03.0318 1188 Alerter - ok
01:11:03.0396 1188 ALG (f1958fbf86d5c004cf19a5951a9514b7) C:\WINDOWS2\System32\alg.exe
01:11:03.0396 1188 ALG - ok
01:11:03.0490 1188 AliIde - ok
01:11:03.0505 1188 amsint - ok
01:11:03.0552 1188 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS2\SYSTEM32\DRIVERS\APPDRV.SYS
01:11:03.0552 1188 APPDRV - ok
01:11:03.0693 1188 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:11:03.0708 1188 Apple Mobile Device - ok
01:11:03.0802 1188 AppMgmt (9c3c12975c97119412802b181fbeeffe) C:\WINDOWS2\System32\appmgmts.dll
01:11:03.0802 1188 AppMgmt - ok
01:11:03.0958 1188 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS2\system32\DRIVERS\arp1394.sys
01:11:03.0958 1188 Arp1394 - ok
01:11:03.0974 1188 asc - ok
01:11:03.0990 1188 asc3350p - ok
01:11:03.0990 1188 asc3550 - ok
01:11:04.0115 1188 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS2\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
01:11:04.0146 1188 aspnet_state - ok
01:11:04.0193 1188 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS2\system32\DRIVERS\asyncmac.sys
01:11:04.0224 1188 AsyncMac - ok
01:11:04.0271 1188 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS2\system32\DRIVERS\atapi.sys
01:11:04.0271 1188 atapi - ok
01:11:04.0474 1188 Atdisk - ok
01:11:04.0505 1188 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS2\system32\DRIVERS\atmarpc.sys
01:11:04.0505 1188 Atmarpc - ok
01:11:04.0568 1188 AudioSrv (db66db626e4882ebef55f136f12c1829) C:\WINDOWS2\System32\audiosrv.dll
01:11:04.0568 1188 AudioSrv - ok
01:11:04.0630 1188 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS2\system32\DRIVERS\audstub.sys
01:11:04.0630 1188 audstub - ok
01:11:04.0755 1188 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS2\system32\DRIVERS\bcm4sbxp.sys
01:11:04.0755 1188 bcm4sbxp - ok
01:11:04.0912 1188 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS2\system32\drivers\Beep.sys
01:11:04.0912 1188 Beep - ok
01:11:05.0255 1188 BITS (2c69ec7e5a311334d10dd95f338fccea) C:\WINDOWS2\system32\qmgr.dll
01:11:05.0380 1188 BITS - ok
01:11:05.0693 1188 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
01:11:05.0693 1188 Bonjour Service - ok
01:11:05.0912 1188 Browser (e3cfccdda4edd1d0dc9168b2e18f27b8) C:\WINDOWS2\System32\browser.dll
01:11:05.0943 1188 Browser - ok
01:11:05.0943 1188 catchme - ok
01:11:06.0037 1188 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS2\system32\drivers\cbidf2k.sys
01:11:06.0037 1188 cbidf2k - ok
01:11:06.0115 1188 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS2\system32\DRIVERS\CCDECODE.sys
01:11:06.0115 1188 CCDECODE - ok
01:11:06.0443 1188 cd20xrnt - ok
01:11:06.0521 1188 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS2\system32\drivers\Cdaudio.sys
01:11:06.0521 1188 Cdaudio - ok
01:11:06.0615 1188 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS2\system32\drivers\Cdfs.sys
01:11:06.0615 1188 Cdfs - ok
01:11:06.0708 1188 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS2\system32\DRIVERS\cdrom.sys
01:11:06.0708 1188 Cdrom - ok
01:11:06.0802 1188 Changer - ok
01:11:06.0833 1188 CiSvc (3192bd04d032a9c4a85a3278c268a13a) C:\WINDOWS2\system32\cisvc.exe
01:11:06.0833 1188 CiSvc - ok
01:11:06.0896 1188 ClipSrv (c8dec22c4137d7a90f8bdf41ca4b82ae) C:\WINDOWS2\system32\clipsrv.exe
01:11:06.0912 1188 ClipSrv - ok
01:11:07.0037 1188 CLPSLS (56139566e462c1fb1775e140d4ee6b22) C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
01:11:07.0037 1188 CLPSLS - ok
01:11:07.0365 1188 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS2\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:11:07.0490 1188 clr_optimization_v2.0.50727_32 - ok
01:11:07.0630 1188 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS2\system32\DRIVERS\CmBatt.sys
01:11:07.0662 1188 CmBatt - ok
01:11:07.0943 1188 cmdAgent (8e0528204ca034cbc3af65cf1831a4f4) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
01:11:07.0990 1188 cmdAgent - ok
01:11:08.0162 1188 cmderd (ae1c31d030a21f0afabe2df269d1181f) C:\WINDOWS2\system32\DRIVERS\cmderd.sys
01:11:08.0162 1188 cmderd - ok
01:11:08.0177 1188 cmdGuard (ee8d7168cbbe3af052ea93015f51abe9) C:\WINDOWS2\system32\DRIVERS\cmdguard.sys
01:11:08.0177 1188 cmdGuard - ok
01:11:08.0240 1188 cmdHlp (45a1f7d2890681f22406458d93d03cc1) C:\WINDOWS2\system32\DRIVERS\cmdhlp.sys
01:11:08.0240 1188 cmdHlp - ok
01:11:08.0255 1188 CmdIde - ok
01:11:08.0349 1188 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS2\system32\DRIVERS\compbatt.sys
01:11:08.0349 1188 Compbatt - ok
01:11:08.0365 1188 COMSysApp - ok
01:11:08.0380 1188 Cpqarray - ok
01:11:08.0505 1188 CryptSvc (10654f9ddcea9c46cfb77554231be73b) C:\WINDOWS2\System32\cryptsvc.dll
01:11:08.0521 1188 CryptSvc - ok
01:11:08.0646 1188 dac2w2k - ok
01:11:08.0662 1188 dac960nt - ok
01:11:08.0755 1188 DcomLaunch (5c83a4408604f737717ab96371201680) C:\WINDOWS2\system32\rpcss.dll
01:11:08.0771 1188 DcomLaunch - ok
01:11:08.0958 1188 Dhcp (cb6ca3e5261d65f6f809eed23bf167aa) C:\WINDOWS2\System32\dhcpcsvc.dll
01:11:08.0974 1188 Dhcp - ok
01:11:09.0068 1188 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS2\system32\DRIVERS\disk.sys
01:11:09.0068 1188 Disk - ok
01:11:09.0162 1188 DLADHK_M (6b2c6d29bb1954f1a328faedfbec31d9) C:\WINDOWS2\system32\Drivers\DLADHK_M.SYS
01:11:09.0162 1188 DLADHK_M - ok
01:11:09.0177 1188 DLADiagM (2c31280ba21446e89ba2265fafba45b9) C:\WINDOWS2\system32\Drivers\DLADiagM.SYS
01:11:09.0177 1188 DLADiagM - ok
01:11:09.0193 1188 DLAPMonM (8ea0b56da6197d557aed3f2a843738aa) C:\WINDOWS2\system32\Drivers\DLAPMonM.SYS
01:11:09.0208 1188 DLAPMonM - ok
01:11:09.0208 1188 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS2\system32\Drivers\DLARTL_M.SYS
01:11:09.0255 1188 DLARTL_M - ok
01:11:09.0474 1188 dmadmin - ok
01:11:09.0615 1188 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS2\system32\drivers\dmboot.sys
01:11:09.0630 1188 dmboot - ok
01:11:09.0740 1188 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS2\system32\drivers\dmio.sys
01:11:09.0755 1188 dmio - ok
01:11:09.0802 1188 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS2\system32\drivers\dmload.sys
01:11:09.0802 1188 dmload - ok
01:11:09.0959 1188 dmserver (1639d9964c9e1b2ecca95c8217d3e70d) C:\WINDOWS2\System32\dmserver.dll
01:11:10.0037 1188 dmserver - ok
01:11:10.0162 1188 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS2\system32\drivers\DMusic.sys
01:11:10.0177 1188 DMusic - ok
01:11:10.0287 1188 Dnscache (7379de06fd196e396a00aa97b990c00d) C:\WINDOWS2\System32\dnsrslvr.dll
01:11:10.0302 1188 Dnscache - ok
01:11:10.0365 1188 dpti2o - ok
01:11:10.0396 1188 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS2\system32\drivers\drmkaud.sys
01:11:10.0443 1188 drmkaud - ok
01:11:10.0505 1188 ERSvc (67dff7bbbd0e80aab7b3cf061448db8a) C:\WINDOWS2\System32\ersvc.dll
01:11:10.0521 1188 ERSvc - ok
01:11:10.0693 1188 Eventlog (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS2\system32\services.exe
01:11:10.0693 1188 Eventlog - ok
01:11:10.0912 1188 EventSystem (acd36a2dd7d1e9d8a060aa651dc07e63) C:\WINDOWS2\system32\es.dll
01:11:10.0927 1188 EventSystem - ok
01:11:11.0021 1188 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS2\system32\drivers\Fastfat.sys
01:11:11.0037 1188 Fastfat - ok
01:11:11.0146 1188 FastUserSwitchingCompatibility (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS2\System32\shsvcs.dll
01:11:11.0146 1188 FastUserSwitchingCompatibility - ok
01:11:11.0209 1188 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS2\system32\drivers\Fdc.sys
01:11:11.0209 1188 Fdc - ok
01:11:11.0255 1188 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS2\system32\drivers\Fips.sys
01:11:11.0255 1188 Fips - ok
01:11:11.0318 1188 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS2\system32\drivers\Flpydisk.sys
01:11:11.0318 1188 Flpydisk - ok
01:11:11.0396 1188 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS2\system32\DRIVERS\fltMgr.sys
01:11:11.0412 1188 FltMgr - ok
01:11:11.0584 1188 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS2\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
01:11:11.0584 1188 FontCache3.0.0.0 - ok
01:11:11.0709 1188 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS2\system32\drivers\Fs_Rec.sys
01:11:11.0709 1188 Fs_Rec - ok
01:11:11.0787 1188 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS2\system32\DRIVERS\ftdisk.sys
01:11:11.0787 1188 Ftdisk - ok
01:11:11.0896 1188 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS2\system32\DRIVERS\GEARAspiWDM.sys
01:11:11.0896 1188 GEARAspiWDM - ok
01:11:11.0943 1188 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS2\system32\DRIVERS\msgpc.sys
01:11:11.0943 1188 Gpc - ok
01:11:12.0099 1188 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
01:11:12.0099 1188 gupdate - ok
01:11:12.0115 1188 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
01:11:12.0115 1188 gupdatem - ok
01:11:12.0255 1188 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS2\system32\DRIVERS\HDAudBus.sys
01:11:12.0255 1188 HDAudBus - ok
01:11:12.0334 1188 helpsvc (8827911a8c37e40c027cbfc88e69d967) C:\WINDOWS2\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:11:12.0349 1188 helpsvc - ok
01:11:12.0443 1188 HidServ (9376e6893e52b368abc6255bf54f0b28) C:\WINDOWS2\System32\hidserv.dll
01:11:12.0474 1188 HidServ - ok
01:11:12.0552 1188 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS2\system32\DRIVERS\hidusb.sys
01:11:12.0552 1188 HidUsb - ok
01:11:12.0646 1188 hpn - ok
01:11:12.0709 1188 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS2\system32\DRIVERS\HSFHWAZL.sys
01:11:12.0724 1188 HSFHWAZL - ok
01:11:12.0787 1188 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS2\system32\DRIVERS\HSF_DPV.sys
01:11:12.0818 1188 HSF_DPV - ok
01:11:13.0037 1188 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS2\system32\Drivers\HTTP.sys
01:11:13.0037 1188 HTTP - ok
01:11:13.0146 1188 HTTPFilter (064d8581adf77c25133e7d751d917d83) C:\WINDOWS2\System32\w3ssl.dll
01:11:13.0146 1188 HTTPFilter - ok
01:11:13.0162 1188 i2omgmt - ok
01:11:13.0177 1188 i2omp - ok
01:11:13.0255 1188 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS2\system32\DRIVERS\i8042prt.sys
01:11:13.0255 1188 i8042prt - ok
01:11:13.0537 1188 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:11:13.0568 1188 idsvc - ok
01:11:13.0724 1188 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS2\system32\DRIVERS\imapi.sys
01:11:13.0724 1188 Imapi - ok
01:11:13.0771 1188 ImapiService (fa788520bcac0f5d9d5cde5615c0d931) C:\WINDOWS2\system32\imapi.exe
01:11:13.0771 1188 ImapiService - ok
01:11:13.0787 1188 ini910u - ok
01:11:13.0802 1188 IntelIde - ok
01:11:13.0880 1188 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS2\system32\DRIVERS\intelppm.sys
01:11:13.0880 1188 intelppm - ok
01:11:13.0943 1188 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS2\system32\DRIVERS\Ip6Fw.sys
01:11:13.0943 1188 Ip6Fw - ok
01:11:13.0974 1188 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS2\system32\DRIVERS\ipinip.sys
01:11:13.0990 1188 IpInIp - ok
01:11:14.0130 1188 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS2\system32\DRIVERS\ipnat.sys
01:11:14.0130 1188 IpNat - ok
01:11:14.0271 1188 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
01:11:14.0302 1188 iPod Service - ok
01:11:14.0802 1188 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS2\system32\DRIVERS\ipsec.sys
01:11:14.0802 1188 IPSec - ok
01:11:14.0880 1188 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS2\system32\DRIVERS\irenum.sys
01:11:14.0880 1188 IRENUM - ok
01:11:15.0068 1188 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS2\system32\DRIVERS\isapnp.sys
01:11:15.0084 1188 isapnp - ok
01:11:15.0396 1188 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
01:11:15.0412 1188 JavaQuickStarterService - ok
01:11:15.0724 1188 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS2\system32\DRIVERS\kbdclass.sys
01:11:15.0724 1188 Kbdclass - ok
01:11:15.0802 1188 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS2\system32\drivers\kmixer.sys
01:11:15.0802 1188 kmixer - ok
01:11:16.0209 1188 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS2\system32\drivers\KSecDD.sys
01:11:16.0287 1188 KSecDD - ok
01:11:16.0365 1188 lanmanserver (93d32468d34e000cb3407947d1d6e22a) C:\WINDOWS2\System32\srvsvc.dll
01:11:16.0365 1188 lanmanserver - ok
01:11:16.0474 1188 lanmanworkstation (2c0a7b2ae9c26f2c163627679b42783c) C:\WINDOWS2\System32\wkssvc.dll
01:11:16.0474 1188 lanmanworkstation - ok
01:11:16.0834 1188 lbrtfdc - ok
01:11:17.0240 1188 LmHosts (b3eff6d938c572e90a07b3d87a3c7657) C:\WINDOWS2\System32\lmhsvc.dll
01:11:17.0365 1188 LmHosts - ok
01:11:17.0927 1188 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
01:11:17.0927 1188 MDM - ok
01:11:18.0927 1188 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS2\system32\DRIVERS\mdmxsdk.sys
01:11:19.0005 1188 mdmxsdk - ok
01:11:19.0646 1188 Messenger (95fd808e4ac22aba025a7b3eac0375d2) C:\WINDOWS2\System32\msgsvc.dll
01:11:19.0677 1188 Messenger - ok
01:11:19.0912 1188 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS2\system32\drivers\mnmdd.sys
01:11:19.0927 1188 mnmdd - ok
01:11:20.0224 1188 mnmsrvc (f6415361201915b9fe3896b0e4e724ff) C:\WINDOWS2\system32\mnmsrvc.exe
01:11:20.0224 1188 mnmsrvc - ok
01:11:20.0599 1188 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS2\system32\drivers\Modem.sys
01:11:20.0615 1188 Modem - ok
01:11:21.0130 1188 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS2\system32\DRIVERS\mouclass.sys
01:11:21.0224 1188 Mouclass - ok
01:11:22.0740 1188 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS2\system32\DRIVERS\mouhid.sys
01:11:22.0834 1188 mouhid - ok
01:11:24.0287 1188 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS2\system32\drivers\MountMgr.sys
01:11:24.0365 1188 MountMgr - ok
01:11:25.0240 1188 mraid35x - ok
01:11:26.0334 1188 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS2\system32\DRIVERS\mrxdav.sys
01:11:26.0459 1188 MRxDAV - ok
01:11:27.0224 1188 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS2\system32\DRIVERS\mrxsmb.sys
01:11:27.0255 1188 MRxSmb - ok
01:11:28.0349 1188 MSDTC (c7c3d89eb0a6f3dba622ea737fa335b1) C:\WINDOWS2\system32\msdtc.exe
01:11:28.0365 1188 MSDTC - ok
01:11:29.0193 1188 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS2\system32\drivers\Msfs.sys
01:11:29.0240 1188 Msfs - ok
01:11:29.0646 1188 MSIServer - ok
01:11:29.0943 1188 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS2\system32\drivers\MSKSSRV.sys
01:11:29.0974 1188 MSKSSRV - ok
01:11:30.0396 1188 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS2\system32\drivers\MSPCLOCK.sys
01:11:30.0396 1188 MSPCLOCK - ok
01:11:30.0506 1188 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS2\system32\drivers\MSPQM.sys
01:11:30.0537 1188 MSPQM - ok
01:11:30.0974 1188 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS2\system32\DRIVERS\mssmbios.sys
01:11:30.0990 1188 mssmbios - ok
01:11:31.0271 1188 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS2\system32\drivers\MSTEE.sys
01:11:31.0271 1188 MSTEE - ok
01:11:31.0584 1188 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS2\system32\drivers\Mup.sys
01:11:32.0068 1188 Mup - ok
01:11:33.0052 1188 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS2\system32\DRIVERS\NABTSFEC.sys
01:11:33.0115 1188 NABTSFEC - ok
01:11:34.0115 1188 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS2\system32\drivers\NDIS.sys
01:11:34.0271 1188 NDIS - ok
01:11:35.0099 1188 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS2\system32\DRIVERS\NdisIP.sys
01:11:35.0146 1188 NdisIP - ok
01:11:36.0490 1188 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS2\system32\DRIVERS\ndistapi.sys
01:11:36.0521 1188 NdisTapi - ok
01:11:37.0021 1188 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS2\system32\DRIVERS\ndisuio.sys
01:11:37.0021 1188 Ndisuio - ok
01:11:37.0131 1188 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS2\system32\DRIVERS\ndiswan.sys
01:11:37.0146 1188 NdisWan - ok
01:11:37.0599 1188 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS2\system32\drivers\NDProxy.sys
01:11:37.0662 1188 NDProxy - ok
01:11:39.0256 1188 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS2\system32\DRIVERS\netbios.sys
01:11:39.0256 1188 NetBIOS - ok
01:11:39.0537 1188 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS2\system32\DRIVERS\netbt.sys
01:11:39.0849 1188 NetBT - ok
01:11:41.0006 1188 NetDDE (05afb5ad06462257bea7495283c86d50) C:\WINDOWS2\system32\netdde.exe
01:11:41.0084 1188 NetDDE - ok
01:11:41.0084 1188 NetDDEdsdm (05afb5ad06462257bea7495283c86d50) C:\WINDOWS2\system32\netdde.exe
01:11:41.0099 1188 NetDDEdsdm - ok
01:11:41.0318 1188 Netlogon (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS2\system32\lsass.exe
01:11:41.0318 1188 Netlogon - ok
01:11:41.0459 1188 Netman (dab9e6c7105d2ef49876fe92c524f565) C:\WINDOWS2\System32\netman.dll
01:11:41.0459 1188 Netman - ok
01:11:42.0381 1188 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:11:42.0396 1188 NetTcpPortSharing - ok
01:11:42.0724 1188 NETw4x32 (b5ab1108b377b5f3d37409fabda01453) C:\WINDOWS2\system32\DRIVERS\NETw4x32.sys
01:11:42.0849 1188 NETw4x32 - ok
01:11:43.0349 1188 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS2\system32\DRIVERS\nic1394.sys
01:11:43.0381 1188 NIC1394 - ok
01:11:43.0506 1188 Nla (4e74af063c3271fbea20dd940cfd1184) C:\WINDOWS2\System32\mswsock.dll
01:11:43.0552 1188 Nla - ok
01:11:43.0849 1188 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS2\system32\drivers\Npfs.sys
01:11:43.0849 1188 Npfs - ok
