Having problem with Smart Fortress 2012 Infection.

[Kinotsu]

Hello, as the topic states I have been infected with Smart Fortress 2012. Upon it's installation I knew it was some sort of virus but as I went to open up programs such as task manager and malwarebytes the program closed them immediately. After searching for solutions I have seen many different things, I found the removal thread for it using chameleon and while it removed quite a bit of trojans and rootkits they still come back. Each time i boot up my computer I scan with malwarebytes and after 10+ times doing this I still have Rootkits. I do not see any signs of Smart Fortress 2012 other than the icon but I have no issues connecting to the internet or opening programs. I still get redirections for links i click on searching google. No matter how many times I boot my computer up the problem remains. I don't know what to do anymore so I hope somebody here can help me! I am not sure of any procedures with this type of problem so I am awaiting feedback, thank you.

[MrCharlie]

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.

---------------------------------

also.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

[Kinotsu]

Alright, hope I do this right here is the DDS.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30

Run by Owner at 17:14:26 on 2012-04-11

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.724 [GMT -4:00]

.

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Search Guard PlusU\sgpUpdaters.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files\Pure Networks\Network Magic\nmapp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\DAP\DAP.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Owner\Desktop\Tibia8.42\WinZip\WZQKPICK.EXE

C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe

svchost.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\tbh\monitor\bin\tbhMonitor.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\tbh\base\bin\tbhDaemon.exe

C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.centurylink.net

uDefault_Page_URL = hxxp://www.centurylink.net

uWindow Title = Windows Internet Explorer provided by CenturyLink

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

mSearchAssistant =

uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\mediac~1\intern~1\ARCURL~1.DLL

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\ieplugin\SKYPEI~1.DLL

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: ShimHelper Class: {776bad77-f558-4692-b692-43afdcff0320} - c:\program files\browserhighlighter\Shim.dll

BHO: CenturyLink Toolbar: {83453b9b-b889-4659-9144-20f081542bdc} - c:\program files\centurytoolbar\centurytoolbarDx.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Search Assistant: {f0626a63-410b-45e2-99a1-3f2475b2d695} - c:\program files\sgpsa\BHO.dll

BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

TB: CenturyLink Toolbar: {83453b9b-b889-4659-9144-20f081542bdc} - c:\program files\centurytoolbar\centurytoolbarDx.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe

uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [DAEMON Tools Lite] "c:\documents and settings\owner\desktop\tibia8.42\daemon tools lite\DTLite.exe" -autorun

uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe

uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [sGPUpdater] c:\program files\search guard plusu\sgpUpdaters.exe

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [tbhSystray] c:\program files\tbh\base\bin\tbhSystray.exe

mRun: [iSTray] "c:\program files\spyware doctor\pctsTray.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"

mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start

mRun: [AmdAgent] c:\windows\temp\temp10.exe

StartupFolder: c:\docume~1\owner\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\philip~1.lnk - c:\program files\philips\gogear aria device manager\GoGear_Aria_DeviceManager.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\documents and settings\owner\desktop\tibia8.42\winzip\WZQKPICK.EXE

IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html

IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\dap\dapextie.htm

IE: Download &all with DAP - c:\program files\dap\dapextie2.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: mswsock.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{C3C9F00D-3053-44E3-8AB5-71FBDA8D698F} : DhcpNameServer = 192.168.1.254

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\fwnqptuz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=894204&p=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\coffplgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\fwnqptuz.default\extensions\{83453b9b-b889-4659-9144-20f081542bdc}\components\dtTransparency.dll

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\fwnqptuz.default\extensions\{83453b9b-b889-4659-9144-20f081542bdc}\components\dtTransparency3.5.dll

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\fwnqptuz.default\extensions\{83453b9b-b889-4659-9144-20f081542bdc}\components\dtTransparency3.6.dll

FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\fwnqptuz.default\extensions\browserhighlighter@ebay.com\components\Shim.dll

FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll

FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll

FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-5-1 207792]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-12-1 21992]

R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-2-28 1373576]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-5-1 359624]

R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-5-1 1141712]

R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]

R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2010-6-24 70952]

R2 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-25 30152]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-11 40776]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 584680]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 209640]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-4-10 32072]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-22 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-22 8320]

S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2012-4-11 50704]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-04-11 21:09:51 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-04-11 15:54:56 50704 ----a-w- c:\windows\system32\drivers\npf.sys

2012-04-11 15:54:56 281104 ----a-w- c:\windows\system32\wpcap.dll

2012-04-11 15:54:56 100880 ----a-w- c:\windows\system32\Packet.dll

2012-04-10 19:08:23 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-04-10 18:59:16 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-04-10 18:31:53 -------- d-----w- c:\documents and settings\owner\local settings\application data\{7294DA61-833B-11E1-826D-B8AC6F996F26}

2012-04-10 18:30:43 -------- d-----w- c:\documents and settings\all users\application data\529C53270001836300037DDCD151FC84

2012-03-14 03:00:52 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2012-03-14 03:00:52 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll

.

==================== Find3M ====================

.

2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-25 15:38:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-15 15:42:05 0 ----a-w- c:\windows\system32\sho4F4.tmp

2012-02-12 09:34:56 0 ----a-w- c:\windows\system32\sho885.tmp

2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 17:18:16.95 ===============

And here is the Attach report.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 3/8/2009 1:37:59 PM

System Uptime: 4/11/2012 5:08:08 PM (0 hours ago)

.

Motherboard: Dell Computer Corp. | | 0CF458

Processor: Intel® Celeron® CPU 2.66GHz | Microprocessor | 2660/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 34 GiB total, 9.345 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP723: 4/7/2012 2:32:07 PM - System Checkpoint

RP724: 4/10/2012 12:04:28 AM - System Checkpoint

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

7-Zip 4.65

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.2)

AIM 7

AIM Toolbar

AIO_Scan

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ask Toolbar

Battlefield 1942

BitTorrent

Bonjour

Browser Highlighter

BufferChm

C5200

C5200_doccd

c5200_Help

CenturyLink Toolbar

Cisco Network Magic

Conexant D850 56K V.9x DFVc Modem

Copy

CPUID HWMonitor 1.17

Critical Update for Windows Media Player 11 (KB959772)

CustomerResearchQFolder

Dell Resource CD

Destination Component

DeviceDiscovery

DeviceManagementQFolder

DocProc

DocProcQFolder

Download Accelerator Plus (DAP)

Download Updater (AOL LLC)

eSupportQFolder

Fast Browser Search (My Web Tattoo)

Fax

FrostWire 4.21.7

FrostWire 5.2.11

GameRanger

Go Casino

GoGear ARIA Device Manager

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Customer Participation Program 9.0

HP Imaging Device Functions 9.0

HP OCR Software 9.0

HP Photosmart All-In-One Software 9.0

HP Photosmart Essential 2.01

HP Photosmart Essential2.01

HP Product Assistant

HP Smart Web Printing 4.60

HP Solution Center 9.0

HP Update

HPDiagnosticAlert

HPProductAssistant

HPSSupply

Intel® Extreme Graphics 2 Driver

Intel® PRO Network Adapters and Drivers

InterActual Player

Java 6 Update 30

Jitbit Macro Recorder LITE

Junk Mail filter update

LogMeIn Hamachi

Magebot

Malwarebytes Anti-Malware version 1.61.0.1400

MarketResearch

Media Converter for Philips

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Office 2000 Professional

Microsoft Office Click-to-Run 2010

Microsoft Office Home and Student 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft XNA Framework Redistributable 4.0

Mount&Blade

Mozilla Firefox 11.0 (x86 en-US)

MSN

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mumble 1.2.3

Network Magic

NVIDIA Drivers

Octoshape add-in for Adobe Flash Player

Pando Media Booster

PanoStandAlone

PS_AIO_02_ProductContext

PS_AIO_02_Software

PS_AIO_02_Software_min

PSSWCORE

PunkBuster Services

Pure Networks Platform

QuickTime

Rhapsody

Robot Arena 2

Scan

Search Guard Plus (My Web Tattoo)

Search Guard Plus Updater (My Web Tattoo)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618444)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Skype Click to Call

Skype™ 5.5

Smart Fortress 2012

SmartWebPrinting

SolutionCenter

SoundMAX

Spyware Doctor 7.0

Status

Steam

System Requirements Lab CYRI

System Requirements Lab for Intel

TeamViewer 5

Terraria

The Weather Channel Screensaver

Tibia

Tibia MULTI-ip changer

Tibiacast

Toolbox

TrayApp

UnloadSupport

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Ventrilo Client

VideoToolkit01

Viewpoint Media Player

WebEx Support Manager for Internet Explorer

WebFldrs XP

WebReg

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

Xfire (remove only)

.

==== Event Viewer Messages From Past Week ========

.

4/5/2012 9:38:28 AM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{C3C9F00D-3053-44E3-8AB5-71FBDA8D698F} because another computer on the network has the same name. The server could not start.

4/11/2012 5:10:11 PM, error: Service Control Manager [7023] - The Tosrfnds service terminated with the following error: The specified module could not be found.

4/11/2012 5:10:11 PM, error: Service Control Manager [7023] - The DCamUSBMke2 service terminated with the following error: The specified module could not be found.

4/11/2012 2:29:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

4/11/2012 12:30:36 PM, error: Service Control Manager [7023] - The W8335XP service terminated with the following error: The specified module could not be found.

4/11/2012 12:23:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

4/11/2012 1:03:13 PM, error: Service Control Manager [7034] - The Tosrfnds service terminated unexpectedly. It has done this 1 time(s).

4/10/2012 9:02:42 PM, error: Service Control Manager [7023] - The Video3D service terminated with the following error: The specified module could not be found.

4/10/2012 8:23:45 PM, error: Service Control Manager [7023] - The K750bus service terminated with the following error: The specified module could not be found.

4/10/2012 7:28:19 PM, error: Service Control Manager [7034] - The K750bus service terminated unexpectedly. It has done this 1 time(s).

4/10/2012 7:12:10 PM, error: Service Control Manager [7023] - The Mxnic service terminated with the following error: The specified module could not be found.

4/10/2012 7:03:21 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.