01:11:43.0943 1188 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS2\system32\drivers\Ntfs.sys
01:11:43.0959 1188 Ntfs - ok
01:11:44.0099 1188 NtLmSsp (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS2\system32\lsass.exe
01:11:44.0099 1188 NtLmSsp - ok
01:11:44.0146 1188 NtmsSvc (b62f29c00ac55a761b2e45877d85ea0f) C:\WINDOWS2\system32\ntmssvc.dll
01:11:44.0177 1188 NtmsSvc - ok
01:11:44.0349 1188 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS2\system32\drivers\Null.sys
01:11:44.0349 1188 Null - ok
01:11:47.0115 1188 nv (0390b9368ea20dfb9e416a520b28a555) C:\WINDOWS2\system32\DRIVERS\nv4_mini.sys
01:11:50.0099 1188 nv - ok
01:11:50.0740 1188 NVSvc (a9fb3ef9a6385b56e8a6bd758ac01b94) C:\WINDOWS2\system32\nvsvc32.exe
01:11:50.0787 1188 NVSvc - ok
01:11:51.0521 1188 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS2\system32\DRIVERS\nwlnkflt.sys
01:11:51.0615 1188 NwlnkFlt - ok
01:11:51.0912 1188 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS2\system32\DRIVERS\nwlnkfwd.sys
01:11:51.0943 1188 NwlnkFwd - ok
01:11:52.0209 1188 OEM02Afx (58f478fd0115012ceec75fb73628901c) C:\WINDOWS2\system32\Drivers\OEM02Afx.sys
01:11:52.0224 1188 OEM02Afx - ok
01:11:52.0646 1188 OEM02Dev (19cac780b858822055f46c58a111723c) C:\WINDOWS2\system32\DRIVERS\OEM02Dev.sys
01:11:52.0662 1188 OEM02Dev - ok
01:11:52.0803 1188 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS2\system32\DRIVERS\OEM02Vfx.sys
01:11:52.0834 1188 OEM02Vfx - ok
01:11:53.0318 1188 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS2\system32\DRIVERS\ohci1394.sys
01:11:53.0349 1188 ohci1394 - ok
01:11:53.0506 1188 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:11:53.0506 1188 ose - ok
01:11:53.0865 1188 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS2\system32\drivers\Parport.sys
01:11:53.0881 1188 Parport - ok
01:11:53.0943 1188 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS2\system32\drivers\PartMgr.sys
01:11:53.0943 1188 PartMgr - ok
01:11:54.0068 1188 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS2\system32\drivers\ParVdm.sys
01:11:54.0131 1188 ParVdm - ok
01:11:54.0553 1188 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS2\system32\DRIVERS\pci.sys
01:11:54.0599 1188 PCI - ok
01:11:55.0084 1188 PCIDump - ok
01:11:55.0162 1188 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS2\system32\DRIVERS\pciide.sys
01:11:55.0162 1188 PCIIde - ok
01:11:55.0506 1188 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS2\system32\drivers\Pcmcia.sys
01:11:55.0506 1188 Pcmcia - ok
01:11:55.0537 1188 PDCOMP - ok
01:11:55.0553 1188 PDFRAME - ok
01:11:55.0568 1188 PDRELI - ok
01:11:55.0584 1188 PDRFRAME - ok
01:11:55.0615 1188 perc2 - ok
01:11:55.0631 1188 perc2hib - ok
01:11:55.0771 1188 PlugPlay (c6ce6eec82f187615d1002bb3bb50ed4) C:\WINDOWS2\system32\services.exe
01:11:55.0771 1188 PlugPlay - ok
01:11:55.0834 1188 PolicyAgent (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS2\system32\lsass.exe
01:11:55.0834 1188 PolicyAgent - ok
01:11:56.0021 1188 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS2\system32\DRIVERS\raspptp.sys
01:11:56.0021 1188 PptpMiniport - ok
01:11:56.0099 1188 ProtectedStorage (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS2\system32\lsass.exe
01:11:56.0099 1188 ProtectedStorage - ok
01:11:56.0115 1188 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS2\system32\DRIVERS\psched.sys
01:11:56.0115 1188 PSched - ok
01:11:56.0146 1188 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS2\system32\DRIVERS\ptilink.sys
01:11:56.0146 1188 Ptilink - ok
01:11:56.0162 1188 ql1080 - ok
01:11:56.0178 1188 Ql10wnt - ok
01:11:56.0193 1188 ql12160 - ok
01:11:56.0209 1188 ql1240 - ok
01:11:56.0240 1188 ql1280 - ok
01:11:56.0287 1188 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS2\system32\DRIVERS\rasacd.sys
01:11:56.0318 1188 RasAcd - ok
01:11:56.0381 1188 RasAuto (44db7a9bdd2fb58747d123fbf1d35adb) C:\WINDOWS2\System32\rasauto.dll
01:11:56.0381 1188 RasAuto - ok
01:11:56.0568 1188 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS2\system32\DRIVERS\rasl2tp.sys
01:11:56.0568 1188 Rasl2tp - ok
01:11:56.0599 1188 RasMan (41a3c11e3517c962c9b44893bcec3b34) C:\WINDOWS2\System32\rasmans.dll
01:11:56.0599 1188 RasMan - ok
01:11:56.0615 1188 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS2\system32\DRIVERS\raspppoe.sys
01:11:56.0631 1188 RasPppoe - ok
01:11:56.0693 1188 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS2\system32\DRIVERS\raspti.sys
01:11:56.0709 1188 Raspti - ok
01:11:56.0756 1188 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS2\system32\DRIVERS\rdbss.sys
01:11:56.0756 1188 Rdbss - ok
01:11:56.0865 1188 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS2\system32\DRIVERS\RDPCDD.sys
01:11:56.0896 1188 RDPCDD - ok
01:11:57.0396 1188 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS2\system32\DRIVERS\rdpdr.sys
01:11:57.0459 1188 rdpdr - ok
01:11:57.0803 1188 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS2\system32\drivers\RDPWD.sys
01:11:57.0803 1188 RDPWD - ok
01:11:57.0896 1188 RDSessMgr (729798e0933076b8fcfcd9934698f164) C:\WINDOWS2\system32\sessmgr.exe
01:11:57.0896 1188 RDSessMgr - ok
01:11:57.0959 1188 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS2\system32\DRIVERS\redbook.sys
01:11:57.0974 1188 redbook - ok
01:11:58.0209 1188 RemoteAccess (3046db917e3cfa040632799dd9b14865) C:\WINDOWS2\System32\mprdim.dll
01:11:58.0224 1188 RemoteAccess - ok
01:11:58.0303 1188 RemoteRegistry (3151427db7d87107d1c5be58fac53960) C:\WINDOWS2\system32\regsvc.dll
01:11:58.0303 1188 RemoteRegistry - ok
01:11:58.0428 1188 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS2\system32\DRIVERS\rimmptsk.sys
01:11:58.0428 1188 rimmptsk - ok
01:11:58.0443 1188 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS2\system32\DRIVERS\rimsptsk.sys
01:11:58.0443 1188 rimsptsk - ok
01:11:58.0474 1188 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS2\system32\DRIVERS\rixdptsk.sys
01:11:58.0474 1188 rismxdp - ok
01:11:58.0568 1188 RpcLocator (793f04a09b15e7c6c11dbdffaf06c0ab) C:\WINDOWS2\system32\locator.exe
01:11:58.0568 1188 RpcLocator - ok
01:11:58.0896 1188 RpcSs (5c83a4408604f737717ab96371201680) C:\WINDOWS2\System32\rpcss.dll
01:11:58.0912 1188 RpcSs - ok
01:11:59.0318 1188 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS2\system32\rsvp.exe
01:11:59.0334 1188 RSVP - ok
01:11:59.0662 1188 SamSs (84885f9b82f4d55c6146ebf6065d75d2) C:\WINDOWS2\system32\lsass.exe
01:11:59.0678 1188 SamSs - ok
01:11:59.0943 1188 SBKUPNT (729248b54aff21e740054acebfdbcb1c) C:\WINDOWS2\system32\Drivers\SBKUPNT.SYS
01:12:00.0037 1188 SBKUPNT - ok
01:12:01.0756 1188 SCardSvr (25d8de134df108e3dbc8d7d23b1aa58e) C:\WINDOWS2\System32\SCardSvr.exe
01:12:01.0787 1188 SCardSvr - ok
01:12:02.0178 1188 Schedule (92360854316611f6cc471612213c3d92) C:\WINDOWS2\system32\schedsvc.dll
01:12:02.0193 1188 Schedule - ok
01:12:02.0303 1188 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS2\system32\DRIVERS\sdbus.sys
01:12:02.0303 1188 sdbus - ok
01:12:02.0396 1188 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS2\system32\DRIVERS\secdrv.sys
01:12:02.0396 1188 Secdrv - ok
01:12:02.0756 1188 seclogon (b1e0ce09895376871746f36dc5773b4f) C:\WINDOWS2\System32\seclogon.dll
01:12:02.0787 1188 seclogon - ok
01:12:02.0881 1188 SENS (dfd9870cf39c791d86c4c209da9fa919) C:\WINDOWS2\system32\sens.dll
01:12:02.0896 1188 SENS - ok
01:12:03.0271 1188 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS2\system32\drivers\Serial.sys
01:12:03.0318 1188 Serial - ok
01:12:03.0506 1188 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS2\system32\DRIVERS\sffdisk.sys
01:12:03.0615 1188 sffdisk - ok
01:12:04.0068 1188 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS2\system32\DRIVERS\sffp_sd.sys
01:12:04.0099 1188 sffp_sd - ok
01:12:04.0381 1188 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS2\system32\drivers\Sfloppy.sys
01:12:04.0381 1188 Sfloppy - ok
01:12:04.0615 1188 SharedAccess (36cc8c01b5e50163037bef56cb96deff) C:\WINDOWS2\System32\ipnathlp.dll
01:12:04.0615 1188 SharedAccess - ok
01:12:04.0881 1188 ShellHWDetection (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS2\System32\shsvcs.dll
01:12:04.0896 1188 ShellHWDetection - ok
01:12:04.0959 1188 Simbad - ok
01:12:05.0084 1188 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS2\system32\DRIVERS\SLIP.sys
01:12:05.0099 1188 SLIP - ok
01:12:05.0334 1188 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS2\system32\DRIVERS\SONYPVU1.SYS
01:12:05.0365 1188 SONYPVU1 - ok
01:12:05.0443 1188 Sparrow - ok
01:12:05.0974 1188 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS2\system32\drivers\splitter.sys
01:12:06.0099 1188 splitter - ok
01:12:06.0318 1188 Spooler (7435b108b935e42ea92ca94f59c8e717) C:\WINDOWS2\system32\spoolsv.exe
01:12:06.0318 1188 Spooler - ok
01:12:06.0381 1188 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS2\system32\DRIVERS\sr.sys
01:12:06.0381 1188 sr - ok
01:12:06.0443 1188 srservice (92bdf74f12d6cbec43c94d4b7f804838) C:\WINDOWS2\system32\srsvc.dll
01:12:06.0443 1188 srservice - ok
01:12:06.0553 1188 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS2\system32\DRIVERS\srv.sys
01:12:06.0553 1188 Srv - ok
01:12:06.0615 1188 SSDPSRV (4b8d61792f7175bed48859cc18ce4e38) C:\WINDOWS2\System32\ssdpsrv.dll
01:12:06.0615 1188 SSDPSRV - ok
01:12:06.0881 1188 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS2\system32\drivers\sthda.sys
01:12:06.0943 1188 STHDA - ok
01:12:07.0193 1188 stisvc (d9f6c4f6b1e188adafc42b561d9bc2e6) C:\WINDOWS2\system32\wiaservc.dll
01:12:07.0209 1188 stisvc - ok
01:12:07.0318 1188 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS2\system32\DRIVERS\StreamIP.sys
01:12:07.0349 1188 streamip - ok
01:12:08.0381 1188 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS2\system32\DRIVERS\swenum.sys
01:12:08.0396 1188 swenum - ok
01:12:08.0865 1188 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS2\system32\drivers\swmidi.sys
01:12:08.0865 1188 swmidi - ok
01:12:08.0881 1188 SwPrv - ok
01:12:08.0912 1188 symc810 - ok
01:12:09.0068 1188 symc8xx - ok
01:12:09.0303 1188 sym_hi - ok
01:12:09.0381 1188 sym_u3 - ok
01:12:09.0568 1188 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS2\system32\drivers\sysaudio.sys
01:12:09.0584 1188 sysaudio - ok
01:12:09.0896 1188 SysmonLog (8b54aa346d1b1b113ffaa75501b8b1b2) C:\WINDOWS2\system32\smlogsvc.exe
01:12:09.0912 1188 SysmonLog - ok
01:12:10.0084 1188 TapiSrv (eb4a4187d74a8efdcbea3ea2cb1bdfbd) C:\WINDOWS2\System32\tapisrv.dll
01:12:10.0115 1188 TapiSrv - ok
01:12:10.0381 1188 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS2\system32\DRIVERS\tcpip.sys
01:12:10.0381 1188 Tcpip - ok
01:12:10.0584 1188 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS2\system32\drivers\TDPIPE.sys
01:12:10.0631 1188 TDPIPE - ok
01:12:10.0943 1188 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS2\system32\drivers\TDTCP.sys
01:12:11.0006 1188 TDTCP - ok
01:12:11.0162 1188 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS2\system32\DRIVERS\termdd.sys
01:12:11.0178 1188 TermDD - ok
01:12:12.0396 1188 TermService (b60c877d16d9c880b952fda04adf16e6) C:\WINDOWS2\System32\termsrv.dll
01:12:12.0475 1188 TermService - ok
01:12:12.0537 1188 Themes (e7518dc542d3ebdcb80edd98462c7821) C:\WINDOWS2\System32\shsvcs.dll
01:12:12.0537 1188 Themes - ok
01:12:12.0615 1188 TlntSvr (37db0a7d097310e8b4de803fc3119c78) C:\WINDOWS2\system32\tlntsvr.exe
01:12:12.0631 1188 TlntSvr - ok
01:12:12.0818 1188 TosIde - ok
01:12:12.0896 1188 TrkWks (6d9ac544b30f96c57f8206566c1fb6a1) C:\WINDOWS2\system32\trkwks.dll
01:12:12.0896 1188 TrkWks - ok
01:12:12.0959 1188 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS2\system32\drivers\Udfs.sys
01:12:13.0100 1188 Udfs - ok
01:12:13.0115 1188 ultra - ok
01:12:13.0287 1188 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS2\system32\DRIVERS\update.sys
01:12:13.0318 1188 Update - ok
01:12:13.0475 1188 upnphost (0546477bde979e33294fe97f6b3de84a) C:\WINDOWS2\System32\upnphost.dll
01:12:13.0490 1188 upnphost - ok
01:12:13.0553 1188 UPS (3f5df65b0758675f95a2d43918a740a3) C:\WINDOWS2\System32\ups.exe
01:12:13.0584 1188 UPS - ok
01:12:13.0756 1188 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS2\system32\Drivers\usbaapl.sys
01:12:13.0787 1188 USBAAPL - ok
01:12:14.0350 1188 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS2\system32\DRIVERS\usbccgp.sys
01:12:14.0396 1188 usbccgp - ok
01:12:14.0771 1188 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS2\system32\DRIVERS\usbehci.sys
01:12:14.0787 1188 usbehci - ok
01:12:14.0990 1188 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS2\system32\DRIVERS\usbhub.sys
01:12:15.0021 1188 usbhub - ok
01:12:16.0068 1188 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS2\system32\DRIVERS\usbscan.sys
01:12:16.0146 1188 usbscan - ok
01:12:16.0771 1188 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS2\system32\DRIVERS\USBSTOR.SYS
01:12:16.0803 1188 USBSTOR - ok
01:12:17.0256 1188 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS2\system32\DRIVERS\usbuhci.sys
01:12:17.0256 1188 usbuhci - ok
01:12:17.0506 1188 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS2\system32\Drivers\usbvideo.sys
01:12:17.0568 1188 usbvideo - ok
01:12:17.0803 1188 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS2\System32\drivers\vga.sys
01:12:17.0818 1188 VgaSave - ok
01:12:18.0475 1188 ViaIde - ok
01:12:18.0553 1188 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS2\system32\drivers\VolSnap.sys
01:12:18.0568 1188 VolSnap - ok
01:12:18.0725 1188 VSS (3ee00364ae0fd8d604f46cbaf512838a) C:\WINDOWS2\System32\vssvc.exe
01:12:18.0756 1188 VSS - ok
01:12:19.0037 1188 W32Time (2b281958f5d0cf99ed626e3ef39d5c8d) C:\WINDOWS2\system32\w32time.dll
01:12:19.0037 1188 W32Time - ok
01:12:19.0412 1188 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS2\system32\DRIVERS\wanarp.sys
01:12:19.0412 1188 Wanarp - ok
01:12:19.0584 1188 WDICA - ok
01:12:19.0693 1188 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS2\system32\drivers\wdmaud.sys
01:12:19.0693 1188 wdmaud - ok
01:12:19.0803 1188 WebClient (5d0a442864bfbf3b19dcca4cd29f6e99) C:\WINDOWS2\System32\webclnt.dll
01:12:19.0818 1188 WebClient - ok
01:12:20.0021 1188 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS2\system32\DRIVERS\HSF_CNXT.sys
01:12:20.0100 1188 winachsf - ok
01:12:20.0850 1188 winmgmt (f399242a80c4066fd155efa4cf96658e) C:\WINDOWS2\system32\wbem\WMIsvc.dll
01:12:20.0959 1188 winmgmt - ok
01:12:21.0584 1188 WmdmPmSN (c086483e3dba8c1c0a687ec8d5b3d4c1) C:\WINDOWS2\system32\mspmsnsv.dll
01:12:21.0584 1188 WmdmPmSN - ok
01:12:22.0256 1188 Wmi (1aff244ca134956c54474f4e2433e4ce) C:\WINDOWS2\System32\advapi32.dll
01:12:22.0396 1188 Wmi - ok
01:12:22.0740 1188 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS2\system32\DRIVERS\wmiacpi.sys
01:12:22.0756 1188 WmiAcpi - ok
01:12:22.0928 1188 WmiApSrv (ba8cecc3e813e1f7c441b20393d4f86c) C:\WINDOWS2\system32\wbem\wmiapsrv.exe
01:12:22.0928 1188 WmiApSrv - ok
01:12:23.0162 1188 WPFFontCache_v0400 - ok
01:12:23.0287 1188 wscsvc (4d59daa66c60858cdf4f67a900f42d4a) C:\WINDOWS2\system32\wscsvc.dll
01:12:23.0303 1188 wscsvc - ok
01:12:23.0490 1188 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS2\system32\DRIVERS\WSTCODEC.SYS
01:12:23.0537 1188 WSTCODEC - ok
01:12:23.0631 1188 wuauserv (13d72740963cba12d9ff76a7f218bcd8) C:\WINDOWS2\system32\wuauserv.dll
01:12:23.0631 1188 wuauserv - ok
01:12:23.0725 1188 WZCSVC (5a91e6feab9f901302fa7ff768c0120f) C:\WINDOWS2\System32\wzcsvc.dll
01:12:23.0740 1188 WZCSVC - ok
01:12:23.0975 1188 xmlprov (eef46dab68229a14da3d8e73c99e2959) C:\WINDOWS2\System32\xmlprov.dll
01:12:24.0115 1188 xmlprov - ok
01:12:24.0240 1188 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
01:12:24.0475 1188 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
01:12:24.0521 1188 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
01:12:24.0553 1188 Boot (0x1200) (b555b91f577cbb009e14078586928726) \Device\Harddisk0\DR0\Partition0
01:12:24.0584 1188 \Device\Harddisk0\DR0\Partition0 - ok
01:12:24.0584 1188 ============================================================
01:12:24.0584 1188 Scan finished
01:12:24.0584 1188 ============================================================
01:12:24.0600 2952 Detected object count: 1
01:12:24.0646 2952 Actual detected object count: 1
01:16:35.0601 2952 \Device\Harddisk0\DR0\# - copied to quarantine
01:16:35.0664 2952 \Device\Harddisk0\DR0 - copied to quarantine
01:16:35.0820 2952 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
01:16:35.0836 2952 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
01:16:35.0851 2952 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
01:16:35.0851 2952 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
01:16:35.0867 2952 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
01:16:35.0882 2952 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
01:16:36.0132 2952 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
01:16:36.0195 2952 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
01:16:36.0242 2952 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
01:16:36.0242 2952 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
01:16:36.0257 2952 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
01:16:36.0257 2952 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
01:16:36.0351 2952 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
01:16:36.0367 2952 \Device\Harddisk0\DR0 - ok
01:16:36.0382 2952 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure




furyofdawolfx

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2009-12-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by Superdave on Fri 13 Apr 2012, 4:48 am

Please run aswMBR.exe again and post the log along with these logs.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on Fri 13 Apr 2012, 1:10 pm

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-12 18:48:00
-----------------------------
18:48:00.658 OS Version: Windows 5.1.2600 Service Pack 2
18:48:00.658 Number of processors: 2 586 0xF0D
18:48:00.658 ComputerName: ANTONIO-LAPTOP UserName: Antonio
18:48:40.940 Initialize success
18:51:26.132 AVAST engine defs: 12041201
18:52:00.805 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
18:52:00.820 Disk 0 Vendor: Hitachi_HTS542512K9SA00 BB2OC39P Size: 114473MB BusType: 3
18:52:00.820 Device \Driver\atapi -> DriverStartIo 868202c6
18:52:01.039 Disk 0 MBR read successfully
18:52:01.055 Disk 0 MBR scan
18:52:01.336 Disk 0 Windows XP default MBR code
18:52:01.414 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
18:52:01.524 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 108509 MB offset 160650
18:52:01.555 Disk 0 Partition - 00 0F Extended LBA 2557 MB offset 222387795
18:52:01.617 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3325 MB offset 227624985
18:52:01.805 Disk 0 Partition 4 00 DD MSWIN4.1 2557 MB offset 222387858
18:52:01.992 Disk 0 scanning sectors +234436545
18:52:02.461 Disk 0 scanning C:\WINDOWS2\system32\drivers
18:53:23.948 Service scanning
18:55:09.919 Modules scanning
18:56:06.764 Disk 0 trace - called modules:
18:56:06.780 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8682049f]<<
18:56:06.780 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d6eab8]
18:56:06.780 3 CLASSPNP.SYS[f76e505b] -> nt!IofCallDriver -> [0x86aeb588]
18:56:06.795 \Driver\atapi[0x86c501c8] -> IRP_MJ_CREATE -> 0x8682049f
18:56:11.999 AVAST engine scan C:\WINDOWS2
18:56:37.468 AVAST engine scan C:\WINDOWS2\system32
19:24:52.174 AVAST engine scan C:\WINDOWS2\system32\drivers
19:27:31.582 AVAST engine scan C:\Documents and Settings\Antonio.ANTONIO-LAPTOP
20:02:03.312 File: C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Local Settings\temp\10.tmp **INFECTED** Win32:Alureon-ASD [Trj]
20:07:26.269 AVAST engine scan C:\Documents and Settings\All Users.WINDOWS2
20:08:03.441 Scan finished successfully
20:08:51.301 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\MBR.dat"
20:08:51.364 The log file has been saved successfully to "C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Desktop\aswMBR_2.txt"


furyofdawolfx

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2009-12-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on Fri 13 Apr 2012, 1:15 pm

My impression of you instruction for SUPERAntiSpyware is that the clicking on "scan your computer" would still give me options to change my setting. I clicked on it, but it was still set on "quick scan." It detected something immediately, so I let the scan finish. Here are the results:



SUPERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 04/12/2012 at 09:34 PM

Application Version : 5.0.1146

Core Rules Database Version : 8451
Trace Rules Database Version: 6263

Scan type : Quick Scan
Total Scan Time : 01:07:23

Operating System Information
Windows XP Professional 32-bit, Service Pack 2 (Build 5.01.2600)
Administrator

Memory items scanned : 464
Memory threats detected : 0
Registry items scanned : 28431
Registry threats detected : 0
File items scanned : 25114
File threats detected : 142