4/10/2012 5:50:10 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.

4/10/2012 5:42:50 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde

4/10/2012 5:39:41 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

4/10/2012 5:38:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/10/2012 5:30:10 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm PCIIde

4/10/2012 5:30:10 PM, error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

4/10/2012 5:29:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

4/10/2012 5:29:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

4/10/2012 4:26:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm

4/10/2012 4:22:50 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm PCIIde sptd

4/10/2012 4:21:25 PM, error: sptd [4] - Driver detected an internal error in its data structures for .

4/10/2012 3:05:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

4/10/2012 2:44:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm sptd

4/10/2012 2:43:03 PM, error: Dhcp [1002] - The IP address lease 192.168.2.100 for the Network Card with network address 001320A96362 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

4/10/2012 2:33:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.

4/10/2012 2:33:01 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/10/2012 2:32:00 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

4/10/2012 2:31:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Media Player Network Sharing Service service to connect.

4/10/2012 2:31:38 PM, error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/10/2012 2:31:07 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

4/10/2012 2:31:00 PM, error: Service Control Manager [7034] - The Application Virtualization Service Agent service terminated unexpectedly. It has done this 1 time(s).

4/10/2012 2:31:00 PM, error: Service Control Manager [7034] - The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).

4/10/2012 2:30:59 PM, error: Service Control Manager [7034] - The The Browser Highlighter Monitor service terminated unexpectedly. It has done this 1 time(s).

4/10/2012 2:30:59 PM, error: Service Control Manager [7034] - The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).

4/10/2012 2:30:59 PM, error: Service Control Manager [7034] - The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).

4/10/2012 2:30:57 PM, error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s).

4/10/2012 2:30:57 PM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).

4/10/2012 2:30:57 PM, error: Service Control Manager [7034] - The PC Tools Auxiliary Service service terminated unexpectedly. It has done this 1 time(s).

4/10/2012 2:30:57 PM, error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).

4/10/2012 2:30:57 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

4/10/2012 2:30:57 PM, error: Service Control Manager [7034] - The Indexing Service service terminated unexpectedly. It has done this 1 time(s).

4/10/2012 2:30:56 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

4/10/2012 2:30:56 PM, error: Service Control Manager [7034] - The ArcSoft Connect Daemon service terminated unexpectedly. It has done this 1 time(s).

4/10/2012 2:30:56 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

.

==== End Of File ===========================

And here is the Roguekiller report.

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Owner [Admin rights]

Mode: Scan -- Date: 04/11/2012 17:22:44

¤¤¤ Bad processes: 2 ¤¤¤

[sUSP PATH] WZQKPICK.EXE -- C:\Documents and Settings\Owner\Desktop\Tibia8.42\WinZip\WZQKPICK.EXE -> KILLED [TermProc]

[HJ NAME] svchost.exe -- \\.\globalroot\SystemRoot\system32\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 10 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : DAEMON Tools Lite ("C:\Documents and Settings\Owner\Desktop\Tibia8.42\DAEMON Tools Lite\DTLite.exe" -autorun) -> FOUND

[sUSP PATH] HKLM\[...]\Run : AmdAgent (C:\WINDOWS\Temp\temp10.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-1708537768-1292428093-682003330-1003[...]\Run : DAEMON Tools Lite ("C:\Documents and Settings\Owner\Desktop\Tibia8.42\DAEMON Tools Lite\DTLite.exe" -autorun) -> FOUND

[sUSP PATH] WinZip Quick Pick.lnk @All Users : C:\Documents and Settings\Owner\Desktop\Tibia8.42\WinZip\WZQKPICK.EXE -> FOUND

[sUSP PATH] WinZip Quick Pick.lnk @Common : C:\Documents and Settings\Owner\Desktop\Tibia8.42\WinZip\WZQKPICK.EXE -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[FAKED] ipsec.sys : c:\windows\system32\drivers\ipsec.sys --> CANNOT FIX

¤¤¤ Driver: [LOADED] ¤¤¤

IRP[iRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7849B40)

IRP[iRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7849B40)

IRP[iRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7849B40)

IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7849B40)

IRP[iRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7849B40)

IRP[iRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF7849B40)

¤¤¤ Infection : ZeroAccess ¤¤¤

[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST340014A +++++

--- User ---

[MBR] bca584a9d38a42e68b86bf13316bbf4d

[bSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 35032 Mo

2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 71810550 | Size: 3074 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

¤¤¤ Infection : ZeroAccess ¤¤¤

[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

You have a very nasty infection on this system!

------------------------------------------------------------------------------------------------

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards and......

• There's a possibility that you'll lose your internet connections which I may not be able to correct and will require a repair install.
  
• There's also a possibility that during the cleaning procedure the computer will become unusable (won't boot) which will result in a repair install or complete format and install.
  
• I strongly suggest you back up all of the important items on the system before we continue.
  

Please let me know you have read this and agree to it.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-------------------------------------------

Please make sure system restore is running and create a new restore point before continuing.

and.....

Backup the registry as outlined in the link below using ERUNT:

http://www.geekstogo...ry-using-erunt/

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

[Kinotsu]

Sadly I don't have much of a choice, currently do not own a reformat disk otherwise I probably would have already done it. Until I can acquire one I will decide to follow your instructions. I ran the scan but clicked reboot before getting the report, but I just ran another one after curing that ipsec.sys so here is the report.

18:15:51.0515 1676 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

18:15:52.0125 1676 ============================================================

18:15:52.0125 1676 Current date / time: 2012/04/11 18:15:52.0125

18:15:52.0125 1676 SystemInfo:

18:15:52.0125 1676

18:15:52.0125 1676 OS Version: 5.1.2600 ServicePack: 3.0

18:15:52.0125 1676 Product type: Workstation

18:15:52.0125 1676 ComputerName: ANTONIO

18:15:52.0125 1676 UserName: Owner

18:15:52.0125 1676 Windows directory: C:\WINDOWS

18:15:52.0125 1676 System windows directory: C:\WINDOWS

18:15:52.0125 1676 Processor architecture: Intel x86

18:15:52.0125 1676 Number of processors: 1

18:15:52.0125 1676 Page size: 0x1000

18:15:52.0125 1676 Boot type: Normal boot

18:15:52.0125 1676 ============================================================

18:15:58.0984 1676 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

18:15:59.0015 1676 \Device\Harddisk0\DR0:

18:15:59.0015 1676 MBR used

18:15:59.0015 1676 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x446C2F2

18:15:59.0062 1676 Initialize success

18:15:59.0062 1676 ============================================================

18:16:11.0375 2996 ============================================================

18:16:11.0375 2996 Scan started

18:16:11.0375 2996 Mode: Manual; SigCheck; TDLFS;

18:16:11.0375 2996 ============================================================

18:16:22.0734 2996 Abiosdsk - ok

18:16:22.0906 2996 abp480n5 - ok

18:16:23.0046 2996 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

18:16:23.0328 2996 ACDaemon - ok

18:16:23.0484 2996 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:16:24.0968 2996 ACPI - ok

18:16:25.0093 2996 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

18:16:25.0625 2996 ACPIEC - ok

18:16:25.0703 2996 adpu160m - ok

18:16:25.0796 2996 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

18:16:26.0031 2996 aec - ok

18:16:26.0140 2996 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

18:16:26.0203 2996 AFD - ok

18:16:26.0265 2996 Aha154x - ok

18:16:26.0312 2996 aic78u2 - ok

18:16:26.0406 2996 aic78xx - ok

18:16:26.0500 2996 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

18:16:26.0812 2996 Alerter - ok

18:16:26.0921 2996 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

18:16:27.0156 2996 ALG - ok

18:16:27.0234 2996 AliIde - ok

18:16:27.0265 2996 amsint - ok

18:16:27.0359 2996 Apple Mobile Device (7e94e567c1aa5abe6174032b3dab6c23) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

18:16:27.0375 2996 Apple Mobile Device - ok

18:16:27.0437 2996 AppMgmt - ok

18:16:27.0484 2996 asc - ok

18:16:27.0515 2996 asc3350p - ok

18:16:27.0578 2996 asc3550 - ok

18:16:27.0656 2996 asctrm - ok

18:16:27.0796 2996 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

18:16:27.0875 2996 aspnet_state - ok

18:16:28.0015 2996 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:16:28.0359 2996 AsyncMac - ok

18:16:28.0468 2996 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:16:28.0703 2996 atapi - ok

18:16:28.0781 2996 Atdisk - ok

18:16:28.0875 2996 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:16:29.0046 2996 Atmarpc - ok

18:16:29.0156 2996 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

18:16:29.0359 2996 AudioSrv - ok

18:16:29.0500 2996 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:16:29.0687 2996 audstub - ok

18:16:29.0812 2996 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:16:30.0031 2996 Beep - ok

18:16:30.0156 2996 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

18:16:30.0390 2996 BITS - ok

18:16:30.0484 2996 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe

18:16:30.0515 2996 Bonjour Service - ok

18:16:30.0625 2996 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

18:16:30.0875 2996 Browser - ok

18:16:31.0015 2996 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:16:31.0218 2996 cbidf2k - ok

18:16:31.0406 2996 cd20xrnt - ok

18:16:31.0578 2996 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

18:16:31.0843 2996 Cdaudio - ok

18:16:32.0046 2996 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

18:16:32.0265 2996 Cdfs - ok

18:16:32.0500 2996 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:16:32.0703 2996 Cdrom - ok

18:16:32.0906 2996 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

18:16:32.0968 2996 cercsr6 ( UnsignedFile.Multi.Generic ) - warning

18:16:32.0968 2996 cercsr6 - detected UnsignedFile.Multi.Generic (1)

18:16:33.0546 2996 Changer - ok

18:16:34.0203 2996 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

18:16:34.0687 2996 cisvc - ok

18:16:34.0828 2996 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

18:16:35.0265 2996 ClipSrv - ok

18:16:35.0453 2996 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:16:35.0531 2996 clr_optimization_v2.0.50727_32 - ok

18:16:35.0828 2996 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

18:16:35.0859 2996 clr_optimization_v4.0.30319_32 - ok

18:16:35.0984 2996 CmdIde - ok

18:16:36.0031 2996 COMSysApp - ok

18:16:36.0125 2996 Cpqarray - ok

18:16:36.0218 2996 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys

18:16:36.0250 2996 cpudrv - ok

18:16:36.0531 2996 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys

18:16:36.0578 2996 cpuz135 - ok

18:16:36.0750 2996 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

18:16:37.0140 2996 CryptSvc - ok

18:16:37.0265 2996 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

18:16:40.0859 2996 cvhsvc - ok

18:16:41.0156 2996 dac2w2k - ok

18:16:41.0265 2996 dac960nt - ok

18:16:42.0390 2996 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

18:16:42.0937 2996 DcomLaunch - ok

18:16:43.0390 2996 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

18:16:43.0843 2996 Dhcp - ok

18:16:44.0640 2996 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

18:16:44.0937 2996 Disk - ok

18:16:45.0078 2996 dmadmin - ok

18:16:45.0296 2996 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

18:16:45.0640 2996 dmboot - ok

18:16:45.0781 2996 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

18:16:46.0031 2996 dmio - ok

18:16:46.0171 2996 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:16:46.0546 2996 dmload - ok

18:16:47.0171 2996 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

18:16:48.0390 2996 dmserver - ok

18:16:48.0718 2996 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

18:16:49.0312 2996 DMusic - ok

18:16:49.0562 2996 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

18:16:49.0781 2996 Dnscache - ok

18:16:49.0953 2996 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

18:16:50.0250 2996 Dot3svc - ok

18:16:50.0468 2996 dpti2o - ok

18:16:51.0156 2996 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

18:16:51.0937 2996 drmkaud - ok

18:16:52.0328 2996 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys

18:16:52.0484 2996 E100B - ok

18:16:52.0859 2996 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

18:16:53.0140 2996 EapHost - ok

18:16:53.0421 2996 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

18:16:53.0734 2996 ERSvc - ok

18:16:54.0093 2996 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

18:16:54.0140 2996 Eventlog - ok

18:16:54.0531 2996 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

18:16:54.0750 2996 EventSystem - ok

18:16:55.0265 2996 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

18:16:55.0703 2996 Fastfat - ok

18:16:56.0078 2996 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

18:16:56.0281 2996 FastUserSwitchingCompatibility - ok

18:16:56.0828 2996 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

18:16:57.0093 2996 Fdc - ok

18:16:57.0671 2996 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

18:16:57.0906 2996 Fips - ok

18:16:58.0359 2996 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

18:16:58.0625 2996 Flpydisk - ok

18:16:59.0078 2996 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

18:16:59.0375 2996 FltMgr - ok

18:16:59.0906 2996 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

18:16:59.0937 2996 FontCache3.0.0.0 - ok

18:17:00.0453 2996 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:17:00.0765 2996 Fs_Rec - ok

18:17:01.0046 2996 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:17:01.0312 2996 Ftdisk - ok

18:17:01.0515 2996 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:17:01.0875 2996 Gpc - ok

18:17:02.0015 2996 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

18:17:02.0062 2996 gupdate - ok

18:17:02.0078 2996 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

18:17:02.0093 2996 gupdatem - ok

18:17:02.0421 2996 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

18:17:02.0734 2996 gusvc - ok

18:17:03.0031 2996 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys

18:17:03.0046 2996 hamachi - ok

18:17:03.0453 2996 Hamachi2Svc (fa89c0429821c7c429eec7a0ce1c02d3) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

18:17:04.0109 2996 Hamachi2Svc - ok

18:17:04.0281 2996 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

18:17:04.0531 2996 helpsvc - ok

18:17:04.0781 2996 HidBth - ok

18:17:05.0140 2996 HidServ - ok

18:17:05.0671 2996 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:17:05.0921 2996 hidusb - ok

18:17:06.0203 2996 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

18:17:06.0453 2996 hkmsvc - ok

18:17:06.0843 2996 hpn - ok

18:17:07.0250 2996 hpqcxs08 (ce0fcec4d4d860f36d972759b11eaf0f) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

18:17:07.0375 2996 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

18:17:07.0375 2996 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

18:17:07.0640 2996 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

18:17:07.0718 2996 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

18:17:07.0718 2996 hpqddsvc - detected UnsignedFile.Multi.Generic (1)

18:17:08.0140 2996 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

18:17:09.0078 2996 HPZid412 - ok

18:17:09.0578 2996 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

18:17:09.0656 2996 HPZipr12 - ok

18:17:09.0921 2996 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

18:17:10.0000 2996 HPZius12 - ok

18:17:10.0281 2996 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

18:17:10.0406 2996 HSFHWBS2 - ok

18:17:10.0703 2996 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

18:17:11.0156 2996 HSF_DP - ok

18:17:11.0562 2996 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

18:17:11.0906 2996 HTTP - ok

18:17:12.0234 2996 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

18:17:12.0453 2996 HTTPFilter - ok

18:17:12.0796 2996 i2omgmt - ok

18:17:13.0125 2996 i2omp - ok

18:17:13.0687 2996 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

18:17:14.0000 2996 i8042prt - ok

18:17:14.0109 2996 iAimFP7 - ok

18:17:14.0484 2996 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

18:17:15.0093 2996 ialm - ok

18:17:15.0578 2996 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

18:17:15.0828 2996 idsvc - ok

18:17:16.0062 2996 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

18:17:16.0250 2996 Imapi - ok

18:17:16.0468 2996 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

18:17:16.0671 2996 ImapiService - ok

18:17:16.0781 2996 ini910u - ok

18:17:16.0875 2996 inotask - ok

18:17:17.0140 2996 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

18:17:17.0328 2996 IntelIde - ok

18:17:17.0562 2996 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:17:17.0750 2996 intelppm - ok

18:17:18.0015 2996 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

18:17:18.0218 2996 Ip6Fw - ok

18:17:18.0359 2996 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:17:18.0531 2996 IpFilterDriver - ok

18:17:18.0718 2996 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:17:18.0906 2996 IpInIp - ok

18:17:19.0093 2996 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:17:19.0296 2996 IpNat - ok

18:17:19.0515 2996 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:17:19.0718 2996 IPSec - ok

18:17:20.0000 2996 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

18:17:20.0203 2996 IRENUM - ok

18:17:20.0437 2996 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:17:20.0625 2996 isapnp - ok

18:17:20.0796 2996 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe

18:17:20.0812 2996 JavaQuickStarterService - ok

18:17:21.0015 2996 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:17:21.0234 2996 Kbdclass - ok

18:17:21.0343 2996 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

18:17:21.0703 2996 kbdhid - ok

18:17:21.0921 2996 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

18:17:22.0125 2996 kmixer - ok

18:17:22.0375 2996 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

18:17:22.0484 2996 KSecDD - ok

18:17:22.0718 2996 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

18:17:22.0828 2996 lanmanserver - ok

18:17:23.0015 2996 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

18:17:23.0093 2996 lanmanworkstation - ok

18:17:23.0250 2996 lbrtfdc - ok

18:17:23.0390 2996 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

18:17:23.0578 2996 LmHosts - ok

18:17:23.0890 2996 mbamchameleon (e0e22c8a2c5528919c45b834ca68e5ef) C:\WINDOWS\system32\drivers\mbamchameleon.sys

18:17:23.0921 2996 mbamchameleon - ok

18:17:24.0062 2996 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

18:17:24.0078 2996 MBAMSwissArmy - ok

18:17:24.0250 2996 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

18:17:24.0281 2996 mdmxsdk - ok

18:17:24.0515 2996 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

18:17:24.0734 2996 Messenger - ok

18:17:24.0875 2996 mfcom - ok

18:17:25.0062 2996 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:17:25.0343 2996 mnmdd - ok

18:17:25.0515 2996 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

18:17:25.0718 2996 mnmsrvc - ok

18:17:25.0906 2996 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

18:17:26.0109 2996 Modem - ok

18:17:26.0328 2996 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

18:17:26.0515 2996 MODEMCSA - ok

18:17:26.0703 2996 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys

18:17:26.0859 2996 motccgp - ok

18:17:27.0078 2996 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys

18:17:27.0140 2996 motccgpfl - ok

18:17:27.0281 2996 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:17:27.0484 2996 Mouclass - ok

18:17:27.0750 2996 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:17:28.0031 2996 mouhid - ok

18:17:28.0281 2996 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

18:17:28.0515 2996 MountMgr - ok

18:17:28.0703 2996 mraid35x - ok

18:17:28.0906 2996 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:17:29.0125 2996 MRxDAV - ok

18:17:29.0421 2996 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:17:29.0671 2996 MRxSmb - ok

18:17:29.0875 2996 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

18:17:30.0078 2996 MSDTC - ok

18:17:30.0265 2996 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

18:17:30.0468 2996 Msfs - ok

18:17:30.0625 2996 MSIServer - ok

18:17:30.0906 2996 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:17:31.0140 2996 MSKSSRV - ok

18:17:31.0328 2996 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:17:31.0515 2996 MSPCLOCK - ok

18:17:31.0906 2996 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

18:17:32.0156 2996 MSPQM - ok

18:17:32.0312 2996 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:17:32.0500 2996 mssmbios - ok

18:17:32.0734 2996 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

18:17:32.0796 2996 Mup - ok

18:17:33.0156 2996 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

18:17:33.0390 2996 napagent - ok

18:17:33.0687 2996 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

18:17:33.0968 2996 NDIS - ok

18:17:34.0218 2996 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:17:34.0265 2996 NdisTapi - ok

18:17:34.0546 2996 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:17:34.0781 2996 Ndisuio - ok

18:17:35.0000 2996 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:17:35.0203 2996 NdisWan - ok

18:17:35.0437 2996 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

18:17:35.0484 2996 NDProxy - ok

18:17:35.0640 2996 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll

18:17:35.0703 2996 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

18:17:35.0703 2996 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

18:17:35.0906 2996 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:17:36.0093 2996 NetBIOS - ok

18:17:36.0390 2996 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

18:17:36.0609 2996 NetBT - ok

18:17:36.0843 2996 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

18:17:37.0093 2996 NetDDE - ok

18:17:37.0109 2996 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

18:17:37.0312 2996 NetDDEdsdm - ok

18:17:37.0531 2996 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:17:37.0734 2996 Netlogon - ok

18:17:38.0031 2996 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

18:17:38.0296 2996 Netman - ok

18:17:38.0593 2996 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

18:17:38.0703 2996 NetTcpPortSharing - ok

18:17:38.0859 2996 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

18:17:38.0937 2996 Nla - ok

18:17:39.0218 2996 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

18:17:39.0421 2996 nmservice - ok

18:17:39.0703 2996 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys

18:17:39.0718 2996 NPF - ok

18:17:39.0875 2996 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

18:17:40.0078 2996 Npfs - ok

18:17:40.0234 2996 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

18:17:40.0578 2996 Ntfs - ok

18:17:40.0859 2996 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:17:41.0062 2996 NtLmSsp - ok

18:17:41.0296 2996 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

18:17:41.0718 2996 NtmsSvc - ok

18:17:41.0859 2996 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:17:42.0109 2996 Null - ok

18:17:43.0218 2996 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

18:17:44.0250 2996 nv - ok

18:17:44.0421 2996 NVSvc (0c41c4acfe00d826db479c40c1d9edc8) C:\WINDOWS\system32\nvsvc32.exe

18:17:44.0468 2996 NVSvc - ok

18:17:44.0671 2996 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:17:44.0984 2996 NwlnkFlt - ok

18:17:45.0156 2996 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:17:45.0375 2996 NwlnkFwd - ok

18:17:45.0500 2996 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:17:45.0718 2996 ose - ok

18:17:46.0375 2996 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

18:17:47.0828 2996 osppsvc - ok

18:17:47.0984 2996 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

18:17:48.0187 2996 Parport - ok

18:17:48.0421 2996 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

18:17:48.0609 2996 PartMgr - ok

18:17:48.0859 2996 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

18:17:49.0062 2996 ParVdm - ok

18:17:49.0328 2996 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

18:17:49.0484 2996 PCI - ok

18:17:49.0703 2996 PCIDump - ok

18:17:49.0953 2996 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

18:17:50.0234 2996 PCIIde - ok

18:17:50.0406 2996 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

18:17:50.0609 2996 Pcmcia - ok

18:17:50.0859 2996 Pcouffin - ok

18:17:51.0078 2996 PCTCore (ad629e621cb1242ba8707cd9c2c5b6ec) C:\WINDOWS\system32\drivers\PCTCore.sys

18:17:51.0109 2996 PCTCore - ok

18:17:51.0359 2996 PDCOMP - ok

18:17:51.0625 2996 PDFRAME - ok

18:17:51.0906 2996 PDRELI - ok

18:17:52.0140 2996 PDRFRAME - ok

18:17:52.0390 2996 perc2 - ok

18:17:52.0656 2996 perc2hib - ok

18:17:52.0890 2996 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

18:17:52.0953 2996 PlugPlay - ok

18:17:53.0125 2996 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll

18:17:53.0156 2996 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

18:17:53.0156 2996 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

18:17:53.0359 2996 pnarp (36fcac4fa28b462ca867742dea59b0d0) C:\WINDOWS\system32\DRIVERS\pnarp.sys

18:17:53.0375 2996 pnarp - ok

18:17:53.0578 2996 PnkBstrA (19e83b09ab8ee1d837665da941e2ac44) C:\WINDOWS\system32\PnkBstrA.exe

18:17:53.0609 2996 PnkBstrA - ok

18:17:53.0859 2996 PnkBstrB (27f1be4a53441c9f1f48b9adc145b0a5) C:\WINDOWS\system32\PnkBstrB.exe

18:17:53.0875 2996 PnkBstrB - ok

18:17:54.0031 2996 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:17:54.0218 2996 PolicyAgent - ok

18:17:54.0390 2996 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:17:54.0578 2996 PptpMiniport - ok

18:17:54.0765 2996 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:17:54.0937 2996 ProtectedStorage - ok

18:17:55.0109 2996 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

18:17:55.0328 2996 PSched - ok

18:17:55.0640 2996 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:17:55.0906 2996 Ptilink - ok

18:17:56.0125 2996 purendis (d8ac00388262b1a4878a7ee12f31d376) C:\WINDOWS\system32\DRIVERS\purendis.sys

18:17:56.0140 2996 purendis - ok

18:17:56.0328 2996 ql1080 - ok

18:17:56.0531 2996 Ql10wnt - ok

18:17:56.0640 2996 ql12160 - ok

18:17:56.0921 2996 ql1240 - ok

18:17:57.0062 2996 ql1280 - ok

18:17:57.0156 2996 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:17:57.0359 2996 RasAcd - ok

18:17:57.0656 2996 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

18:17:57.0828 2996 RasAuto - ok

18:17:57.0937 2996 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:17:58.0156 2996 Rasl2tp - ok

18:17:58.0500 2996 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

18:17:58.0796 2996 RasMan - ok

18:17:59.0031 2996 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:17:59.0218 2996 RasPppoe - ok

18:17:59.0437 2996 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:17:59.0718 2996 Raspti - ok

18:17:59.0843 2996 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:18:00.0078 2996 Rdbss - ok

18:18:00.0312 2996 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:18:00.0562 2996 RDPCDD - ok

18:18:00.0937 2996 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

18:18:01.0031 2996 RDPWD - ok

18:18:01.0218 2996 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

18:18:01.0484 2996 RDSessMgr - ok

18:18:01.0640 2996 RecAgent - ok

18:18:01.0796 2996 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:18:02.0031 2996 redbook - ok

18:18:02.0187 2996 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

18:18:02.0437 2996 RemoteAccess - ok

18:18:02.0718 2996 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

18:18:02.0921 2996 ROOTMODEM - ok

18:18:03.0093 2996 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

18:18:03.0328 2996 RpcLocator - ok

18:18:03.0453 2996 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

18:18:03.0546 2996 RpcSs - ok

18:18:03.0750 2996 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

18:18:04.0031 2996 RSVP - ok

18:18:04.0187 2996 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:18:04.0343 2996 SamSs - ok

18:18:04.0562 2996 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

18:18:04.0765 2996 SCardSvr - ok

18:18:04.0968 2996 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

18:18:05.0140 2996 Schedule - ok

18:18:05.0343 2996 sdAuxService (41ec8c98808422f8d33c32056e966448) C:\Program Files\Spyware Doctor\pctsAuxs.exe

18:18:05.0484 2996 sdAuxService - ok

18:18:05.0750 2996 sdCoreService (e4f354ba21b0638d1fc2d03f1fc82150) C:\Program Files\Spyware Doctor\pctsSvc.exe

18:18:05.0890 2996 sdCoreService - ok

18:18:06.0234 2996 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:18:06.0468 2996 Secdrv - ok

18:18:06.0625 2996 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

18:18:06.0843 2996 seclogon - ok

18:18:07.0156 2996 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys

18:18:07.0390 2996 senfilt - ok

18:18:07.0656 2996 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

18:18:07.0828 2996 SENS - ok

18:18:08.0109 2996 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

18:18:08.0281 2996 serenum - ok

18:18:08.0515 2996 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

18:18:08.0718 2996 Serial - ok

18:18:08.0953 2996 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

18:18:09.0156 2996 Sfloppy - ok

18:18:09.0421 2996 Sftfs (0692e5bf83b1f10102ba9bd240110b4e) C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys

18:18:09.0500 2996 Sftfs - ok

18:18:09.0718 2996 sftlist (cb73bc422c07fb611f194da18d1e7f36) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

18:18:09.0937 2996 sftlist - ok

18:18:10.0125 2996 Sftplay (0e108d75f8db551669e5eb37cbf5bc02) C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys

18:18:10.0171 2996 Sftplay - ok

18:18:10.0328 2996 Sftredir (65b31b4ba9efeace4dd95ed94051139f) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys

18:18:10.0343 2996 Sftredir - ok

18:18:10.0531 2996 Sftvol (f372506bc97f14a41fb81bbe3223906b) C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys

18:18:10.0562 2996 Sftvol - ok

18:18:10.0828 2996 sftvsa (a5812f0281ca5081bf696626f9bf324d) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

18:18:11.0156 2996 sftvsa - ok

18:18:11.0437 2996 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

18:18:11.0734 2996 SharedAccess - ok

18:18:11.0875 2996 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

18:18:11.0921 2996 ShellHWDetection - ok

18:18:12.0062 2996 Simbad - ok

18:18:12.0218 2996 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys

18:18:12.0359 2996 smwdm - ok

18:18:12.0531 2996 Sparrow - ok

18:18:12.0765 2996 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

18:18:12.0968 2996 splitter - ok

18:18:13.0140 2996 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

18:18:13.0203 2996 Spooler - ok

18:18:13.0531 2996 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys

18:18:13.0531 2996 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

18:18:13.0531 2996 sptd ( LockedFile.Multi.Generic ) - warning

18:18:13.0531 2996 sptd - detected LockedFile.Multi.Generic (1)

18:18:13.0750 2996 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

18:18:13.0984 2996 sr - ok

18:18:14.0187 2996 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

18:18:14.0375 2996 srservice - ok

18:18:14.0687 2996 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

18:18:14.0859 2996 Srv - ok

18:18:15.0062 2996 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

18:18:15.0250 2996 SSDPSRV - ok

18:18:15.0453 2996 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

18:18:15.0703 2996 stisvc - ok

18:18:15.0937 2996 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:18:16.0156 2996 swenum - ok

18:18:16.0421 2996 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

18:18:16.0593 2996 swmidi - ok

18:18:16.0734 2996 SwPrv - ok

18:18:16.0890 2996 symc810 - ok

18:18:17.0109 2996 symc8xx - ok

18:18:17.0234 2996 sym_hi - ok

18:18:17.0390 2996 sym_u3 - ok

18:18:17.0671 2996 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

18:18:17.0875 2996 sysaudio - ok

18:18:18.0078 2996 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

18:18:18.0312 2996 SysmonLog - ok

18:18:18.0531 2996 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

18:18:18.0796 2996 TapiSrv - ok

18:18:18.0921 2996 tbhMonitor.exe (02bdc892b31e60c5938284d10554ad08) C:\Program Files\tbh\monitor\bin\tbhMonitor.exe

18:18:18.0937 2996 tbhMonitor.exe - ok

18:18:19.0218 2996 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:18:19.0375 2996 Tcpip - ok

18:18:19.0593 2996 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

18:18:19.0781 2996 TDPIPE - ok

18:18:20.0093 2996 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

18:18:20.0312 2996 TDTCP - ok

18:18:20.0578 2996 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:18:20.0781 2996 TermDD - ok

18:18:21.0093 2996 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

18:18:21.0281 2996 TermService - ok

18:18:21.0484 2996 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

18:18:21.0515 2996 Themes - ok

18:18:21.0609 2996 thkeys - ok

18:18:21.0796 2996 TosIde - ok

18:18:22.0046 2996 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

18:18:22.0218 2996 TrkWks - ok

18:18:22.0421 2996 TrueSight (1512d11c1e1e37a4ae2e2b62794f0d2e) c:\windows\system32\drivers\TrueSight.sys

18:18:22.0531 2996 TrueSight ( UnsignedFile.Multi.Generic ) - warning

18:18:22.0531 2996 TrueSight - detected UnsignedFile.Multi.Generic (1)

18:18:22.0718 2996 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

18:18:22.0906 2996 Udfs - ok

18:18:23.0046 2996 ultra - ok

18:18:23.0281 2996 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

18:18:23.0625 2996 Update - ok

18:18:23.0843 2996 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

18:18:24.0046 2996 upnphost - ok

18:18:24.0218 2996 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

18:18:24.0453 2996 UPS - ok

18:18:24.0937 2996 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:18:25.0234 2996 usbccgp - ok

18:18:25.0468 2996 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:18:25.0671 2996 usbehci - ok

18:18:25.0796 2996 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:18:26.0000 2996 usbhub - ok

18:18:26.0187 2996 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

18:18:26.0390 2996 usbprint - ok

18:18:26.0578 2996 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:18:26.0812 2996 usbscan - ok

18:18:26.0984 2996 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:18:27.0218 2996 USBSTOR - ok

18:18:27.0468 2996 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:18:27.0703 2996 usbuhci - ok

18:18:27.0875 2996 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

18:18:28.0109 2996 VgaSave - ok

18:18:28.0312 2996 ViaIde - ok

18:18:28.0421 2996 Viewpoint Service (00a204be7084b214605db4d433c9a7e2) C:\Program Files\Viewpoint\Common\ViewpointService.exe

18:18:28.0453 2996 Viewpoint Service - ok

18:18:28.0671 2996 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

18:18:28.0859 2996 VolSnap - ok

18:18:29.0156 2996 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

18:18:29.0343 2996 VSS - ok

18:18:29.0578 2996 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

18:18:29.0937 2996 W32Time - ok

18:18:30.0140 2996 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:18:30.0359 2996 Wanarp - ok

18:18:30.0609 2996 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

18:18:30.0828 2996 Wdf01000 - ok

18:18:31.0015 2996 WDICA - ok

18:18:31.0234 2996 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

18:18:31.0437 2996 wdmaud - ok

18:18:31.0562 2996 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

18:18:31.0781 2996 WebClient - ok

18:18:32.0000 2996 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

18:18:32.0218 2996 winachsf - ok

18:18:32.0484 2996 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

18:18:32.0656 2996 winmgmt - ok

18:18:32.0796 2996 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

18:18:33.0031 2996 WmdmPmSN - ok

18:18:33.0265 2996 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

18:18:33.0484 2996 WmiApSrv - ok

18:18:33.0765 2996 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

18:18:34.0109 2996 WMPNetworkSvc - ok

18:18:34.0406 2996 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

18:18:34.0437 2996 WpdUsb - ok

18:18:34.0812 2996 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

18:18:35.0062 2996 WPFFontCache_v0400 - ok

18:18:35.0359 2996 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

18:18:35.0640 2996 WS2IFSL - ok

18:18:35.0796 2996 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

18:18:35.0984 2996 wuauserv - ok

18:18:36.0218 2996 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

18:18:36.0296 2996 WudfPf - ok

18:18:36.0500 2996 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

18:18:36.0546 2996 WudfRd - ok

18:18:36.0718 2996 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

18:18:36.0750 2996 WudfSvc - ok

18:18:36.0921 2996 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

18:18:37.0125 2996 WZCSVC - ok

18:18:37.0343 2996 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

18:18:37.0531 2996 xmlprov - ok

18:18:37.0562 2996 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

18:18:38.0140 2996 \Device\Harddisk0\DR0 - ok

18:18:38.0171 2996 Boot (0x1200) (14600fb5eb0dc673d3b6b870b6411526) \Device\Harddisk0\DR0\Partition0

18:18:38.0203 2996 \Device\Harddisk0\DR0\Partition0 - ok

18:18:38.0203 2996 ============================================================

18:18:38.0203 2996 Scan finished

18:18:38.0203 2996 ============================================================

18:18:38.0328 2092 Detected object count: 7

18:18:38.0328 2092 Actual detected object count: 7

18:18:53.0968 2092 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user

18:18:53.0968 2092 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:18:53.0968 2092 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

18:18:53.0968 2092 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:18:53.0968 2092 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

18:18:53.0968 2092 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:18:53.0968 2092 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

18:18:53.0968 2092 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:18:53.0968 2092 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

18:18:53.0968 2092 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:18:53.0968 2092 sptd ( LockedFile.Multi.Generic ) - skipped by user

18:18:53.0968 2092 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

18:18:53.0984 2092 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user

18:18:53.0984 2092 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip

[MrCharlie]

OK, that scan was clean, lets do this......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[Kinotsu]

[MrCharlie]

Take a look at these two folders and see what's in them and do you recognize them:

c:\documents and settings\Owner\Local Settings\Application Data\{7294DA61-833B-11E1-826D-B8AC6F996F26}

c:\documents and settings\All Users\Application Data\529C53270001836300037DDCD151FC84

You may have to.....Enable Hidden files to see them:

http://www.howtogeek...-folders-in-xp/

------------------------------------------------------------------------------

Then......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

File::

c:\windows\system32\sho4F4.tmp

c:\windows\system32\sho885.tmp

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

[Kinotsu]

I checked the first folder and it said chrome I am not sure if it is from having google chrome or something different, the second folder appears to be what smart fortress 2012 was named as, which I searched for but could not find. Also about the quote I also have to include the File:: on the top of it in the notepad?

[MrCharlie]

OK, leave the folders for now.

This is what you copy and paste into notepad:

File::

c:\windows\system32\sho4F4.tmp

c:\windows\system32\sho885.tmp

MrC

[MrCharlie]

I have to leave the forum now.

You can.......

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

[Kinotsu]

Alright, I will do the combofix part tomorrow as I also need to leave but here is the MBAM log.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.11.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Owner :: ANTONIO [administrator]

4/11/2012 8:22:57 PM

mbam-log-2012-04-11 (20-22-57).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 207396

Time elapsed: 8 minute(s), 28 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[MrCharlie]

OK, let me know,,,MrC

[Kinotsu]

I just ran combofix with that script, here is the log.

ComboFix 12-04-11.03 - Owner 04/12/2012 12:43:27.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.980 [GMT -4:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

.

FILE ::

"c:\windows\system32\sho4F4.tmp"

"c:\windows\system32\sho885.tmp"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

.

.

((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))

.

.

2012-04-11 22:04 . 2012-04-11 22:04 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-11 21:56 . 2012-04-11 21:56 -------- d-----w- c:\program files\ERUNT

2012-04-11 21:19 . 2012-04-11 21:19 13824 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2012-04-11 15:54 . 2012-04-11 15:54 50704 ----a-w- c:\windows\system32\drivers\npf.sys

2012-04-10 19:08 . 2012-04-11 18:07 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-04-10 18:42 . 2012-04-10 19:48 -------- d-----w- c:\documents and settings\Administrator

2012-04-10 18:31 . 2012-04-10 18:31 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{7294DA61-833B-11E1-826D-B8AC6F996F26}

2012-04-10 18:30 . 2012-04-11 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\529C53270001836300037DDCD151FC84

2012-03-14 03:00 . 2012-03-14 03:00 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll

2012-03-14 03:00 . 2012-03-14 03:00 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-11 22:08 . 2004-08-04 12:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2012-04-04 19:56 . 2012-02-25 04:14 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-25 15:38 . 2011-05-15 16:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-01 11:01 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2004-08-04 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec

2012-02-15 15:42 . 2012-02-15 15:42 0 ----a-w- c:\windows\system32\sho4F4.tmp

2012-02-12 09:34 . 2012-02-12 09:34 0 ----a-w- c:\windows\system32\sho885.tmp

2012-02-03 09:22 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 03:00 . 2011-03-26 18:03 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-11_23.12.41 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-04-12 16:15 . 2012-04-12 16:15 16384 c:\windows\Temp\Perflib_Perfdata_59c.dat

+ 2004-08-04 12:00 . 2012-04-12 00:46 84494 c:\windows\system32\perfc009.dat

- 2004-08-04 12:00 . 2012-03-11 12:26 84494 c:\windows\system32\perfc009.dat

+ 2004-08-04 12:00 . 2012-03-01 11:01 66560 c:\windows\system32\mshtmled.dll

- 2004-08-04 12:00 . 2011-12-17 19:46 66560 c:\windows\system32\mshtmled.dll

+ 2009-03-08 09:31 . 2012-03-01 11:01 55296 c:\windows\system32\msfeedsbs.dll

- 2009-03-08 09:31 . 2011-12-17 19:46 55296 c:\windows\system32\msfeedsbs.dll

+ 2004-08-04 12:00 . 2012-03-01 11:01 25600 c:\windows\system32\jsproxy.dll

- 2004-08-04 12:00 . 2011-12-17 19:46 25600 c:\windows\system32\jsproxy.dll

- 2009-06-10 05:14 . 2011-12-17 19:46 12800 c:\windows\system32\dllcache\xpshims.dll

+ 2009-06-10 05:14 . 2012-03-01 11:01 12800 c:\windows\system32\dllcache\xpshims.dll

- 2011-11-01 20:35 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll

+ 2011-11-01 20:35 . 2012-03-01 11:01 66560 c:\windows\system32\dllcache\mshtmled.dll

+ 2009-07-29 12:45 . 2012-03-01 11:01 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2009-07-29 12:45 . 2011-12-17 19:46 55296 c:\windows\system32\dllcache\msfeedsbs.dll

- 2009-03-08 09:34 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll

+ 2009-03-08 09:34 . 2012-03-01 11:01 43520 c:\windows\system32\dllcache\licmgr10.dll

+ 2009-03-08 09:33 . 2012-03-01 11:01 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2009-03-08 09:33 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2012-02-16 04:52 . 2012-02-16 04:52 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2012-02-16 04:52 . 2012-02-16 04:52 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

- 2012-02-16 04:53 . 2012-02-16 04:53 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2012-02-16 04:52 . 2012-02-16 04:52 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

- 2012-02-16 04:52 . 2012-02-16 04:52 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2012-02-16 04:52 . 2012-02-16 04:52 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2012-04-12 00:46 . 2011-12-17 19:46 12800 c:\windows\ie8updates\KB2675157-IE8\xpshims.dll

+ 2012-04-12 00:46 . 2011-12-17 19:46 66560 c:\windows\ie8updates\KB2675157-IE8\mshtmled.dll

+ 2012-04-12 00:46 . 2011-12-17 19:46 55296 c:\windows\ie8updates\KB2675157-IE8\msfeedsbs.dll

+ 2012-04-12 00:46 . 2011-12-17 19:46 43520 c:\windows\ie8updates\KB2675157-IE8\licmgr10.dll

+ 2012-04-12 00:46 . 2011-12-17 19:46 25600 c:\windows\ie8updates\KB2675157-IE8\jsproxy.dll

+ 2012-04-12 16:32 . 2012-04-12 16:32 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\e7e97269e89997e751b00aacb1249a56\WindowsLiveWriter.ni.exe

+ 2012-04-12 16:34 . 2012-04-12 16:34 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2da63595792df88d3738ff12c3e42198\WindowsLive.Writer.Api.ni.dll

+ 2012-04-12 16:48 . 2012-04-12 16:48 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\36124bfc4baaa1c2063d699e77324080\System.Web.DynamicData.Design.ni.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

- 2012-02-16 05:35 . 2012-02-16 05:35 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2012-04-12 00:46 . 2012-04-12 00:46 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll

+ 2012-04-12 00:46 . 2012-04-12 00:46 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

- 2012-02-16 05:35 . 2012-02-16 05:35 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll

+ 2012-04-12 00:46 . 2012-04-12 00:46 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

- 2012-02-16 05:35 . 2012-02-16 05:35 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll

- 2012-02-16 05:35 . 2012-02-16 05:35 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2012-04-12 00:46 . 2012-04-12 00:46 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll

- 2012-02-16 04:52 . 2012-02-16 04:52 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll

- 2012-02-16 04:52 . 2012-02-16 04:52 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll

+ 2004-08-04 12:00 . 2012-03-01 11:01 105984 c:\windows\system32\url.dll

- 2004-08-04 12:00 . 2011-12-17 19:46 105984 c:\windows\system32\url.dll

- 2004-08-04 12:00 . 2012-03-11 12:26 493950 c:\windows\system32\perfh009.dat

+ 2004-08-04 12:00 . 2012-04-12 00:46 493950 c:\windows\system32\perfh009.dat

+ 2004-08-04 12:00 . 2012-03-01 11:01 206848 c:\windows\system32\occache.dll

- 2004-08-04 12:00 . 2011-12-17 19:46 206848 c:\windows\system32\occache.dll

- 2004-08-04 12:00 . 2011-12-17 19:46 611840 c:\windows\system32\mstime.dll

+ 2004-08-04 12:00 . 2012-03-01 11:01 611840 c:\windows\system32\mstime.dll

+ 2009-03-08 09:32 . 2012-03-01 11:01 602112 c:\windows\system32\msfeeds.dll

- 2009-03-08 09:32 . 2011-12-17 19:46 602112 c:\windows\system32\msfeeds.dll

+ 2004-08-04 12:00 . 2012-03-01 11:01 184320 c:\windows\system32\iepeers.dll

- 2004-08-04 12:00 . 2011-12-17 19:46 184320 c:\windows\system32\iepeers.dll

- 2004-08-04 12:00 . 2011-12-17 19:46 387584 c:\windows\system32\iedkcs32.dll

+ 2004-08-04 12:00 . 2012-03-01 11:01 387584 c:\windows\system32\iedkcs32.dll

+ 2004-08-04 12:00 . 2012-02-29 12:17 174080 c:\windows\system32\ie4uinit.exe

- 2004-08-04 12:00 . 2011-12-16 12:23 174080 c:\windows\system32\ie4uinit.exe

+ 2009-12-24 06:59 . 2012-02-29 14:10 177664 c:\windows\system32\dllcache\wintrust.dll

- 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll

- 2009-02-20 08:10 . 2011-12-17 19:46 916992 c:\windows\system32\dllcache\wininet.dll

+ 2009-02-20 08:10 . 2012-03-01 11:01 916992 c:\windows\system32\dllcache\wininet.dll

- 2011-11-01 20:35 . 2011-12-17 19:46 105984 c:\windows\system32\dllcache\url.dll

+ 2011-11-01 20:35 . 2012-03-01 11:01 105984 c:\windows\system32\dllcache\url.dll

- 2009-03-08 09:34 . 2011-12-17 19:46 206848 c:\windows\system32\dllcache\occache.dll

+ 2009-03-08 09:34 . 2012-03-01 11:01 206848 c:\windows\system32\dllcache\occache.dll

- 2011-11-01 20:35 . 2011-12-17 19:46 611840 c:\windows\system32\dllcache\mstime.dll

+ 2011-11-01 20:35 . 2012-03-01 11:01 611840 c:\windows\system32\dllcache\mstime.dll

- 2009-07-29 12:45 . 2011-12-17 19:46 602112 c:\windows\system32\dllcache\msfeeds.dll

+ 2009-07-29 12:45 . 2012-03-01 11:01 602112 c:\windows\system32\dllcache\msfeeds.dll

+ 2012-02-29 14:10 . 2012-02-29 14:10 148480 c:\windows\system32\dllcache\imagehlp.dll

+ 2009-06-10 05:14 . 2012-03-01 11:01 247808 c:\windows\system32\dllcache\ieproxy.dll

- 2009-06-10 05:14 . 2011-12-17 19:46 247808 c:\windows\system32\dllcache\ieproxy.dll

- 2011-11-01 20:35 . 2011-12-17 19:46 184320 c:\windows\system32\dllcache\iepeers.dll

+ 2011-11-01 20:35 . 2012-03-01 11:01 184320 c:\windows\system32\dllcache\iepeers.dll

+ 2010-06-12 00:35 . 2012-03-01 11:01 743424 c:\windows\system32\dllcache\iedvtool.dll

- 2010-06-12 00:35 . 2011-12-17 19:46 743424 c:\windows\system32\dllcache\iedvtool.dll

+ 2009-03-08 19:09 . 2012-03-01 11:01 387584 c:\windows\system32\dllcache\iedkcs32.dll

- 2009-03-08 19:09 . 2011-12-17 19:46 387584 c:\windows\system32\dllcache\iedkcs32.dll

- 2009-03-08 09:32 . 2011-12-16 12:23 174080 c:\windows\system32\dllcache\ie4uinit.exe

+ 2009-03-08 09:32 . 2012-02-29 12:17 174080 c:\windows\system32\dllcache\ie4uinit.exe

+ 2012-01-21 21:40 . 2012-01-21 21:40 616216 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll

+ 2012-01-31 07:38 . 2012-01-31 07:38 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

- 2012-02-16 04:52 . 2012-02-16 04:52 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 616216 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2012-02-16 04:52 . 2012-02-16 04:52 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2012-02-16 04:52 . 2012-02-16 04:52 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

- 2012-02-16 04:52 . 2012-02-16 04:52 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

- 2012-02-16 04:52 . 2012-02-16 04:52 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

- 2012-02-16 04:52 . 2012-02-16 04:52 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2012-02-16 04:52 . 2012-02-16 04:52 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll

- 2012-02-16 04:53 . 2012-02-16 04:54 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll

- 2012-02-16 04:52 . 2012-02-16 04:52 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

- 2012-02-16 04:52 . 2012-02-16 04:52 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

- 2012-02-16 04:52 . 2012-02-16 04:52 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2012-02-16 04:52 . 2012-02-16 04:52 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2012-02-16 04:52 . 2012-02-16 04:52 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2012-02-16 04:52 . 2012-02-16 04:52 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2012-02-03 03:56 . 2012-02-03 03:56 963584 c:\windows\Installer\4e4d76.msp

+ 2012-04-12 00:46 . 2011-12-17 19:46 916992 c:\windows\ie8updates\KB2675157-IE8\wininet.dll

+ 2012-04-12 00:46 . 2011-12-17 19:46 105984 c:\windows\ie8updates\KB2675157-IE8\url.dll

+ 2012-04-12 00:47 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2675157-IE8\spuninst\updspapi.dll

+ 2012-04-12 00:47 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2675157-IE8\spuninst\spuninst.exe

+ 2012-04-12 00:46 . 2011-12-17 19:46 206848 c:\windows\ie8updates\KB2675157-IE8\occache.dll

+ 2012-04-12 00:46 . 2011-12-17 19:46 611840 c:\windows\ie8updates\KB2675157-IE8\mstime.dll

+ 2012-04-12 00:46 . 2011-12-17 19:46 602112 c:\windows\ie8updates\KB2675157-IE8\msfeeds.dll

+ 2012-04-12 00:46 . 2011-12-17 19:46 247808 c:\windows\ie8updates\KB2675157-IE8\ieproxy.dll

+ 2012-04-12 00:46 . 2011-12-17 19:46 184320 c:\windows\ie8updates\KB2675157-IE8\iepeers.dll

+ 2012-04-12 00:46 . 2011-12-17 19:46 743424 c:\windows\ie8updates\KB2675157-IE8\iedvtool.dll

+ 2012-04-12 00:46 . 2011-12-17 19:46 387584 c:\windows\ie8updates\KB2675157-IE8\iedkcs32.dll

+ 2012-04-12 00:46 . 2011-12-16 12:23 174080 c:\windows\ie8updates\KB2675157-IE8\ie4uinit.exe

+ 2012-04-12 00:41 . 2012-04-12 00:41 226304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\06f391d52ab00469279819265bd111d2\System.Drawing.Design.ni.dll

+ 2012-04-12 16:52 . 2012-04-12 16:52 852480 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\b66c764c2b00cb7c7e5ee8d628fedba4\AspNetMMCExt.ni.dll

+ 2012-04-12 16:34 . 2012-04-12 16:34 626688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\7cc277c2303127d2664aab33d592a4bd\WindowsLiveLocal.WriterPlugin.ni.dll

+ 2012-04-12 16:33 . 2012-04-12 16:33 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f4c879fd28c2db82e98a2dd65e60acec\WindowsLive.Writer.Controls.ni.dll

+ 2012-04-12 16:34 . 2012-04-12 16:34 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b4c0d0908b6bdf882e5f8deb9404abe6\WindowsLive.Writer.Extensibility.ni.dll

+ 2012-04-12 16:34 . 2012-04-12 16:34 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a8339c6108cde382c721c1585d4a6d9d\WindowsLive.Writer.Passport.ni.dll

+ 2012-04-12 16:34 . 2012-04-12 16:34 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\91abc2cfaf847465d40d6fdf73927374\WindowsLive.Writer.FileDestinations.ni.dll

+ 2012-04-12 16:33 . 2012-04-12 16:33 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8cfcc19aafa227d46784bd096cb1d4e0\WindowsLive.Writer.Interop.ni.dll

+ 2012-04-12 16:34 . 2012-04-12 16:34 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\841842b15a178da4d03fc2be80b4d073\WindowsLive.Writer.HtmlEditor.ni.dll

+ 2012-04-12 16:34 . 2012-04-12 16:34 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7fd56269accaaf9c79733f616de49cab\WindowsLive.Writer.Localization.ni.dll

+ 2012-04-12 16:34 . 2012-04-12 16:34 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7b5e98e169fc34a17d4a1fb412461ce4\WindowsLive.Writer.BlogClient.ni.dll

+ 2012-04-12 16:34 . 2012-04-12 16:34 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6e75989fed2ac3ab6f09923534c8b6ee\WindowsLive.Writer.SpellChecker.ni.dll

+ 2012-04-12 16:34 . 2012-04-12 16:34 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3007d6df9256d53079cf1e3d815229b5\WindowsLive.Writer.Mshtml.ni.dll

+ 2012-04-12 16:33 . 2012-04-12 16:33 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\230141eb00db15e7818d1ce661a0b0b8\WindowsLive.Writer.BrowserControl.ni.dll

+ 2012-04-12 16:34 . 2012-04-12 16:34 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\ceb928ad9bb99b975319a31489b1246e\WindowsLive.Client.ni.dll

+ 2012-04-12 16:26 . 2012-04-12 16:26 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\5be064066858620a8aa628fca459a888\WindowsFormsIntegration.ni.dll

+ 2012-04-12 16:47 . 2012-04-12 16:47 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\1107b3a711bab40c83e2561ba2431d62\System.Web.Routing.ni.dll

+ 2012-04-12 16:49 . 2012-04-12 16:49 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\d7c8c294920cfe79765215e242308d28\System.Web.Extensions.Design.ni.dll

+ 2012-04-12 16:48 . 2012-04-12 16:48 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\5176923a8264305118a299419e1c7bde\System.Web.Entity.ni.dll

+ 2012-04-12 16:48 . 2012-04-12 16:48 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\d746c0f0ed36226efb2e0115de42cdd6\System.Web.Entity.Design.ni.dll

+ 2012-04-12 16:48 . 2012-04-12 16:48 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\df5542604898c9ea3fda32c8619ae0e5\System.Web.DynamicData.ni.dll

+ 2012-04-12 16:47 . 2012-04-12 16:47 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\b9c8715157536097b489132574ad5c17\System.Web.Abstractions.ni.dll

+ 2012-04-12 16:34 . 2012-04-12 16:34 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll

+ 2012-04-12 16:25 . 2012-04-12 16:25 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\cc2cd3bc46c9c2b30e47281e404a3230\System.Drawing.Design.ni.dll

+ 2012-04-12 16:32 . 2012-04-12 16:32 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\8d6cd6a93f679608d52b6c874088b963\AspNetMMCExt.ni.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

- 2012-02-16 05:35 . 2012-02-16 05:35 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2012-04-12 00:46 . 2012-04-12 00:46 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2012-02-16 05:35 . 2012-02-16 05:35 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2012-04-12 00:46 . 2012-04-12 00:46 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

- 2012-02-16 05:35 . 2012-02-16 05:35 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2012-04-12 00:46 . 2012-04-12 00:46 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2012-04-12 00:46 . 2012-04-12 00:46 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2012-02-16 05:35 . 2012-02-16 05:35 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

+ 2012-04-12 00:46 . 2012-04-12 00:46 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2012-02-16 05:35 . 2012-02-16 05:35 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2012-04-12 00:46 . 2012-04-12 00:46 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2012-02-16 05:35 . 2012-02-16 05:35 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2012-02-16 05:35 . 2012-02-16 05:35 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2012-04-12 00:46 . 2012-04-12 00:46 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2012-02-16 05:35 . 2012-02-16 05:35 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2012-04-12 00:46 . 2012-04-12 00:46 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll

+ 2004-08-04 12:00 . 2012-03-01 11:01 1212416 c:\windows\system32\urlmon.dll

- 2004-08-04 12:00 . 2011-12-17 19:46 1212416 c:\windows\system32\urlmon.dll

+ 2004-08-04 12:00 . 2012-03-01 11:01 5978624 c:\windows\system32\mshtml.dll

+ 2009-03-08 09:32 . 2012-03-01 11:01 2000384 c:\windows\system32\iertutil.dll

- 2009-03-08 09:32 . 2011-12-17 19:46 2000384 c:\windows\system32\iertutil.dll

+ 2009-02-20 08:10 . 2012-03-01 11:01 1212416 c:\windows\system32\dllcache\urlmon.dll

- 2009-02-20 08:10 . 2011-12-17 19:46 1212416 c:\windows\system32\dllcache\urlmon.dll

+ 2009-02-20 08:11 . 2012-03-01 11:01 5978624 c:\windows\system32\dllcache\mshtml.dll

- 2009-06-10 05:14 . 2011-12-17 19:46 2000384 c:\windows\system32\dllcache\iertutil.dll

+ 2009-06-10 05:14 . 2012-03-01 11:01 2000384 c:\windows\system32\dllcache\iertutil.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll

- 2012-02-16 04:52 . 2012-02-16 04:52 3511880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 3511880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll

- 2012-02-16 04:52 . 2012-02-16 04:52 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

+ 2012-04-12 00:39 . 2012-04-12 00:39 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

- 2012-02-16 04:54 . 2012-02-16 04:54 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

- 2012-02-16 04:52 . 2012-02-16 04:52 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2012-04-12 00:38 . 2012-04-12 00:38 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

- 2012-02-16 04:53 . 2012-02-16 04:53 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

+ 2012-01-22 14:09 . 2012-01-22 14:09 1700352 c:\windows\Installer\4e4d6f.msp

+ 2012-04-12 00:46 . 2011-12-17 19:46 1212416 c:\windows\ie8updates\KB2675157-IE8\urlmon.dll

+ 2012-04-12 00:46 . 2011-12-17 19:46 5979136 c:\windows\ie8updates\KB2675157-IE8\mshtml.dll

+ 2012-04-12 00:46 . 2011-12-17 19:46 2000384 c:\windows\ie8updates\KB2675157-IE8\iertutil.dll

+ 2012-04-12 00:40 . 2012-04-12 00:40 3798016 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\64bc66b117a976cc4972e4376290c95d\WindowsBase.ni.dll

+ 2012-04-12 00:41 . 2012-04-12 00:41 1665024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9ac7922025e72297069a82a403cb59fa\System.Drawing.ni.dll

+ 2012-04-12 16:55 . 2012-04-12 16:55 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\2a3e6c74bc3763eefe27c55d9cad3fda\System.Deployment.ni.dll

+ 2012-04-12 16:56 . 2012-04-12 16:56 1836544 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\03bc4ff490bc2c544c5f61842a394883\Microsoft.VisualBasic.ni.dll

+ 2012-04-12 16:55 . 2012-04-12 16:55 2868736 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\25d27c5881735866f47fb57080989b66\Microsoft.Build.Tasks.v4.0.ni.dll

+ 2012-04-12 16:33 . 2012-04-12 16:33 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d9964dddf3b1a2753e7fe48b148e8a3f\WindowsLive.Writer.PostEditor.ni.dll

+ 2012-04-12 16:34 . 2012-04-12 16:34 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\83417712ddccf2ede8b8701cb525fc23\WindowsLive.Writer.ApplicationFramework.ni.dll

+ 2012-04-12 16:33 . 2012-04-12 16:33 2018816 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\34d3e24c636129dc4d513f11bbc4ddf8\WindowsLive.Writer.CoreServices.ni.dll

+ 2012-04-12 16:51 . 2012-04-12 16:51 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\d31d2eb0a862d3c1d3561be5f1570c3e\System.WorkflowServices.ni.dll

+ 2012-04-12 16:50 . 2012-04-12 16:50 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\53c2336db392bfa5484850780048e37a\System.Workflow.ComponentModel.ni.dll

+ 2012-04-12 16:50 . 2012-04-12 16:50 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\f243723cda77dd647b250dd9c42c35e2\System.Workflow.Activities.ni.dll

+ 2012-04-12 16:49 . 2012-04-12 16:49 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\d1dacd5cb445b242b70bf7d606464293\System.Web.Mobile.ni.dll

+ 2012-04-12 16:48 . 2012-04-12 16:48 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6acbb8bb1a43fab0fdcf55bedd1fbcc3\System.Web.Extensions.ni.dll

+ 2012-04-12 16:25 . 2012-04-12 16:25 1035776 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\44d507a702c1623810e094adf751f687\System.Printing.ni.dll

+ 2012-04-12 16:25 . 2012-04-12 16:25 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8d886cdc2ca5f0ff97cd1afe8773bb6e\System.Drawing.ni.dll

+ 2012-04-12 16:33 . 2012-04-12 16:33 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3d253a2235f7c03630003bc1fbaf34a3\System.Deployment.ni.dll

+ 2012-04-12 16:24 . 2012-04-12 16:24 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\c73e109dbac6b099786cc68fe36e3d0b\ReachFramework.ni.dll

+ 2012-04-12 16:24 . 2012-04-12 16:24 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\20d72aeac1109863b77532d37d3f4fa2\PresentationUI.ni.dll

+ 2012-04-12 16:36 . 2012-04-12 16:36 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ec4a3f74cb80c9b9581d778e8645b2c\Microsoft.VisualBasic.ni.dll

+ 2012-04-12 16:34 . 2012-04-12 16:34 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\876b7280cf4e81fd65b120f60d38a7d9\Microsoft.Build.Tasks.ni.dll

+ 2012-04-12 16:35 . 2012-04-12 16:35 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\64ba53308e90fa3837fe47977e2d37b6\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2012-04-12 00:46 . 2012-04-12 00:46 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2012-02-16 05:35 . 2012-02-16 05:35 3186688 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll

+ 2012-04-12 00:45 . 2012-04-12 00:45 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

- 2012-02-16 05:34 . 2012-02-16 05:34 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll

+ 2012-04-12 00:46 . 2012-04-12 00:46 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

- 2012-02-16 05:35 . 2012-02-16 05:35 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

+ 2012-04-12 00:46 . 2012-04-12 00:46 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

- 2012-02-16 05:35 . 2012-02-16 05:35 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2009-05-12 22:15 . 2012-04-12 00:34 55154568 c:\windows\system32\MRT.exe

+ 2009-03-08 09:39 . 2012-03-02 10:01 11082752 c:\windows\system32\ieframe.dll

+ 2009-06-10 05:14 . 2012-03-02 10:01 11082752 c:\windows\system32\dllcache\ieframe.dll

+ 2012-04-12 00:46 . 2011-12-18 19:46 11082240 c:\windows\ie8updates\KB2675157-IE8\ieframe.dll

+ 2012-04-12 00:41 . 2012-04-12 00:41 13196800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\67b05b57919dfc3a1521f33198495f5b\System.Windows.Forms.ni.dll

+ 2012-04-12 00:41 . 2012-04-12 00:41 11002880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\bb766612c7402195f00054b9809ebed9\System.Design.ni.dll

+ 2012-04-12 00:41 . 2012-04-12 00:41 17671168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d5be46bcb4eba96a282fb0129b00918d\PresentationFramework.ni.dll

+ 2012-04-12 00:40 . 2012-04-12 00:40 11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\503f6775eb81ff6d97a3e93a70ff8d6e\PresentationCore.ni.dll

+ 2012-04-12 16:26 . 2012-04-12 16:26 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d96906db18e87ffe2e08f6cda7e2be0f\System.Windows.Forms.ni.dll

+ 2012-04-12 16:33 . 2012-04-12 16:34 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll

+ 2012-04-12 16:25 . 2012-04-12 16:25 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\561138d8d199861578c197c4d24e3934\System.Design.ni.dll

+ 2012-04-12 16:23 . 2012-04-12 16:23 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\029d1d9e6495065aa4f38bcf2315ee8c\PresentationFramework.ni.dll

+ 2012-04-12 16:21 . 2012-04-12 16:21 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0a059ecfca6e421629a8298b03a7814c\PresentationCore.ni.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-07-17 21:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83453B9B-B889-4659-9144-20F081542BDC}]

2009-11-17 17:33 81920 ----a-w- c:\program files\centurytoolbar\centurytoolbarDx.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

"{83453B9B-B889-4659-9144-20F081542BDC}"= "c:\program files\centurytoolbar\centurytoolbarDx.dll" [2009-11-17 81920]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_CLASSES_ROOT\clsid\{83453b9b-b889-4659-9144-20f081542bdc}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-20 39408]

"DAEMON Tools Lite"="c:\documents and settings\Owner\Desktop\Tibia8.42\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-10 3077528]

"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2011-03-31 2918576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2012-04-10 488744]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"nwiz"="nwiz.exe" [2006-10-22 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]

"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]

.

c:\documents and settings\Owner\Start Menu\Programs\Startup\

Xfire.lnk - c:\program files\Xfire\Xfire.exe [2010-7-9 3493776]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

Philips GoGear ARIA Device Manager.lnk - c:\program files\Philips\GoGear ARIA Device Manager\GoGear_Aria_DeviceManager.exe [2010-3-8 1611152]

WinZip Quick Pick.lnk - c:\documents and settings\Owner\Desktop\Tibia8.42\WinZip\WZQKPICK.EXE [2010-11-20 525640]

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Xfire\\Xfire.exe"=

"c:\\Documents and Settings\\Owner\\Desktop\\Tibia8.10\\Empire Earth\\Empire Earth.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\DAP\\DAP.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\WINDOWS\\system32\\dxdiag.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=

"c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Rhapsody\\rhapsody.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443

"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443

"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674

"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674

"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

"5191:TCP"= 5191:TCP:The Browser Highlighter XCOM

"67:UDP"= 67:UDP:DHCP Discovery Service

"57235:TCP"= 57235:TCP:Pando Media Booster

"57235:UDP"= 57235:UDP:Pando Media Booster

"53:UDP"= 53:UDP:Promo

.

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/1/2010 3:48 PM 207792]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/12/2010 4:58 PM 691696]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [12/1/2010 7:56 PM 21992]

R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [1/4/2012 3:22 PM 822624]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2/28/2012 6:38 PM 1373576]

R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [10/1/2011 9:30 AM 508776]

R2 Viewpoint Service;Viewpoint Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/25/2009 10:19 PM 30152]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 11:23 PM 584680]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 11:23 PM 209640]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 11:23 PM 20584]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 11:23 PM 18280]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [10/1/2011 9:30 AM 219496]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 2:22 PM 135664]

S2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [6/24/2010 3:50 PM 70952]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 2:22 PM 135664]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/10/2012 3:08 PM 32072]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/22/2008 12:49 AM 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/22/2008 12:49 AM 8320]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]

S3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\Drivers\Pcouffin.sys --> c:\windows\system32\Drivers\Pcouffin.sys [?]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/1/2010 3:47 PM 359624]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

kwatchsvc

cicsclient

upnp

SMNDIS5

mpfp

CTSYN

trlokom_rmhsvc

a016obex

SGIR

thkeys

asctrm

lvpopflt

wpshelper

mafwboot

inotask

Nmea

gemserv

windowblinds

mfcom

WinVd32

rchost

c34nb4c5

iAimFP7

w200mgmt

DLARTL_M

vmware

RecAgent

HidBth

MxlW2k

portmapper

pptchpad

A88xTuner

WinHttpAutoProxySvc

prfldsvc

useraccess7

SaiClass

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2012-04-12 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-19 22:18]

.

2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 18:22]

.

2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 18:22]

.

2012-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1292428093-682003330-1003Core.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-24 13:47]

.

2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1292428093-682003330-1003UA.job

- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-24 13:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.centurylink.net

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - c:\program files\DAP\dapextie.htm

IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\fwnqptuz.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=894204&p=

FF - prefs.js: network.proxy.type - 0

FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-12 12:56

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1708537768-1292428093-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2AE50DB6-18BD-2AB5-E0DB-E5DB326E9BD7}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"napihmpndglbmbjljpchgeogjomd"=hex:6b,61,64,6d,6c,67,61,6b,6f,6a,62,6a,69,66,

68,65,64,68,65,6e,64,6e,00,5a

"mafianfgdiehdbegbnpnglpgia"=hex:6b,61,61,6d,68,67,65,6c,61,68,6d,68,6b,62,68,

6b,6e,62,68,6e,67,6f,00,00

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3544)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2012-04-12 12:59:44

ComboFix-quarantined-files.txt 2012-04-12 16:59

ComboFix2.txt 2012-04-11 23:18

.

Pre-Run: 10,546,450,432 bytes free

Post-Run: 10,534,936,576 bytes free

.

- - End Of File - - 2A5982B6292AAB6E67B761D58F5CED49

[MrCharlie]

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

[Kinotsu]

Here is the MBAM log.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.12.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Owner :: ANTONIO [administrator]

4/12/2012 1:31:59 PM

mbam-log-2012-04-12 (13-31-59).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 207400

Time elapsed: 7 minute(s), 56 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[MrCharlie]

How's the computer running now??? MrC

[Kinotsu]

I just tried google and there was no redirecting to websites like before. As for programs and start up it has not appeared to have a problem. But my question is does this mean it's fixed or is that backdoor program still on my system?

[MrCharlie]

Well this was in your DDS log:

LSP: mswsock.dll

Which is a clear indication of the ZeroAccess infection.

Also RogueKiller picked it up:

¤¤¤ Infection : ZeroAccess ¤¤¤

[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

-------------------------------------

TDSSKiller didn't find anything and ComboFix didn't show that it cleaned the infection.

When you ran ComboFix did it mention anything about a rootkit??

MrC

[Kinotsu]

I did not notice anything about a rootkit when running it.

[MrCharlie]

I don't see any more malware on the system but I can't guarantee it's 100% safe, sorry but there's no way I can tell.

You were infected with a BackDoor Trojan, so you read the warning.

-----------------------------------

You have out date Java on the system, older versions are vulnerable to malware.

BrowserJavaVersion: 1.6.0_30 <---should be 31

Go to your control panel > Java > Update Tab > Update Now.

--------------------------------------

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

-------------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!