Adware.Tracking Cookie
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@adbrite[1].txt [ /adbrite ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@ads.pointroll[1].txt [ /ads.pointroll ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@atdmt[2].txt [ /atdmt ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@click.get-answers-fast[1].txt [ /click.get-answers-fast ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@collective-media[2].txt [ /collective-media ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@doubleclick[1].txt [ /doubleclick ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@imrworldwide[2].txt [ /imrworldwide ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@invitemedia[2].txt [ /invitemedia ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@lucidmedia[1].txt [ /lucidmedia ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@media6degrees[1].txt [ /media6degrees ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@pointroll[2].txt [ /pointroll ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@questionmarket[2].txt [ /questionmarket ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@revsci[2].txt [ /revsci ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@ru4[1].txt [ /ru4 ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@serving-sys[2].txt [ /serving-sys ]
C:\Documents and Settings\Antonio.ANTONIO-LAPTOP\Cookies\antonio@statcounter[2].txt [ /statcounter ]
C:\DOCUMENTS AND SETTINGS\ANTONIO\Cookies\antonio@doubleclick[1].txt [ Cookie:antonio@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\ANTONIO\Cookies\antonio@CADSXJ82.txt [ Cookie:antonio@ad.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\ANTONIO\Cookies\antonio@content.yieldmanager[8].txt [ Cookie:antonio@content.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\ANTONIO\Cookies\antonio@CA74991N.txt [ Cookie:antonio@content.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\ANTONIO\Cookies\antonio@statcounter[2].txt [ Cookie:antonio@statcounter.com/ ]
C:\DOCUMENTS AND SETTINGS\ANTONIO.ANTONIO-LAPTOP\Cookies\antonio@adsonar[2].txt [ Cookie:antonio@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\ANTONIO.ANTONIO-LAPTOP\Cookies\antonio@[You must be registered and logged in to see this link.] [ Cookie:antonio@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@ru4[1].txt [ Cookie:system@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@1sadx[1].txt [ Cookie:system@1sadx.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@[You must be registered and logged in to see this link.] [ Cookie:system@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@fastclick[1].txt [ Cookie:system@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@media6degrees[2].txt [ Cookie:system@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@revsci[1].txt [ Cookie:system@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@atdmt[2].txt [ Cookie:system@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@doubleclick[2].txt [ Cookie:system@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@perfectsearchengine[1].txt [ Cookie:system@perfectsearchengine.com/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@lucidmedia[1].txt [ Cookie:system@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@find-green[1].txt [ Cookie:system@find-green.com/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@realmedia[2].txt [ Cookie:system@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@mediatraffic[1].txt [ Cookie:system@mediatraffic.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@seek-your[1].txt [ Cookie:system@seek-your.com/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@burstnet[2].txt [ Cookie:system@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@adbrite[1].txt [ Cookie:system@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@indigo-search[1].txt [ Cookie:system@indigo-search.com/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@apmebf[2].txt [ Cookie:system@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@adxpose[1].txt [ Cookie:system@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@ad2.adfarm1.adition[2].txt [ Cookie:system@ad2.adfarm1.adition.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@pro-market[1].txt [ Cookie:system@pro-market.net/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@casalemedia[1].txt [ Cookie:system@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@questionmarket[2].txt [ Cookie:system@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@network.realmedia[1].txt [ Cookie:system@network.realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@tribalfusion[2].txt [ Cookie:system@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@mediaservices-d.openxenterprise[1].txt [ Cookie:system@mediaservices-d.openxenterprise.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@easysearchsite[1].txt [ Cookie:system@easysearchsite.com/click/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@advertising[1].txt [ Cookie:system@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE.NT AUTHORITY\Cookies\system@findology[1].txt [ Cookie:system@findology.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@ru4[4].txt [ Cookie:system@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@revsci[5].txt [ Cookie:system@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@fastclick[5].txt [ Cookie:system@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@imrworldwide[4].txt [ Cookie:system@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@1sadx[6].txt [ Cookie:system@1sadx.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@CAPTS0CP.txt [ Cookie:system@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@interclick[3].txt [ Cookie:system@interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@serving-sys[9].txt [ Cookie:system@serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@CAWL610E.txt [ Cookie:system@dc.tremormedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@media6degrees[11].txt [ Cookie:system@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@trafficmp[2].txt [ Cookie:system@trafficmp.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@a1.interclick[1].txt [ Cookie:system@a1.interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@keepufind[5].txt [ Cookie:system@keepufind.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@ox-d.enveromedia[9].txt [ Cookie:system@ox-d.enveromedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@CAZ4TJ1D.txt [ Cookie:system@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@adtech[5].txt [ Cookie:system@adtech.de/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@adbrite[10].txt [ Cookie:system@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@CAGNS2UT.txt [ Cookie:system@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@gamersmedia[3].txt [ Cookie:system@gamersmedia.com/servlet/ajrotator/track/pt1208644 ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@burstnet[5].txt [ Cookie:system@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@mediaplex[8].txt [ Cookie:system@mediaplex.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@uiadserver[2].txt [ Cookie:system@uiadserver.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@revsci[10].txt [ Cookie:system@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@[You must be registered and logged in to see this link.] [ Cookie:system@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@atdmt[4].txt [ Cookie:system@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@adtech[4].txt [ Cookie:system@adtech.de/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@doubleclick[2].txt [ Cookie:system@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@eclickz[8].txt [ Cookie:system@eclickz.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@gotacha.rotator.hadj7.adjuggler[1].txt [ Cookie:system@gotacha.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@lucidmedia[8].txt [ Cookie:system@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@statcounter[9].txt [ Cookie:system@statcounter.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@invitemedia[7].txt [ Cookie:system@invitemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@enhance[3].txt [ Cookie:system@enhance.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@casalemedia[7].txt [ Cookie:system@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@pro-market[8].txt [ Cookie:system@pro-market.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@cdn.jemamedia[4].txt [ Cookie:system@cdn.jemamedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@adbrite[3].txt [ Cookie:system@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@media.adfrontiers[8].txt [ Cookie:system@media.adfrontiers.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@ads.pointroll[10].txt [ Cookie:system@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@search.eclickz[7].txt [ Cookie:system@search.eclickz.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@CAXD34UW.txt [ Cookie:system@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@ad2.adfarm1.adition[4].txt [ Cookie:system@ad2.adfarm1.adition.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@burstnet[3].txt [ Cookie:system@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@adbrite[11].txt [ Cookie:system@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@[You must be registered and logged in to see this link.] [ Cookie:system@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@mediaservices-d.openxenterprise[10].txt [ Cookie:system@mediaservices-d.openxenterprise.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@yieldmanager[3].txt [ Cookie:system@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@ox-d.enveromedia[6].txt [ Cookie:system@ox-d.enveromedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@[You must be registered and logged in to see this link.] [ Cookie:system@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@ox-d.adservermedia[7].txt [ Cookie:system@ox-d.adservermedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@bs.serving-sys[2].txt [ Cookie:system@bs.serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@ad2.adfarm1.adition[7].txt [ Cookie:system@ad2.adfarm1.adition.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@network.realmedia[7].txt [ Cookie:system@network.realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@bizzclick[7].txt [ Cookie:system@bizzclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@network.realmedia[8].txt [ Cookie:system@network.realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@s3.trafficno[6].txt [ Cookie:system@s3.trafficno.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@ad.yieldmanager[9].txt [ Cookie:system@ad.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@mediaplex[4].txt [ Cookie:system@mediaplex.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@advertisers.pixfuture[1].txt [ Cookie:system@advertisers.pixfuture.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@tribalfusion[11].txt [ Cookie:system@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@dc.tremormedia[8].txt [ Cookie:system@dc.tremormedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@cdmedia.rotator.hadj7.adjuggler[2].txt [ Cookie:system@cdmedia.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@revsci[8].txt [ Cookie:system@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@1sadx[3].txt [ Cookie:system@1sadx.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@mediaservices-d.openxenterprise[11].txt [ Cookie:system@mediaservices-d.openxenterprise.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@legolas-media[5].txt [ Cookie:system@legolas-media.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@collective-media[8].txt [ Cookie:system@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@serving-sys[10].txt [ Cookie:system@serving-sys.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@click.get-answers-fast[5].txt [ Cookie:system@click.get-answers-fast.com/ads-clicktrack/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@locatesearchfind[1].txt [ Cookie:system@locatesearchfind.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@findology[4].txt [ Cookie:system@findology.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@fastclick[6].txt [ Cookie:system@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@ads.gamersmedia[5].txt [ Cookie:system@ads.gamersmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@adsonar[8].txt [ Cookie:system@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@adnetwork[1].txt [ Cookie:system@adnetwork.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@kanoodle[3].txt [ Cookie:system@kanoodle.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@realmedia[7].txt [ Cookie:system@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@apmebf[5].txt [ Cookie:system@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@adxpose[4].txt [ Cookie:system@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@entrepreneur[3].txt [ Cookie:system@entrepreneur.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@casalemedia[8].txt [ Cookie:system@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@CAAOFWKY.txt [ Cookie:system@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@adserver.adtechus[3].txt [ Cookie:system@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@bizzclick[4].txt [ Cookie:system@bizzclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@ads.pointroll[7].txt [ Cookie:system@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@yadro[2].txt [ Cookie:system@yadro.ru/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@CA7TMZY4.txt [ Cookie:system@advertising.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@[You must be registered and logged in to see this link.] [ Cookie:system@[You must be registered and logged in to see this link.] ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE.NT AUTHORITY\Cookies\system@citygridmedia[4].txt [ Cookie:system@citygridmedia.com/ ]



I am currently running a scan with Malwarebytes per your instructions. If you would like me to perform a full scan with SuperAntiSpyware, please let me know. Thank again.

furyofdawolfx

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2009-12-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on Sat 14 Apr 2012, 9:26 am

Here are my results for Malwarebytes. Computer seems better, but COMODO is detecting somethingg called hj8o1.exe trying trying do something to my system. Is this bad?

Malwarebytes Anti-Malware 1.61.0.1400
[You must be registered and logged in to see this link.]

Database version: v2012.04.13.01

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Antonio :: ANTONIO-LAPTOP [administrator]

4/12/2012 10:06:33 PM
mbam-log-2012-04-12 (22-06-33).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 394618
Time elapsed: 5 hour(s), 34 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\WINDOWS2\temp\ecssxxpfoeubn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS2\temp\mjhpcwujngclswtnpqh.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS2\temp\vswurnumovfwiqo.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS2\temp\wusctpegqmtylt.exe (Backdoor.Agent.RCGen) -> Quarantined and deleted successfully.
C:\WINDOWS2\temp\0.37774490646553416 (Exploit.Drop.9) -> Quarantined and deleted successfully.

(end)

furyofdawolfx

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2009-12-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by Superdave on Sat 14 Apr 2012, 10:45 am

but COMODO is detecting somethingg called hj8o1.exe trying trying do something to my system. Is this bad?
If Comodo is detecting it, it can't be good.

Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on Sat 14 Apr 2012, 5:24 pm

ComboFix 12-04-13.01 - Antonio 04/14/2012 0:30.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.128 [GMT -4:00]
Running from: c:\documents and settings\Antonio.ANTONIO-LAPTOP\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-14 05:21 . 2012-04-14 05:21 0 --sha-w- c:\windows2\system32\dds_trash_log.cmd
2012-04-14 05:05 . 2012-04-14 05:02 323072 ---ha-w- c:\documents and settings\All Users.WINDOWS2\Application Data\QkqnRvQCEE.exe
2012-04-14 05:04 . 2012-04-14 05:04 86016 ---ha-w- c:\documents and settings\All Users.WINDOWS2\Application Data\eccccfaddeafacdfdct.exe
2012-04-13 22:43 . 2012-04-13 22:43 -------- d-sh--w- c:\windows2\system32\config\systemprofile\PrivacIE
2012-04-13 22:41 . 2012-04-13 22:41 -------- d-sh--w- c:\windows2\system32\config\systemprofile\IETldCache
2012-04-13 00:19 . 2012-04-13 00:19 -------- d--h--w- c:\documents and settings\Antonio.ANTONIO-LAPTOP\Application Data\SUPERAntiSpyware.com
2012-04-13 00:16 . 2012-04-13 00:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-13 00:16 . 2012-04-13 00:16 -------- d--h--w- c:\documents and settings\All Users.WINDOWS2\Application Data\SUPERAntiSpyware.com
2012-04-12 04:47 . 2012-04-12 05:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-09 01:34 . 2012-04-09 01:34 -------- d-----w- C:\VritualRoot
2012-04-09 01:34 . 2012-04-09 01:35 -------- d--h--w- c:\documents and settings\All Users.WINDOWS2\Application Data\COMODO
2012-04-09 01:34 . 2012-04-14 04:05 1474832 ----a-w- c:\windows2\system32\drivers\sfi.dat
2012-04-09 00:57 . 2012-04-09 00:59 -------- d-----w- c:\program files\COMODO
2012-04-09 00:53 . 2012-04-09 00:53 -------- d--h--w- c:\documents and settings\All Users.WINDOWS2\Application Data\Comodo Downloader
2012-04-08 17:57 . 2012-04-08 17:57 -------- d-----w- c:\program files\CCleaner
2012-04-08 16:24 . 2009-08-06 23:24 44768 ----a-w- c:\windows2\system32\wups2.dll
2012-04-08 16:24 . 2009-08-06 23:24 21728 ----a-w- c:\windows2\system32\wucltui.dll.mui
2012-04-08 16:23 . 2009-08-06 23:24 17632 ----a-w- c:\windows2\system32\wuaueng.dll.mui
2012-04-08 16:23 . 2009-08-06 23:24 15072 ----a-w- c:\windows2\system32\wuaucpl.cpl.mui
2012-04-08 16:23 . 2009-08-06 23:24 15064 ----a-w- c:\windows2\system32\wuapi.dll.mui
2012-04-08 16:12 . 2012-04-08 16:14 -------- d-----w- c:\windows2\system32\NtmsData
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-04-03 03:51 . 2012-04-03 03:51 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2012-04-02 02:04 . 2012-04-02 02:04 418464 ----a-w- c:\windows2\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-12-10 22:23 22344 ----a-w- c:\windows2\system32\drivers\mbam.sys
2012-04-02 02:04 . 2011-06-03 16:01 70304 ----a-w- c:\windows2\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 06:19 . 2007-11-07 06:19 54272 c:\windows2\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 46592 c:\windows2\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90kor.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 47104 c:\windows2\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90jpn.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 59392 c:\windows2\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90ita.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 60416 c:\windows2\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90fra.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 59392 c:\windows2\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esp.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 59392 c:\windows2\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esn.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 54272 c:\windows2\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90enu.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 60928 c:\windows2\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90deu.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 41984 c:\windows2\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90cht.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 41472 c:\windows2\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90chs.dll
+ 2007-11-07 03:51 . 2007-11-07 03:51 59904 c:\windows2\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll
+ 2007-11-07 03:51 . 2007-11-07 03:51 59904 c:\windows2\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll
+ 2012-04-14 03:56 . 2012-04-14 03:56 16384 c:\windows2\temp\Perflib_Perfdata_338.dat
+ 2012-04-14 05:03 . 2012-04-14 05:03 86016 c:\windows2\temp\ecssxxpfoeubn.exe
+ 2010-09-20 02:24 . 2009-08-06 23:24 35552 c:\windows2\system32\wups.dll
+ 2010-09-20 02:24 . 2009-08-06 23:24 53472 c:\windows2\system32\wuauclt.exe
+ 2008-07-30 02:10 . 2008-07-30 02:10 26112 c:\windows2\system32\TsWpfWrp.exe
+ 2011-12-24 07:54 . 2008-07-06 12:06 89088 c:\windows2\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
+ 2012-04-08 16:24 . 2009-08-06 23:24 35552 c:\windows2\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2008-07-30 00:59 . 2008-07-30 00:59 43544 c:\windows2\system32\PresentationHostProxy.dll
+ 2001-08-23 12:00 . 2012-04-14 05:40 69412 c:\windows2\system32\perfc009.dat
- 2010-09-26 14:11 . 2011-02-06 06:35 28029 c:\windows2\system32\nvModes.dat
+ 2010-09-26 14:11 . 2011-08-08 14:55 28029 c:\windows2\system32\nvModes.dat
+ 2008-07-25 16:16 . 2008-07-25 16:16 83968 c:\windows2\system32\mscories.dll
+ 2011-09-12 03:00 . 2011-09-12 03:00 56640 c:\windows2\system32\mlfcache.dat
+ 2011-08-31 04:05 . 2011-08-31 04:05 50536 c:\windows2\system32\jdns_sd.dll
+ 2008-07-30 00:24 . 2008-07-30 00:24 97800 c:\windows2\system32\infocardapi.dll
+ 2008-07-30 00:24 . 2008-07-30 00:24 11264 c:\windows2\system32\icardres.dll
+ 2011-12-24 05:44 . 2004-08-04 05:56 21504 c:\windows2\system32\hidserv.dll
+ 2008-07-30 02:10 . 2008-07-30 02:10 73720 c:\windows2\system32\dxva2.dll
+ 2011-12-26 22:36 . 2011-08-02 22:38 42496 c:\windows2\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaapl.sys
+ 2011-12-26 22:36 . 2011-08-02 22:38 18432 c:\windows2\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\netaapl.sys
+ 2010-09-29 01:00 . 2011-08-02 22:38 42496 c:\windows2\system32\drivers\usbaapl.sys
+ 2011-12-24 05:44 . 2001-08-17 18:48 12160 c:\windows2\system32\drivers\mouhid.sys
+ 2010-04-09 05:25 . 2010-04-09 05:25 86800 c:\windows2\system32\drivers\inspect.sys
+ 2010-04-09 05:25 . 2010-04-09 05:25 25240 c:\windows2\system32\drivers\cmdhlp.sys
+ 2010-04-09 05:25 . 2010-04-09 05:25 15464 c:\windows2\system32\drivers\cmderd.sys
+ 2011-08-31 04:05 . 2011-08-31 04:05 73064 c:\windows2\system32\dnssd.dll
+ 2011-08-31 04:05 . 2011-08-31 04:05 83816 c:\windows2\system32\dns-sd.exe
+ 2010-09-20 02:24 . 2009-08-06 23:24 35552 c:\windows2\system32\dllcache\wups.dll
+ 2010-09-20 02:24 . 2009-08-06 23:24 53472 c:\windows2\system32\dllcache\wuauclt.exe
+ 2011-12-24 05:44 . 2001-08-17 18:48 12160 c:\windows2\system32\dllcache\mouhid.sys
+ 2011-12-24 05:44 . 2004-08-04 05:56 21504 c:\windows2\system32\dllcache\hidserv.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 89088 c:\windows2\system32\dllcache\filterpipelineprintproc.dll
+ 2004-08-03 22:56 . 2009-08-06 23:24 96480 c:\windows2\system32\dllcache\cdm.dll
+ 2012-04-13 22:43 . 2012-04-13 22:43 32768 c:\windows2\system32\config\systemprofile\PrivacIE\index.dat
+ 2012-04-08 17:28 . 2012-04-13 22:43 49152 c:\windows2\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-20 02:53 . 2011-04-17 20:40 32768 c:\windows2\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-09-20 02:53 . 2012-04-13 22:43 32768 c:\windows2\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-04-13 22:43 . 2012-04-13 22:43 32768 c:\windows2\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-04-13 22:41 . 2012-04-13 22:41 16384 c:\windows2\system32\config\systemprofile\IETldCache\index.dat
+ 2012-04-08 17:28 . 2012-04-13 22:43 32768 c:\windows2\system32\config\systemprofile\Cookies\index.dat
+ 2004-08-03 22:56 . 2009-08-06 23:24 96480 c:\windows2\system32\cdm.dll
+ 2009-08-06 23:24 . 2009-08-06 23:24 44768 c:\windows2\SoftwareDistribution\WebSetup\wups2.dll
+ 2009-08-06 23:24 . 2009-08-06 23:24 35552 c:\windows2\SoftwareDistribution\WebSetup\wups.dll
+ 2009-08-06 23:24 . 2009-08-06 23:24 53472 c:\windows2\SoftwareDistribution\WebSetup\wuauclt.exe
+ 2009-08-06 23:24 . 2009-08-06 23:24 96480 c:\windows2\SoftwareDistribution\WebSetup\cdm.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 70648 c:\windows2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 91136 c:\windows2\Microsoft.NET\Framework\v3.5\MSBuild.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 41984 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft.VisualC.STLCLR.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 40960 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft.Data.Entity.Build.Tasks.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 89080 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2052.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 92664 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1042.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 95224 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1041.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 89592 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1028.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 84480 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2052.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 94720 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1042.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 97792 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1041.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 84992 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1028.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 97280 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\DeleteTemp.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 95224 c:\windows2\Microsoft.NET\Framework\v3.5\EdmGen.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 78856 c:\windows2\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 41984 c:\windows2\Microsoft.NET\Framework\v3.5\AddInUtil.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 41992 c:\windows2\Microsoft.NET\Framework\v3.5\AddInProcess32.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 41992 c:\windows2\Microsoft.NET\Framework\v3.5\AddInProcess.exe
+ 2008-07-30 02:10 . 2008-07-30 02:10 46104 c:\windows2\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2008-07-30 00:59 . 2008-07-30 00:59 32768 c:\windows2\Microsoft.NET\Framework\v3.0\WPF\PresentationCFFRasterizer.dll
+ 2008-07-30 02:10 . 2008-07-30 02:10 71160 c:\windows2\Microsoft.NET\Framework\v3.0\WPF\PenIMC.dll
+ 2008-07-30 00:32 . 2008-07-30 00:32 17448 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerformanceCounterInstaller.exe
+ 2008-07-30 00:16 . 2008-07-30 00:16 32768 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.WasHosting.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 73728 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 20504 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceMonikerSupport.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 11280 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 37896 c:\windows2\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 81400 c:\windows2\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2008-07-25 16:17 . 2008-07-25 16:17 77824 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 57392 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 81920 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 81920 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 81920 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 81920 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 95232 c:\windows2\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 16896 c:\windows2\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 61952 c:\windows2\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 32768 c:\windows2\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 32768 c:\windows2\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 53248 c:\windows2\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 53248 c:\windows2\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 88584 c:\windows2\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 24584 c:\windows2\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 31744 c:\windows2\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 19456 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 69632 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 18944 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 77312 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 94208 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 46592 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 83456 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 69632 c:\windows2\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 69632 c:\windows2\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 97792 c:\windows2\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 12800 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 12800 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 32768 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 32768 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 28672 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 28672 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 77824 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 36864 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 36864 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 40960 c:\windows2\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 40960 c:\windows2\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 72192 c:\windows2\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 72192 c:\windows2\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 65032 c:\windows2\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 28672 c:\windows2\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 28672 c:\windows2\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 77824 c:\windows2\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 18936 c:\windows2\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 62968 c:\windows2\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 35320 c:\windows2\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 69120 c:\windows2\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 27136 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Culture.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 13312 c:\windows2\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 13312 c:\windows2\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 80376 c:\windows2\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 89608 c:\windows2\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 33792 c:\windows2\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 34312 c:\windows2\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 33288 c:\windows2\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 24576 c:\windows2\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 84480 c:\windows2\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 33800 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 17416 c:\windows2\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 22024 c:\windows2\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 36864 c:\windows2\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 36864 c:\windows2\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 58880 c:\windows2\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 98808 c:\windows2\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 10752 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 10752 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 13824 c:\windows2\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 28672 c:\windows2\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 96768 c:\windows2\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2012-03-24 19:47 . 2012-03-24 19:47 22016 c:\windows2\Installer\2ad45f.msi
+ 2008-07-30 04:07 . 2008-07-30 04:07 23040 c:\windows2\Installer\1fa87d3.msp
+ 2011-12-24 07:53 . 2011-12-24 07:53 88576 c:\windows2\Installer\1f65b00.msi
+ 2012-03-22 23:49 . 2012-03-22 23:49 34632 c:\windows2\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 23040 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 23040 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 61440 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 61440 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 27136 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 27136 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 11264 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 11264 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 86016 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 86016 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 12288 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 12288 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2010-10-10 20:26 . 2010-10-10 20:26 49152 c:\windows2\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-10-10 20:26 . 2012-03-01 03:55 49152 c:\windows2\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-12-26 21:24 . 2011-12-26 21:24 27136 c:\windows2\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 17304 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 35736 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 88992 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 94608 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 49064 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 17824 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 63912 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 64928 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 63384 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 89088 c:\windows2\Driver Cache\i386\filterpipelineprintproc.dll
+ 2011-12-24 08:00 . 2011-12-24 08:00 60928 c:\windows2\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\8f5c0e1b77c840d99a68897898317b79\UIAutomationProvider.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 37888 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\b5a285233229bb4f9d9831ebf27fe9ac\System.Windows.Presentation.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 36864 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\17e2a7113434da494a846a8f4e4ac5e9\System.Web.DynamicData.Design.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 94208 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\a8e047504bdad9ec14efd483574b0dd5\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 82944 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f2b48eab657b4ef1d19dac11bdf0c913\System.AddIn.Contract.ni.dll
+ 2011-12-24 07:58 . 2011-12-24 07:58 47104 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\9469981a17c01dd154c540127e678b35\PresentationFontCache.ni.exe
+ 2011-12-24 07:58 . 2011-12-24 07:58 39424 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\487c1bc20f6e73e8e79503898d17d102\PresentationCFFRasterizer.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 55296 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\28ea74096df47800fe2c78bb2b9a4f2a\Microsoft.Vsa.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 74752 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\66359457e427c0d547750a79f754f9ba\Microsoft.Build.Framework.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 65024 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\36dbc4689f7c51e393504230004c9dec\Microsoft.Build.Framework.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 14336 c:\windows2\assembly\NativeImages_v2.0.50727_32\dfsvc\a2865dcec9c5d3cc9c55f026cbad6fcc\dfsvc.ni.exe
+ 2011-12-24 08:02 . 2011-12-24 08:02 25600 c:\windows2\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 94208 c:\windows2\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 98304 c:\windows2\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 40960 c:\windows2\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 12288 c:\windows2\assembly\GAC_MSIL\System.Windows.Presentation\3.5.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 61440 c:\windows2\assembly\GAC_MSIL\System.Web.Routing\3.5.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 77824 c:\windows2\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 32768 c:\windows2\assembly\GAC_MSIL\System.Web.DynamicData.Design\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 77824 c:\windows2\assembly\GAC_MSIL\System.Web.Abstractions\3.5.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 32768 c:\windows2\assembly\GAC_MSIL\System.ServiceModel.WasHosting\3.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 73728 c:\windows2\assembly\GAC_MSIL\System.ServiceModel.Install\3.0.0.0__b77a5c561934e089\System.ServiceModel.Install.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 81920 c:\windows2\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 81920 c:\windows2\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 53248 c:\windows2\assembly\GAC_MSIL\System.Data.DataSetExtensions\3.5.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 81920 c:\windows2\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 81920 c:\windows2\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 57344 c:\windows2\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\3.5.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 45056 c:\windows2\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 46104 c:\windows2\assembly\GAC_MSIL\PresentationFontCache\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe
+ 2011-12-24 07:55 . 2011-12-24 07:55 32768 c:\windows2\assembly\GAC_MSIL\PresentationCFFRasterizer\3.0.0.0__31bf3856ad364e35\PresentationCFFRasterizer.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 32768 c:\windows2\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 32768 c:\windows2\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 12800 c:\windows2\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 12800 c:\windows2\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 41984 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\1.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 28672 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 28672 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 77824 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 94208 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Utilities.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v3.5.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 36864 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Framework\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 36864 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 36864 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 77824 c:\windows2\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 13312 c:\windows2\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 13312 c:\windows2\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 10752 c:\windows2\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 10752 c:\windows2\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 72192 c:\windows2\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 72192 c:\windows2\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 69120 c:\windows2\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 8192 c:\windows2\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2011-12-24 05:44 . 2001-08-17 19:02 9600 c:\windows2\system32\drivers\hidusb.sys
+ 2011-12-24 05:44 . 2001-08-17 19:02 9600 c:\windows2\system32\dllcache\hidusb.sys
+ 2012-04-13 22:43 . 2012-04-13 22:43 5120 c:\windows2\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{0AD3ACBB-85BA-11E1-866A-001D09B48724}.dat
+ 2012-04-13 22:43 . 2012-04-13 22:43 4608 c:\windows2\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1EE11F53-85BA-11E1-866A-001D09B48724}.dat
+ 2012-04-13 22:43 . 2012-04-13 22:43 4608 c:\windows2\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0AD3ACBC-85BA-11E1-866A-001D09B48724}.dat
+ 2008-07-30 04:40 . 2008-07-30 04:40 5632 c:\windows2\Microsoft.NET\Framework\v3.5\Sentinel.v3.5Client.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 7168 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 7168 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
- 2005-09-23 11:29 . 2005-09-23 11:29 5632 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 5632 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 6656 c:\windows2\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 8192 c:\windows2\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 8192 c:\windows2\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 9728 c:\windows2\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2005-09-23 11:28 . 2005-09-23 11:28 9728 c:\windows2\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 5120 c:\windows2\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 4096 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 4096 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-12-24 07:56 . 2011-12-24 07:56 5632 c:\windows2\assembly\GAC_MSIL\Sentinel.v3.5Client\3.5.0.0__b03f5f7f11d50a3a\Sentinel.v3.5Client.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 7168 c:\windows2\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 7168 c:\windows2\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 5632 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 5632 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 6656 c:\windows2\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 8192 c:\windows2\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 8192 c:\windows2\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 113664 c:\windows2\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 258048 c:\windows2\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 258048 c:\windows2\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 161784 c:\windows2\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
+ 2009-02-25 19:13 . 2009-02-25 19:13 626688 c:\windows2\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2009-02-25 19:13 . 2009-02-25 19:13 548864 c:\windows2\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2009-02-25 19:13 . 2009-02-25 19:13 479232 c:\windows2\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2011-05-14 06:17 . 2011-05-14 06:17 632656 c:\windows2\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
+ 2011-05-14 06:12 . 2011-05-14 06:12 554832 c:\windows2\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
+ 2011-05-14 06:11 . 2011-05-14 06:11 479232 c:\windows2\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcm80.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 635904 c:\windows2\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 558080 c:\windows2\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 479232 c:\windows2\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcm80.dll
+ 2012-04-14 05:03 . 2012-04-14 05:03 210984 c:\windows2\temp\mjhpcwujngclswtnpqh.exe
+ 2011-08-04 00:30 . 2011-05-30 13:42 240640 c:\windows2\system32\xvidvfw.dll
+ 2011-08-04 00:30 . 2011-05-23 07:46 645632 c:\windows2\system32\xvidcore.dll
+ 2008-07-30 02:26 . 2008-07-30 02:26 301568 c:\windows2\system32\XPSViewer\XPSViewer.exe
+ 2011-12-24 07:54 . 2008-07-06 12:06 575488 c:\windows2\system32\xpsshhdr.dll
+ 2010-09-20 02:24 . 2009-08-06 23:23 209624 c:\windows2\system32\wuweb.dll
+ 2010-09-20 02:24 . 2009-08-06 23:24 327896 c:\windows2\system32\wucltui.dll
+ 2010-09-20 02:24 . 2009-08-06 23:23 575704 c:\windows2\system32\wuapi.dll
+ 2008-07-30 00:59 . 2008-07-30 00:59 161296 c:\windows2\system32\UIAutomationCore.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 765440 c:\windows2\system32\spool\XPSEP\i386\mxdwdrv.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 765440 c:\windows2\system32\spool\XPSEP\i386\i386\mxdwdrv.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 748032 c:\windows2\system32\spool\XPSEP\amd64\mxdwdrv.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 748032 c:\windows2\system32\spool\XPSEP\amd64\amd64\mxdwdrv.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 147456 c:\windows2\system32\spool\prtprocs\x64\filterpipelineprintproc.dll
+ 2011-12-24 07:54 . 2008-07-06 10:50 597504 c:\windows2\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
+ 2011-12-24 07:54 . 2008-03-13 04:52 761344 c:\windows2\system32\spool\drivers\w32x86\3\unires.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 744960 c:\windows2\system32\spool\drivers\w32x86\3\unidrvui.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 373248 c:\windows2\system32\spool\drivers\w32x86\3\unidrv.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 198656 c:\windows2\system32\spool\drivers\w32x86\3\mxdwdui.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 765440 c:\windows2\system32\spool\drivers\w32x86\3\mxdwdrv.dll
+ 2012-04-08 16:23 . 2009-08-06 23:23 575704 c:\windows2\system32\SoftwareDistribution\Setup\ServiceStartup\wuapi.dll\7.4.7600.226\wuapi.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 117760 c:\windows2\system32\prntvpt.dll
+ 2008-07-30 00:59 . 2008-07-30 00:59 781344 c:\windows2\system32\PresentationNative_v0300.dll
+ 2008-07-30 01:35 . 2008-07-30 01:35 326160 c:\windows2\system32\PresentationHost.exe
+ 2008-07-30 00:59 . 2008-07-30 00:59 105016 c:\windows2\system32\PresentationCFFRasterizerNative_v0300.dll
+ 2001-08-23 12:00 . 2012-04-14 05:40 437144 c:\windows2\system32\perfh009.dat
+ 2012-04-02 02:04 . 2012-04-02 02:04 353440 c:\windows2\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
+ 2012-04-02 02:04 . 2012-04-02 02:04 424608 c:\windows2\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.dll
+ 2012-04-02 02:04 . 2012-04-02 02:04 253600 c:\windows2\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-10-27 04:33 . 2011-10-03 09:06 157472 c:\windows2\system32\javaws.exe
- 2010-12-26 21:43 . 2010-11-12 23:53 157472 c:\windows2\system32\javaws.exe
+ 2011-10-27 04:33 . 2011-10-03 09:06 145184 c:\windows2\system32\javaw.exe
- 2010-12-26 21:43 . 2010-11-12 23:53 145184 c:\windows2\system32\javaw.exe
+ 2011-10-27 04:33 . 2011-10-03 09:06 145184 c:\windows2\system32\java.exe
- 2010-12-26 21:43 . 2010-11-12 23:53 145184 c:\windows2\system32\java.exe
+ 2008-07-30 00:24 . 2008-07-30 00:24 622080 c:\windows2\system32\icardagt.exe
+ 2010-04-09 05:26 . 2010-04-09 05:26 277240 c:\windows2\system32\guard32.dll
+ 2010-09-19 20:26 . 2012-04-03 02:17 267800 c:\windows2\system32\FNTCACHE.DAT
+ 2008-07-30 02:10 . 2008-07-30 02:10 493048 c:\windows2\system32\evr.dll
+ 2010-04-09 05:25 . 2010-04-09 05:25 225344 c:\windows2\system32\drivers\cmdGuard.sys
+ 2011-08-31 04:05 . 2011-08-31 04:05 178536 c:\windows2\system32\dnssdX.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 575488 c:\windows2\system32\dllcache\xpsshhdr.dll
+ 2010-09-20 02:24 . 2009-08-06 23:23 209624 c:\windows2\system32\dllcache\wuweb.dll
+ 2010-09-20 02:24 . 2009-08-06 23:24 327896 c:\windows2\system32\dllcache\wucltui.dll
+ 2010-09-20 02:24 . 2009-08-06 23:23 575704 c:\windows2\system32\dllcache\wuapi.dll
+ 2011-12-24 07:54 . 2008-07-06 10:50 597504 c:\windows2\system32\dllcache\printfilterpipelinesvc.exe
- 2010-09-29 02:04 . 2010-11-12 23:53 472808 c:\windows2\system32\deployJava1.dll
+ 2010-09-29 02:04 . 2011-10-03 09:06 472808 c:\windows2\system32\deployJava1.dll
+ 2009-08-06 23:24 . 2009-08-06 23:24 327896 c:\windows2\SoftwareDistribution\WebSetup\wucltui.dll
+ 2009-08-06 23:23 . 2009-08-06 23:23 575704 c:\windows2\SoftwareDistribution\WebSetup\wuapi.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 196104 c:\windows2\Microsoft.NET\Framework\v3.5\WFServicesReg.exe
+ 2008-07-30 04:40 . 2008-07-30 04:40 802816 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft.Build.Tasks.v3.5.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 984056 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapUI.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 107512 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 111096 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.3082.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 110072 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.2070.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 106488 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1055.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 105976 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1053.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 107000 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1049.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 107512 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1046.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 109048 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1045.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 106488 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1044.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 108536 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1043.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 110072 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1040.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 111096 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1038.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 101368 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1037.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 112120 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1036.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 106488 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1035.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 113656 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1032.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 111608 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1031.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 108536 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1030.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 108536 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1029.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 102904 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\WapRes.1025.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 689152 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsscenario.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 413184 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vsbasereqs.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 632320 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs70uimgr.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 652800 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2008-07-29 23:47 . 2008-07-29 23:47 110080 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 131584 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.3082.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 131072 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.2070.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 121344 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1055.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 121344 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1053.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 123904 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1049.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 122880 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1046.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 128512 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1045.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 121856 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1044.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 129024 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1043.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 128512 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1040.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 132096 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1038.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 111104 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1037.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 133120 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1036.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 122368 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1035.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 137728 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1032.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 130048 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1031.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 126464 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1030.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 125440 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1029.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 113152 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setupres.1025.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 269304 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
+ 2008-07-29 23:47 . 2008-07-29 23:47 177152 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\HtmlLite.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 276984 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\dlmgr.dll
+ 2008-07-30 04:15 . 2008-07-30 04:15 225490 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\baseline.dat
+ 2008-07-30 04:40 . 2008-07-30 04:40 233976 c:\windows2\Microsoft.NET\Framework\v3.5\1033\vbc7ui.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 168448 c:\windows2\Microsoft.NET\Framework\v3.5\1033\cscompui.dll
+ 2008-07-30 01:35 . 2008-07-30 01:35 864256 c:\windows2\Microsoft.NET\Framework\v3.0\WPF\PresentationUI.dll
+ 2008-07-30 00:59 . 2008-07-30 00:59 132120 c:\windows2\Microsoft.NET\Framework\v3.0\WPF\PresentationHostDLL.dll
+ 2008-07-30 02:10 . 2008-07-30 02:10 806928 c:\windows2\Microsoft.NET\Framework\v3.0\WPF\NaturalLanguage6.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 152576 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2008-07-30 00:16 . 2008-07-30 00:16 966656 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 132096 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2008-07-30 00:16 . 2008-07-30 00:16 110592 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMdiagnostics.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 156688 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2008-07-30 00:16 . 2008-07-30 00:16 163840 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.Dtc.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 397312 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\Microsoft.Transactions.Bridge.dll
+ 2008-07-30 00:24 . 2008-07-30 00:24 881664 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2008-07-30 00:16 . 2008-07-30 00:16 168968 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 438272 c:\windows2\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 839680 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 835584 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 835584 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 261632 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 114688 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 114688 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 258048 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 131072 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 131072 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 303104 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 258048 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 372736 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 113664 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 258048 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 258048 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 626688 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 188416 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 188416 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 401408 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 970752 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 745472 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 486400 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 425984 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 110592 c:\windows2\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 110592 c:\windows2\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 392184 c:\windows2\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 118784 c:\windows2\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 143360 c:\windows2\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 100856 c:\windows2\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 230912 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 345600 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 114176 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 367104 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 308224 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 998408 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 659456 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
- 2005-09-23 11:29 . 2005-09-23 11:29 372736 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 372736 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
- 2005-09-23 11:29 . 2005-09-23 11:29 110592 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 110592 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 749568 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 655360 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 348160 c:\windows2\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 230904 c:\windows2\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 798224 c:\windows2\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 575496 c:\windows2\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 106496 c:\windows2\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 106496 c:\windows2\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 507904 c:\windows2\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
- 2005-09-23 11:28 . 2005-09-23 11:28 106496 c:\windows2\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 16:16 . 2008-07-25 16:16 106496 c:\windows2\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 147968 c:\windows2\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 218112 c:\windows2\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 193016 c:\windows2\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 145408 c:\windows2\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll

furyofdawolfx

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2009-12-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on Sat 14 Apr 2012, 5:25 pm

+ 2012-04-13 10:29 . 2012-04-13 10:29 969728 c:\windows2\Installer\d309b.msi
+ 2011-10-27 05:03 . 2011-10-27 05:03 203776 c:\windows2\Installer\d056c4.msi
+ 2012-03-22 23:48 . 2012-03-22 23:48 381440 c:\windows2\Installer\a5165.msi
+ 2011-12-24 07:56 . 2011-12-24 07:56 648192 c:\windows2\Installer\1fbebeb.msi
+ 2008-07-30 04:23 . 2008-07-30 04:23 250880 c:\windows2\Installer\1fa87dc.msp
+ 2008-07-30 04:28 . 2008-07-30 04:28 278016 c:\windows2\Installer\1fa87da.msp
+ 2008-07-30 02:40 . 2008-07-30 02:40 291840 c:\windows2\Installer\1fa87d8.msp
+ 2011-12-24 07:56 . 2011-12-24 07:56 137728 c:\windows2\Installer\1fa87d2.msi
+ 2008-07-30 00:35 . 2008-07-30 00:35 553472 c:\windows2\Installer\1f65b05.msp
+ 2008-07-30 00:33 . 2008-07-30 00:33 506368 c:\windows2\Installer\1f65b03.msp
+ 2008-07-30 00:37 . 2008-07-30 00:37 911360 c:\windows2\Installer\1f65b02.msp
+ 2011-12-24 07:44 . 2011-12-24 07:44 228352 c:\windows2\Installer\1f07b23.msi
+ 2011-04-24 05:43 . 2011-04-24 05:43 677376 c:\windows2\Installer\149ac.msi
+ 2011-12-26 22:41 . 2011-12-26 22:41 380928 c:\windows2\Installer\{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}\iTunesIco.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 409600 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 409600 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 286720 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 286720 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 249856 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 249856 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 794624 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 794624 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 135168 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 135168 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-09-26 23:27 . 2012-04-02 03:24 593920 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2010-09-26 23:27 . 2010-09-26 23:27 593920 c:\windows2\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 249232 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 394136 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 103848 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 183696 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 104344 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 102808 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 755088 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 296344 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 205720 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2011-12-24 07:54 . 2008-03-13 04:52 761344 c:\windows2\Driver Cache\i386\unires.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 744960 c:\windows2\Driver Cache\i386\unidrvui.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 373248 c:\windows2\Driver Cache\i386\unidrv.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 198656 c:\windows2\Driver Cache\i386\mxdwdui.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 765440 c:\windows2\Driver Cache\i386\mxdwdrv.dll
+ 2011-12-24 08:01 . 2011-12-24 08:01 321024 c:\windows2\assembly\NativeImages_v2.0.50727_32\WsatConfig\7d2a3adbdcb675f872eb2dbf21f73596\WsatConfig.ni.exe
+ 2011-12-24 08:00 . 2011-12-24 08:00 239616 c:\windows2\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\a18dff8832712a0f6cccaaefbcc45861\WindowsFormsIntegration.ni.dll
+ 2011-12-24 08:00 . 2011-12-24 08:00 187904 c:\windows2\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\dbb2fcd246efaf3df823410597cd1677\UIAutomationTypes.ni.dll
+ 2011-12-24 08:00 . 2011-12-24 08:00 447488 c:\windows2\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\d255ab525d10d8fefe5df9ba092b2df8\UIAutomationClient.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 400896 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\8c0d96269480bdd3de8a825f0215308d\System.Xml.Linq.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 129536 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\18e1acd6761195389db42bab83169fd2\System.Web.Routing.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 202240 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\70764208219715962d310336b5959dfa\System.Web.RegularExpressions.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 858112 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f288f2cb75465c0f45154079365af9e8\System.Web.Extensions.Design.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 328192 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bbdc5cb2f2f92fd610de7331d748193a\System.Web.Entity.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 301056 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ca1ce755bb49324c7d275c426188a28f\System.Web.Entity.Design.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 542720 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\aff5e0fa23e49ee75e458408c1f66da2\System.Web.DynamicData.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 141312 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\fbe60d84b9f1ab74e396fb1507f69615\System.Web.Abstractions.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 627200 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Transactions\12903c3843fe923d1977801ffa3cf26c\System.Transactions.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 212992 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a9e71dda6389403be4db7b567592e3b8\System.ServiceProcess.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 676352 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Security\0418eb6dbffe9b46aa4c989153d6a3b5\System.Security.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 311296 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\01dc643b54310ebc5ab7e4696df426bc\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 620032 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Net\eabe1915c13467e1e66e2b073bcb842f\System.Net.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 997888 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Management\894d87c08a9a5b5923e7104055a616d2\System.Management.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 330752 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Management.I#\1db9deebde7c96b2874b4ffccac2f48e\System.Management.Instrumentation.ni.dll
+ 2011-12-24 08:01 . 2011-12-24 08:01 381440 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.IO.Log\bcfccfa22245d2223a764611c61a7cb9\System.IO.Log.ni.dll
+ 2011-12-24 08:01 . 2011-12-24 08:01 212992 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\be8c7482f1e78a3b4984af9082d455a7\System.IdentityModel.Selectors.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 280064 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.Wrapper.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 627712 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5f9cd5bfebcb94175d440ebab3aa412f\System.EnterpriseServices.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 208384 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\5f5d64dd0e7991aaaad2d98ee52afe42\System.Drawing.Design.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 880640 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\c205bbbb88bfa4bd5e274f43ea0013cb\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 455680 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\44de75caba2b9711b3d9030a30767f8b\System.DirectoryServices.Protocols.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 939520 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\d3aed340a6562196ca40978556fb29d1\System.Data.Services.Client.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 354816 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\3cb9c5203e50cb6af99b163522e9357c\System.Data.Services.Design.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 755200 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\9867484f25281882e61f61066fa651a3\System.Data.Entity.Design.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 135680 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4f4ddae492a4a4ce4a2961f3d72d9399\System.Data.DataSetExtensions.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 970752 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 140800 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\22a1629a4dcdd493bbd8be40cc122e94\System.Configuration.Install.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 632832 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.AddIn\b01721205312c6c18df033cc47b60e5c\System.AddIn.ni.dll
+ 2011-12-24 08:01 . 2011-12-24 08:01 365056 c:\windows2\assembly\NativeImages_v2.0.50727_32\SMSvcHost\b9c1a29e684bc02e49226ff1e9eec253\SMSvcHost.ni.exe
+ 2011-12-24 08:01 . 2011-12-24 08:01 255488 c:\windows2\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\2e19ccefc30d7b827bab3f7d8dcc0ab9\SMDiagnostics.ni.dll
+ 2011-12-24 08:01 . 2011-12-24 08:01 319488 c:\windows2\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\6781b87c8d3b55e6120b1e86bea6e040\ServiceModelReg.ni.exe
+ 2011-12-24 07:59 . 2011-12-24 07:59 224768 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ef1a93d10c3a91b728745dbfcc79c2c7\PresentationFramework.Classic.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 539648 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b4dc4bd8534d90fbb7430926ad990cd9\PresentationFramework.Luna.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 368128 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9e71fd0d299c5668c96a54e4a63479fa\PresentationFramework.Aero.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 258048 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\79c2fd29b1e46c943960278051b4e1b9\PresentationFramework.Royale.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 133632 c:\windows2\assembly\NativeImages_v2.0.50727_32\MSBuild\87c84ffaaad81d8d106a9aa9d68b5926\MSBuild.ni.exe
+ 2011-12-24 08:01 . 2011-12-24 08:01 386560 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\539e297cc9bc67fbf2fbdc9dc5fcd0f1\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 144384 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\43dceeb2d0601d79af40752fb20283c2\Microsoft.Build.Utilities.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 175104 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\28eede53267524df58362a75a668cf86\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 838656 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\daf5ff5e06c80eefa80c6fcc79aec963\Microsoft.Build.Engine.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 222720 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\c5c4db4f9bc7a454e9cfc2548a9d45a5\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 220672 c:\windows2\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e148983beeb0f30918b0564849a16456\CustomMarshalers.ni.dll
+ 2011-12-24 08:01 . 2011-12-24 08:01 409600 c:\windows2\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\19b50dd470540911fc5cc65331a769e4\ComSvcConfig.ni.exe
+ 2011-12-24 08:02 . 2011-12-24 08:02 842240 c:\windows2\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\c7ffd8c23e8de4018a88185b3b60631e\AspNetMMCExt.ni.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 385024 c:\windows2\assembly\GAC_MSIL\UIAutomationClientsideProviders\3.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 167936 c:\windows2\assembly\GAC_MSIL\UIAutomationClient\3.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 139264 c:\windows2\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 507904 c:\windows2\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 540672 c:\windows2\assembly\GAC_MSIL\System.Workflow.Runtime\3.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 839680 c:\windows2\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 835584 c:\windows2\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 835584 c:\windows2\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 335872 c:\windows2\assembly\GAC_MSIL\System.Web.Extensions.Design\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 139264 c:\windows2\assembly\GAC_MSIL\System.Web.Entity\3.5.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 131072 c:\windows2\assembly\GAC_MSIL\System.Web.Entity.Design\3.5.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 225280 c:\windows2\assembly\GAC_MSIL\System.Web.DynamicData\3.5.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 688128 c:\windows2\assembly\GAC_MSIL\System.Speech\3.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 114688 c:\windows2\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 114688 c:\windows2\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 569344 c:\windows2\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 258048 c:\windows2\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 258048 c:\windows2\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 966656 c:\windows2\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 131072 c:\windows2\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 131072 c:\windows2\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 303104 c:\windows2\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 233472 c:\windows2\assembly\GAC_MSIL\System.Net\3.5.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 258048 c:\windows2\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 258048 c:\windows2\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 372736 c:\windows2\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 143360 c:\windows2\assembly\GAC_MSIL\System.Management.Instrumentation\3.5.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 131072 c:\windows2\assembly\GAC_MSIL\System.IO.Log\3.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 430080 c:\windows2\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 126976 c:\windows2\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 626688 c:\windows2\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 401408 c:\windows2\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 188416 c:\windows2\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 188416 c:\windows2\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 286720 c:\windows2\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 970752 c:\windows2\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 745472 c:\windows2\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 442368 c:\windows2\assembly\GAC_MSIL\System.Data.Services\3.5.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 114688 c:\windows2\assembly\GAC_MSIL\System.Data.Services.Design\3.5.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 294912 c:\windows2\assembly\GAC_MSIL\System.Data.Services.Client\3.5.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 684032 c:\windows2\assembly\GAC_MSIL\System.Data.Linq\3.5.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 229376 c:\windows2\assembly\GAC_MSIL\System.Data.Entity.Design\3.5.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 667648 c:\windows2\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 425984 c:\windows2\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 163840 c:\windows2\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 110592 c:\windows2\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 110592 c:\windows2\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 110592 c:\windows2\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMdiagnostics.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 528384 c:\windows2\assembly\GAC_MSIL\ReachFramework\3.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 864256 c:\windows2\assembly\GAC_MSIL\PresentationUI\3.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 163840 c:\windows2\assembly\GAC_MSIL\PresentationFramework.Royale\3.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 397312 c:\windows2\assembly\GAC_MSIL\PresentationFramework.Luna\3.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 139264 c:\windows2\assembly\GAC_MSIL\PresentationFramework.Classic\3.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 196608 c:\windows2\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 598016 c:\windows2\assembly\GAC_MSIL\PresentationBuildTasks\3.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 659456 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 372736 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 372736 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 110592 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 110592 c:\windows2\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 397312 c:\windows2\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 749568 c:\windows2\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 655360 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 802816 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Tasks.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v3.5.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 733184 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Engine\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 348160 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 106496 c:\windows2\assembly\GAC_MSIL\Microsoft.Build.Conversion.v3.5\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v3.5.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 507904 c:\windows2\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 261632 c:\windows2\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 368640 c:\windows2\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 113664 c:\windows2\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-10-17 02:00 . 2010-10-17 02:00 258048 c:\windows2\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 258048 c:\windows2\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 486400 c:\windows2\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 163840 c:\windows2\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 1162744 c:\windows2\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 1156600 c:\windows2\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 1676288 c:\windows2\system32\xpssvcs.dll
+ 2010-09-20 02:24 . 2009-08-06 23:23 1929952 c:\windows2\system32\wuaueng.dll
+ 2010-09-29 01:00 . 2011-08-02 22:38 4517664 c:\windows2\system32\usbaaplrc.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 1676288 c:\windows2\system32\spool\XPSEP\i386\xpssvcs.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 1676288 c:\windows2\system32\spool\XPSEP\i386\i386\xpssvcs.dll
+ 2011-12-24 07:54 . 2008-07-06 22:36 2936832 c:\windows2\system32\spool\XPSEP\amd64\xpssvcs.dll
+ 2011-12-24 07:54 . 2008-07-06 22:36 2936832 c:\windows2\system32\spool\XPSEP\amd64\amd64\xpssvcs.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 1676288 c:\windows2\system32\spool\drivers\w32x86\3\XpsSvcs.dll
+ 2009-08-19 21:07 . 2009-08-19 21:07 1415000 c:\windows2\system32\msxml6.dll
+ 2011-12-26 22:36 . 2011-08-02 22:38 4517664 c:\windows2\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaaplrc.dll
+ 2011-12-26 22:36 . 2010-04-20 00:29 1461992 c:\windows2\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\wdfcoinstaller01009.dll
+ 2011-12-24 07:54 . 2008-07-06 12:06 1676288 c:\windows2\system32\dllcache\xpssvcs.dll
+ 2010-09-20 02:24 . 2009-08-06 23:23 1929952 c:\windows2\system32\dllcache\wuaueng.dll
+ 2009-08-06 23:23 . 2009-08-06 23:23 1929952 c:\windows2\SoftwareDistribution\WebSetup\wuaueng.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 1720824 c:\windows2\Microsoft.NET\Framework\v3.5\vbc.exe
+ 2008-07-29 23:47 . 2008-07-29 23:47 1054208 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 1364992 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\SITSetup.dll
+ 2008-07-29 23:47 . 2008-07-29 23:47 1064448 c:\windows2\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\gencomp.dll
+ 2008-07-30 04:40 . 2008-07-30 04:40 1548280 c:\windows2\Microsoft.NET\Framework\v3.5\csc.exe
+ 2008-07-30 00:59 . 2008-07-30 00:59 1738760 c:\windows2\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
+ 2008-07-30 02:10 . 2008-07-30 02:10 2637840 c:\windows2\Microsoft.NET\Framework\v3.0\WPF\NlsLexicons0009.dll
+ 2008-07-30 02:10 . 2008-07-30 02:10 4883464 c:\windows2\Microsoft.NET\Framework\v3.0\WPF\NlsData0009.dll
+ 2008-07-30 00:16 . 2008-07-30 00:16 5931008 c:\windows2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.ServiceModel.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 1344000 c:\windows2\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 1172472 c:\windows2\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2008-07-25 16:17 . 2008-07-25 16:17 2048000 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 5025792 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 5238784 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 3149824 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 5062656 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 2933248 c:\windows2\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 5815296 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2008-07-25 16:17 . 2008-07-25 16:17 4546560 c:\windows2\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2008-07-25 16:16 . 2008-07-25 16:16 1163768 c:\windows2\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2011-12-26 22:41 . 2011-12-26 22:41 5651456 c:\windows2\Installer\966a6.msi
+ 2011-12-26 22:36 . 2011-12-26 22:36 1717248 c:\windows2\Installer\95e05.msi
+ 2011-12-26 22:35 . 2011-12-26 22:35 2002432 c:\windows2\Installer\95da8.msi
+ 2012-04-09 01:02 . 2012-04-09 01:03 3651072 c:\windows2\Installer\8ddee.msi
+ 2012-04-09 00:58 . 2012-04-09 00:58 1516544 c:\windows2\Installer\8dde9.msi
+ 2011-07-11 03:11 . 2011-07-11 03:11 2295808 c:\windows2\Installer\67189.msi
+ 2011-12-26 21:24 . 2011-12-26 21:24 1769984 c:\windows2\Installer\526f7.msi
+ 2011-12-26 21:32 . 2011-12-26 21:32 9474048 c:\windows2\Installer\33da8.msi
+ 2011-12-26 21:29 . 2011-12-26 21:29 1530368 c:\windows2\Installer\33ad0.msi
+ 2008-07-30 02:26 . 2008-07-30 02:26 1043456 c:\windows2\Installer\1fa87db.msp
+ 2008-07-30 03:37 . 2008-07-30 03:37 2679808 c:\windows2\Installer\1fa87d9.msp
+ 2008-07-30 04:15 . 2008-07-30 04:15 3697664 c:\windows2\Installer\1fa87d7.msp
+ 2008-07-30 02:34 . 2008-07-30 02:34 1448448 c:\windows2\Installer\1fa87d6.msp
+ 2008-07-30 03:22 . 2008-07-30 03:22 4137984 c:\windows2\Installer\1fa87d5.msp
+ 2008-07-30 02:18 . 2008-07-30 02:18 3376640 c:\windows2\Installer\1fa87d4.msp
+ 2008-07-30 00:45 . 2008-07-30 00:45 2543616 c:\windows2\Installer\1f65b09.msp
+ 2008-07-30 00:29 . 2008-07-30 00:29 2926080 c:\windows2\Installer\1f65b08.msp
+ 2008-07-30 00:41 . 2008-07-30 00:41 6487040 c:\windows2\Installer\1f65b07.msp
+ 2008-07-30 00:39 . 2008-07-30 00:39 3403264 c:\windows2\Installer\1f65b06.msp
+ 2008-07-30 00:43 . 2008-07-30 00:43 1013248 c:\windows2\Installer\1f65b04.msp
+ 2008-07-30 00:31 . 2008-07-30 00:31 6083072 c:\windows2\Installer\1f65b01.msp
+ 2011-06-06 16:55 . 2011-06-06 16:55 2215312 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 1189004 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 16:55 . 2011-06-06 16:55 6543768 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 1240992 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 1480600 c:\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2011-12-24 07:58 . 2011-12-24 07:58 3311104 c:\windows2\assembly\NativeImages_v2.0.50727_32\WindowsBase\df20e56b59b1b1a595af305ddc0777ba\WindowsBase.ni.dll
+ 2011-12-24 08:00 . 2011-12-24 08:00 1049600 c:\windows2\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\8698f073a59ef0db10a3258b1f1deaee\UIAutomationClientsideProviders.ni.dll
+ 2011-12-24 07:58 . 2011-12-24 07:58 7867392 c:\windows2\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
+ 2011-12-24 08:00 . 2011-12-24 08:00 5449728 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 1355264 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\43911ac4e29949c57560eee5cb7b76c2\System.WorkflowServices.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 1904128 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\6d0966370023925610756f368140b947\System.Workflow.Runtime.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 4510720 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\9de33f5786cd15e220f47b916c5a15e9\System.Workflow.ComponentModel.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 2989568 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\d6cc33db5d526553ffbbfd1d372a8493\System.Workflow.Activities.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 1840128 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.Services\1dad08772eb89d48a8a0cfe9b0467eb0\System.Web.Services.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 2209280 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\e5995a34d44ad5af7d9f335075bded4d\System.Web.Mobile.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 2400256 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6a20b64ad8e2aaa2f40d67ff01fcc708\System.Web.Extensions.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 1912832 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Speech\2e7a6c977ac9f8d46ebe2982697a0c8d\System.Speech.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 1705984 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\a3adabee8e63dc76f65710a9c32175fc\System.ServiceModel.Web.ni.dll
+ 2011-12-24 08:01 . 2011-12-24 08:01 2338304 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\bb748f8ef8c98eb5c7f79b8faee95397\System.Runtime.Serialization.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 1035264 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Printing\db428f231a2ccaf490ae219efd2edc69\System.Printing.ni.dll
+ 2011-12-24 08:01 . 2011-12-24 08:01 1056768 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\94b2ca600c860c76e387f8bd317bd4c3\System.IdentityModel.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 1587200 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 1116672 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6bcc481030a56c24d5990d199812c594\System.DirectoryServices.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 1800704 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Deployment\df1efcbac5973454c608890f72eb994d\System.Deployment.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 6614016 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 2508800 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\0ec1b690c5ee057fa92ecff78de1457c\System.Data.SqlXml.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 1326080 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data.Services\6f298259c87cc6c7318d931f52f053c5\System.Data.Services.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 2510848 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\fa206c73f39721cd2c55829b9853de44\System.Data.Linq.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 9903104 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\8c050147d7031f912f6ca2b15550173f\System.Data.Entity.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 2294784 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Core\6c69930d05c557da70144bcc0add7065\System.Core.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 2125824 c:\windows2\assembly\NativeImages_v2.0.50727_32\ReachFramework\5c59991df60164cae10fd81b88a8e5b1\ReachFramework.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 1656832 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationUI\87fb973e4ab6a21fd00e45656fa7c115\PresentationUI.ni.dll
+ 2011-12-24 07:58 . 2011-12-24 07:58 1451008 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\b6bfb51dec7f8cc42c21c5928470c773\PresentationBuildTasks.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 1711104 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\5b3d048d8c003d743ea5e72caf07773a\Microsoft.VisualBasic.ni.dll
+ 2011-12-24 08:01 . 2011-12-24 08:01 1092608 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\21bb6244c91b6207fbcb038884a641ef\Microsoft.Transactions.Bridge.ni.dll
+ 2011-12-24 08:03 . 2011-12-24 08:03 2332160 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\7d61e63dea85f4f77ea4c13df7651ec7\Microsoft.JScript.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 1965568 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\cd6eeb3d7ea1f65c28a43e665db38644\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 1620480 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\152cf75db013f0523933ac45177b4217\Microsoft.Build.Tasks.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 1886208 c:\windows2\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\ce984d7bbd9a6d5d3cca28c4e5038020\Microsoft.Build.Engine.ni.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 1245184 c:\windows2\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 3149824 c:\windows2\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 2048000 c:\windows2\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 1630208 c:\windows2\assembly\GAC_MSIL\System.Workflow.ComponentModel\3.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 1138688 c:\windows2\assembly\GAC_MSIL\System.Workflow.Activities\3.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 5025792 c:\windows2\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 1277952 c:\windows2\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 5931008 c:\windows2\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 5062656 c:\windows2\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-12-24 07:56 . 2011-12-24 07:56 2879488 c:\windows2\assembly\GAC_MSIL\System.Data.Entity\3.5.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 5283840 c:\windows2\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 5238784 c:\windows2\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 2933248 c:\windows2\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-12-24 07:55 . 2011-12-24 07:55 4210688 c:\windows2\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-12-24 07:52 . 2011-12-24 07:52 4546560 c:\windows2\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-09-05 22:01 . 2011-09-05 22:01 13135872 c:\windows2\Installer\a6020c.msp
+ 2012-01-03 17:58 . 2012-01-03 17:58 15929344 c:\windows2\Installer\99f99c.msp
+ 2011-09-05 22:01 . 2011-09-05 22:01 13135872 c:\windows2\Installer\786d1.msp
+ 2011-05-11 15:22 . 2011-05-11 15:22 20314624 c:\windows2\Installer\49b2bb.msp
+ 2012-03-01 03:54 . 2012-03-01 03:54 23622656 c:\windows2\Installer\47b2d5.msp
+ 2012-04-04 13:32 . 2012-04-04 13:32 16613376 c:\windows2\Installer\2cde7.msp

furyofdawolfx

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2009-12-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on Sat 14 Apr 2012, 5:25 pm

\windows2\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 12428800 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
+ 2011-12-24 08:04 . 2011-12-24 08:04 11791360 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll
+ 2011-12-24 08:02 . 2011-12-24 08:02 17313792 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\d85d9535e91da842fded56869d57790a\System.ServiceModel.ni.dll
+ 2011-12-24 07:59 . 2011-12-24 07:59 10681344 c:\windows2\assembly\NativeImages_v2.0.50727_32\System.Design\204db7071fb26343b0fd3f3d140c0bf8\System.Design.ni.dll
+ 2011-12-24 07:58 . 2011-12-24 07:59 14320128 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9519494798a88867406b5755e1dbded6\PresentationFramework.ni.dll
+ 2011-12-24 07:58 . 2011-12-24 07:58 12213248 c:\windows2\assembly\NativeImages_v2.0.50727_32\PresentationCore\12dcb10b76012416357bdbb010fdaa97\PresentationCore.ni.dll
+ 2011-12-24 07:57 . 2011-12-24 07:57 11485184 c:\windows2\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"NvCplDaemon"="c:\windows2\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NvMediaCenter"="c:\windows2\system32\NvMcTray.dll" [2008-02-22 86016]
"IMJPMIG8.1"="c:\windows2\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows2\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows2\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows2\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"OEM02Mon.exe"="c:\windows2\OEM02Mon.exe" [2007-05-10 36864]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-04-09 2029456]
"QkqnRvQCEE.exe"="c:\documents and settings\All Users.WINDOWS2\Application Data\QkqnRvQCEE.exe" [2012-04-14 323072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"eccccfaddeafacdfdct"="c:\documents and settings\All Users.WINDOWS2\Application Data\eccccfaddeafacdfdct.exe" [2012-04-14 86016]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktop"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows2\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 DLADHK_M;DLADHK_M;c:\windows2\system32\Drivers\DLADHK_M.SYS [2006-08-18 33592]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows2\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 253600]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows2\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows2\system32\DRIVERS\cmderd.sys [2010-04-09 15464]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows2\system32\DRIVERS\cmdguard.sys [2010-04-09 225344]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows2\system32\DRIVERS\cmdhlp.sys [2010-04-09 25240]
S1 DLADiagM;DLADiagM;c:\windows2\system32\Drivers\DLADiagM.SYS [2006-08-11 13688]
S1 DLAPMonM;DLAPMonM;c:\windows2\system32\Drivers\DLAPMonM.SYS [2006-08-11 30744]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
S2 SBKUPNT;SBKUPNT;c:\windows2\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows2\Tasks\Adobe Flash Player Updater.job
- c:\windows2\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:04]
.
2011-12-26 c:\windows2\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2012-04-14 c:\windows2\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 00:11]
.
2012-04-14 c:\windows2\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 00:11]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
Supplementary scan did not complete!
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-dplaysvr - c:\documents and settings\Antonio.ANTONIO-LAPTOP\Application Data\dplaysvr.exe
HKU-Default-Run-Svc2dll - c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\svcxdcl32.exe
HKU-Default-Run-dplaysvr - c:\documents and settings\Antonio.ANTONIO-LAPTOP\Application Data\dplaysvr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-04-14 01:38
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows2\$NtUninstallKB44553$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [You must be registered and logged in to see this link.]
Windows 5.1.2600 Disk: Hitachi_HTS542512K9SA00 rev.BB2OC39P -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x83D2B2C6
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(912)
c:\windows2\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(972)
c:\windows2\system32\guard32.dll
.
Completion time: 2012-04-14 02:00:02
ComboFix-quarantined-files.txt 2012-04-14 05:59
ComboFix2.txt 2011-04-22 22:36
ComboFix3.txt 2011-04-22 03:28
.
Pre-Run: 14,167,347,200 bytes free
Post-Run: 15,555,403,776 bytes free
.
- - End Of File - - 0BCB3AE258D306C82FF0E35D2E74A899

furyofdawolfx

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2009-12-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on Sun 15 Apr 2012, 2:56 am

Just to give you updated, the laptop seems better, but this morning Comodo detected a file called QkqnRvQCEE.exe in C:\Documents and Settings\All Users.WINDOWS2\Application Data. I was able to block it and manually delete it in the folder.

furyofdawolfx

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2009-12-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by Superdave on Sun 15 Apr 2012, 4:43 am

Re-running ComboFix to remove infections:


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::

    File::
    c:\documents and settings\All Users.WINDOWS2\Application Data\QkqnRvQCEE.exe
    c:\documents and settings\All Users.WINDOWS2\Application Data\eccccfaddeafacdfdct.exe

  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the top portion of the log that should show these two files removed.

***********************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on Sun 15 Apr 2012, 8:54 am

ComboFix 12-04-13.01 - Antonio 04/14/2012 14:57:59.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.620 [GMT -4:00]
Running from: c:\documents and settings\Antonio.ANTONIO-LAPTOP\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Antonio.ANTONIO-LAPTOP\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
.
FILE ::
"c:\documents and settings\All Users.WINDOWS2\Application Data\eccccfaddeafacdfdct.exe"
"c:\documents and settings\All Users.WINDOWS2\Application Data\QkqnRvQCEE.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS2\Application Data\eccccfaddeafacdfdct.exe
c:\windows2\$NtUninstallKB44553$
c:\windows2\$NtUninstallKB44553$\3415827856\@
c:\windows2\$NtUninstallKB44553$\3415827856\cfg.ini
c:\windows2\$NtUninstallKB44553$\3415827856\Desktop.ini
c:\windows2\$NtUninstallKB44553$\3415827856\L\fayqarak
c:\windows2\$NtUninstallKB44553$\3415827856\U\00000001.@
c:\windows2\$NtUninstallKB44553$\3415827856\U\00000002.@
c:\windows2\$NtUninstallKB44553$\3415827856\U\00000004.@
c:\windows2\$NtUninstallKB44553$\3415827856\U\80000000.@
c:\windows2\$NtUninstallKB44553$\3415827856\U\80000004.@
c:\windows2\$NtUninstallKB44553$\3415827856\U\80000032.@
c:\windows2\$NtUninstallKB44553$\927523430
c:\windows2\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-14 15:41 . 2012-04-14 15:41 -------- d-----w- c:\windows2\system32\KB905474
2012-04-13 22:43 . 2012-04-13 22:43 -------- d-sh--w- c:\windows2\system32\config\systemprofile\PrivacIE
2012-04-13 22:41 . 2012-04-13 22:41 -------- d-sh--w- c:\windows2\system32\config\systemprofile\IETldCache
2012-04-13 00:19 . 2012-04-13 00:19 -------- d-----w- c:\documents and settings\Antonio.ANTONIO-LAPTOP\Application Data\SUPERAntiSpyware.com
2012-04-13 00:16 . 2012-04-13 00:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-13 00:16 . 2012-04-13 00:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\SUPERAntiSpyware.com
2012-04-12 04:47 . 2012-04-12 05:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-09 01:34 . 2012-04-09 01:34 -------- d-----w- C:\VritualRoot
2012-04-09 01:34 . 2012-04-09 01:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\COMODO
2012-04-09 01:34 . 2012-04-14 17:49 1474832 ----a-w- c:\windows2\system32\drivers\sfi.dat
2012-04-09 00:57 . 2012-04-09 00:59 -------- d-----w- c:\program files\COMODO
2012-04-09 00:53 . 2012-04-09 00:53 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\Comodo Downloader
2012-04-08 17:57 . 2012-04-08 17:57 -------- d-----w- c:\program files\CCleaner
2012-04-08 16:24 . 2009-08-06 23:24 44768 ----a-w- c:\windows2\system32\wups2.dll
2012-04-08 16:24 . 2009-08-06 23:24 21728 ----a-w- c:\windows2\system32\wucltui.dll.mui
2012-04-08 16:23 . 2009-08-06 23:24 17632 ----a-w- c:\windows2\system32\wuaueng.dll.mui
2012-04-08 16:23 . 2009-08-06 23:24 15072 ----a-w- c:\windows2\system32\wuaucpl.cpl.mui
2012-04-08 16:23 . 2009-08-06 23:24 15064 ----a-w- c:\windows2\system32\wuapi.dll.mui
2012-04-08 16:12 . 2012-04-08 16:14 -------- d-----w- c:\windows2\system32\NtmsData
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2012-04-03 03:51 . 2012-04-03 03:51 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2012-04-02 02:04 . 2012-04-02 02:04 418464 ----a-w- c:\windows2\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-12-10 22:23 22344 ----a-w- c:\windows2\system32\drivers\mbam.sys
2012-04-02 02:04 . 2011-06-03 16:01 70304 ----a-w- c:\windows2\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-14_05.40.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-14 19:35 . 2012-04-14 19:35 16384 c:\windows2\temp\Perflib_Perfdata_7d4.dat
+ 2001-08-23 12:00 . 2012-04-14 18:58 69412 c:\windows2\system32\perfc009.dat
- 2001-08-23 12:00 . 2012-04-14 05:40 69412 c:\windows2\system32\perfc009.dat
+ 2001-08-23 12:00 . 2012-04-14 18:58 437144 c:\windows2\system32\perfh009.dat
- 2001-08-23 12:00 . 2012-04-14 05:40 437144 c:\windows2\system32\perfh009.dat
+ 2012-04-14 15:41 . 2009-03-11 02:18 453512 c:\windows2\system32\KB905474\wgasetup.exe
+ 2012-04-14 15:41 . 2009-03-11 02:26 1403264 c:\windows2\system32\KB905474\wganotifypackageinner.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"NvCplDaemon"="c:\windows2\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NvMediaCenter"="c:\windows2\system32\NvMcTray.dll" [2008-02-22 86016]
"IMJPMIG8.1"="c:\windows2\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows2\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows2\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows2\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"OEM02Mon.exe"="c:\windows2\OEM02Mon.exe" [2007-05-10 36864]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-04-09 2029456]
"dplaysvr"="c:\documents and settings\Antonio.ANTONIO-LAPTOP\Application Data\dplaysvr.exe" [BU]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Svc2dll"="c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\svcxdcl32.exe" [BU]
"dplaysvr"="c:\documents and settings\Antonio.ANTONIO-LAPTOP\Application Data\dplaysvr.exe" [BU]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows2\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows2\system32\drivers\cmderd.sys [4/9/2010 1:25 AM 15464]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows2\system32\drivers\cmdGuard.sys [4/9/2010 1:25 AM 225344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows2\system32\drivers\cmdhlp.sys [4/9/2010 1:25 AM 25240]
R1 DLADiagM;DLADiagM;c:\windows2\system32\drivers\DLADiagM.SYS [10/3/2010 12:07 AM 13688]
R1 DLAPMonM;DLAPMonM;c:\windows2\system32\drivers\DLAPMonM.SYS [10/3/2010 12:07 AM 30744]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2/19/2010 5:00 PM 148744]
R2 SBKUPNT;SBKUPNT;c:\windows2\system32\drivers\SBKUPNT.SYS [10/17/2010 1:05 AM 14976]
S1 DLADHK_M;DLADHK_M;c:\windows2\system32\drivers\DLADHK_M.SYS [10/3/2010 12:07 AM 33592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 8:11 PM 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows2\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/1/2012 10:04 PM 253600]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 8:11 PM 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows2\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows2\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows2\Tasks\Adobe Flash Player Updater.job
- c:\windows2\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 02:04]
.
2011-12-26 c:\windows2\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2012-04-14 c:\windows2\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 00:11]
.
2012-04-14 c:\windows2\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 00:11]
.
2012-04-14 c:\windows2\Tasks\WGASetup.job
- c:\windows2\system32\KB905474\wgasetup.exe [2012-04-14 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-QkqnRvQCEE.exe - c:\documents and settings\All Users.WINDOWS2\Application Data\QkqnRvQCEE.exe
HKU-Default-Run-eccccfaddeafacdfdct - c:\documents and settings\All Users.WINDOWS2\Application Data\eccccfaddeafacdfdct.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-04-14 15:35
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [You must be registered and logged in to see this link.]
Windows 5.1.2600 Disk: Hitachi_HTS542512K9SA00 rev.BB2OC39P -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x839602C6
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(916)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(1348)
c:\windows2\system32\ieframe.dll
c:\windows2\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows2\system32\rundll32.exe
c:\windows2\system32\RUNDLL32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows2\system32\nvsvc32.exe
c:\windows2\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\COMODO\COMODO Internet Security\cfpupdat.exe
.
**************************************************************************
.
Completion time: 2012-04-14 15:44:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-14 19:44
ComboFix2.txt 2012-04-14 06:00
ComboFix3.txt 2011-04-22 22:36
ComboFix4.txt 2011-04-22 03:28
.
Pre-Run: 15,215,386,624 bytes free
Post-Run: 15,465,017,344 bytes free
.
- - End Of File - - 207EB39F375BB86D3871737C13935575

furyofdawolfx

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2009-12-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on Sun 15 Apr 2012, 8:56 am

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: Combo-Fix.sys
Service Name: ---
Module Base: F76F4000
Module End: F7703000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: F4839000
Module End: F4851000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7BC4000
Module End: F7BC6000
Hidden: Yes

Module Name: \??\C:\ComboFix\catchme.sys
Service Name: catchme
Module Base: F3ACE000
Module End: F3AD6000
Hidden: Yes

Module Name: \??\C:\WINDOWS2\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: F7C1E000
Module End: F7C20000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAdjustPrivilegesToken
Address: F4B38226
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwConnectPort
Address: F4B377CA
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateFile
Address: F4B37E8C
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateKey
Address: F4B38A7A
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreatePort
Address: F4B376A6
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateSection
Address: F4B3A7BA
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateSymbolicLinkObject
Address: F4B3AB50
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateThread
Address: F4B371EA
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDeleteKey
Address: F4B38412
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDeleteValueKey
Address: F4B38606
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDuplicateObject
Address: F4B3701C
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwEnumerateKey
Address: F4B3912C
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwEnumerateValueKey
Address: F4B3936A
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwLoadDriver
Address: F4B3A3F6
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwMakeTemporaryObject
Address: F4B37A66
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenFile
Address: F4B38068
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenKey
Address: F4B38A6A
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenProcess
Address: F4B36D00
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenSection
Address: F4B37D16
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenThread
Address: F4B36E98
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwQueryKey
Address: F4B39552
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwQueryMultipleValueKey
Address: F4B39916
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwQueryValueKey
Address: F4B3972E
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwRenameKey
Address: F4B38F44
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwRequestWaitReplyPort
Address: F4B39E8A
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSecureConnectPort
Address: F4B3A13E
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetSecurityObject
Address: F4B38842
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetSystemInformation
Address: F4B3A5C2
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetValueKey
Address: F4B38CCC
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwShutdownSystem
Address: F4B37A00
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSystemDebugControl
Address: F4B37C02
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwTerminateProcess
Address: F4B37544
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwTerminateThread
Address: F4B373EA
Driver Base: F4B2E000
Driver End: F4B64000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\5AB073CC.TMP
Status: Access denied

Object: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\6F0385AD.TMP
Status: Access denied

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied


furyofdawolfx

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2009-12-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by Superdave on Sun 15 Apr 2012, 10:04 am

Your computer should be running much better now.
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on Mon 16 Apr 2012, 3:12 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a15170fa456ed14893db49d48eb960ce
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-15 02:15:53
# local_time=2012-04-14 10:15:53 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 135391623 135391623 0 0
# compatibility_mode=3073 16777189 80 92 0 62734511 0 0
# compatibility_mode=8192 67108863 100 0 30770363 30770363 0 0
# scanned=147239
# found=0
# cleaned=0
# scan_time=9283

furyofdawolfx

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2009-12-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on Mon 16 Apr 2012, 3:33 am

Thank you for all the help. My laptop seems to be running smoothly so far, but I ran a full scan with COMODO for good measure and found the following:

1. UnclassifiedMalware@279312073-C:\TDSSKiller_Quarantine\12.04.2012_00.41.40\mbr0000\tdlfs0000\tsk0001.dta

2. UnclassifiedMalware@279451121-C:\TDSSKiller_Quarantine\12.04.2012_00.41.40\mbr0000\tdlfs0000\tsk0002.dta

3. TrojWare.Win32.Trojan.Agent.Gen@282108980- C:\System Volume Information\_restore{0BC7B696-48BC-4B67-B004-BEAA157F7FC8}\RP449\A0056099.exe

4. Heur.Suspicious@282101403- C:\System Volume Information\_restore{0BC7B696-48BC-4B67-B004-BEAA157F7FC8}\RP449\A0057220.exe

5. Heur.Suspicious@282101403- C:\Qoobox\Quarantine\C\Documents and Settings\All Users.WINDOWS2\Application Data\eccccfaddeafacdfdct.exe.vir

All seemed to have been removed by COMODO. Please advice if there are any other procedures I should run. Thank you.

furyofdawolfx

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2009-12-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by Superdave on Mon 16 Apr 2012, 4:35 am

Some of those are in quarantine and we'll set a new Restore Point.

To uninstall ComboFix


  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall




(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

*************************************************
Please check your Restore Points to see that a new one has been set after doing the above.

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
****************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
***************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by furyofdawolfx on Mon 16 Apr 2012, 9:24 am

When i tried to unistall combofix, COMODO warned me about something trying to get in my computer. Naturally I blocked it, but now going into GeekPolice with my laptop redirects to another website. Definitely infected again.

furyofdawolfx

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2009-12-12
Operating System : Windows XP

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by Superdave on Mon 16 Apr 2012, 9:50 am

Ok. Let's start with running TDSSKiller again. Update and run SAS and MBAM again and post the logs.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: Virus slowing down computer (virtual memory) -NOT SURE ABOUT VIRUS NAME

Post by Sponsored content Today at 12:45 pm


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum