Jump to content

xmldm.exe: invincible


Recommended Posts

hello, i am still fairly new to forums so if i have made a mistake somewhere please be gentle.

i have 4 scanners on my computer which have helped me remove some nasty virus'/malware/whatever else.

i am using SpybotS&D-Malwarebytes-AVG2011-CCleaner. lately the computer has been ok, and runs well. When i run the other scans they all come up clean. But everytime i run Malwarebytes it shows this in log: (see bottom)

i have deleted, quarantined and thought to have removed this problem several times but it persists. any help would be useful.

PS. while i am new to forums and do not know everything i would like to know about computers. i am not new to using computers. i would say i know more than a general office worker, but less than someone who took computer classes. if that makes any sense? thank you in advance for any help.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6963

Windows 5.1.2600 Service Pack 3, v.3180

Internet Explorer 6.0.2900.3180

6/27/2011 3:49:58 PM

mbam-log-2011-06-27 (15-49-46).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 190026

Time elapsed: 35 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 164

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\WINDOWS\system32\xmldm (Stolen.Data) -> No action taken.

Files Infected:

c:\WINDOWS\system32\xmldm\4060_ff_0000000179.pst (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\4060_ff_0000000180.htm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\636_ff_0000000181.pst (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\636_ff_0000000182.htm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000183.pst (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000184.htm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000185_ifrm.htm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000186.key (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000187.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000188.key (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000189.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000190.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000191.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000192.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000193.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000194.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000195.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000196.pst (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000197.key (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000198_ifrm.htm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000199.key (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000200.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000201.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000202.pst (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000203.key (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000204.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000205.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000206.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000207.pst (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000208.key (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000209.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000210.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000211.pst (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000212.key (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000213.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000214.pst (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000215.key (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000216.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000217.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000218.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000219.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000220.pst (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000221.key (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000222_ifrm.htm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000223.key (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000224.key (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000225.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000226.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000227.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000228.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000229.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000230.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000231.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000232.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000233.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000234.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000235.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000236.frm (Stolen.Data) -> No action taken.

c:\WINDOWS\system32\xmldm\3352_ff_0000000237.frm (Stolen.Data) -> No action taken.

Link to post
Share on other sites

  • Replies 58
  • Created
  • Last Reply

Top Posters In This Topic

Hello starfouf4 and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

***Note: In order for ComboFix to run properly AVG must be uninstalled. Please go here and follow the instructions to uninstall AVG.

You can reinstall it after the computer is clean.

-------------

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:

1) Run Spybot-S&D

2) Go to the Mode menu, and make sure Advanced Mode is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck Resident TeaTimer and OK any prompts

You can re-enable TeaTimer once your system is clean.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

Hey man thanks for helping me out, sorry it took so long for me to reply. but i didn't receive an email saying someone had replied to my post. and its kind of a pain to sort through all the posts to find mine lol but anyways.

Here are all the logs:

------------------------

TDSSKILLER

------------------------

2011/07/06 00:21:37.0546 2224 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21

2011/07/06 00:21:38.0359 2224 ================================================================================

2011/07/06 00:21:38.0359 2224 SystemInfo:

2011/07/06 00:21:38.0359 2224

2011/07/06 00:21:38.0359 2224 OS Version: 5.1.2600 ServicePack: 3.0

2011/07/06 00:21:38.0359 2224 Product type: Workstation

2011/07/06 00:21:38.0359 2224 ComputerName: ACE

2011/07/06 00:21:38.0359 2224 UserName: Unknown

2011/07/06 00:21:38.0359 2224 Windows directory: C:\WINDOWS

2011/07/06 00:21:38.0359 2224 System windows directory: C:\WINDOWS

2011/07/06 00:21:38.0359 2224 Processor architecture: Intel x86

2011/07/06 00:21:38.0359 2224 Number of processors: 1

2011/07/06 00:21:38.0359 2224 Page size: 0x1000

2011/07/06 00:21:38.0359 2224 Boot type: Normal boot

2011/07/06 00:21:38.0359 2224 ================================================================================

2011/07/06 00:21:39.0562 2224 Initialize success

2011/07/06 00:21:42.0937 2760 ================================================================================

2011/07/06 00:21:42.0937 2760 Scan started

2011/07/06 00:21:42.0937 2760 Mode: Manual;

2011/07/06 00:21:42.0937 2760 ================================================================================

2011/07/06 00:21:44.0906 2760 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/07/06 00:21:45.0031 2760 ACPI (14f095a512b1dfa3cf34b52b1e5c3974) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/06 00:21:45.0140 2760 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/07/06 00:21:45.0359 2760 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/07/06 00:21:45.0468 2760 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/06 00:21:45.0578 2760 AFD (69179a07789e6299769f011e66350703) C:\WINDOWS\System32\drivers\afd.sys

2011/07/06 00:21:45.0750 2760 agp440 (06abba5c28f663df5c0a59ffb5b765f2) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/07/06 00:21:45.0906 2760 agpCPQ (e35f238f1472f594e3e51c831337d222) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/07/06 00:21:46.0093 2760 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/07/06 00:21:46.0296 2760 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/07/06 00:21:46.0484 2760 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/07/06 00:21:46.0578 2760 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/07/06 00:21:46.0734 2760 alim1541 (69bf1c4a03170851bf726f119ef2992b) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/07/06 00:21:46.0859 2760 amdagp (503d7baf7ac6a8855fa3d97d2c15a745) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/07/06 00:21:47.0062 2760 AmdK8 (ff8562f78b45a811c1ee23431622d4cc) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

2011/07/06 00:21:47.0296 2760 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/07/06 00:21:47.0421 2760 Arp1394 (d58a4be1edbe756c48a73cb6dc499c89) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/07/06 00:21:47.0625 2760 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/07/06 00:21:47.0875 2760 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/07/06 00:21:48.0078 2760 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/07/06 00:21:48.0171 2760 AsyncMac (67b0d103f4b1d0d9d8a39234ce17eba5) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/06 00:21:48.0281 2760 atapi (ecc752d74b5c8648206fcd47485ece2f) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/06 00:21:48.0890 2760 ati2mtag (669a8717dbe1a6b03898a190e4708b2f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/07/06 00:21:49.0078 2760 Atmarpc (b196a4e79f8fcb5e494dfceebc125eb1) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/06 00:21:49.0281 2760 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/06 00:21:51.0515 2760 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2011/07/06 00:21:51.0640 2760 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/06 00:21:51.0906 2760 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/07/06 00:21:52.0125 2760 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/06 00:21:52.0312 2760 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/07/06 00:21:52.0375 2760 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/06 00:21:52.0500 2760 Cdfs (71da710d1ffacbd7a9b6e6863c1c0856) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/06 00:21:52.0625 2760 Cdrom (dc6ac6867c83cc634365d5e01508134e) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/06 00:21:52.0687 2760 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: dc6ac6867c83cc634365d5e01508134e, Fake md5: 4b0a100eaf5c49ef3cca8c641431eacc

2011/07/06 00:21:52.0703 2760 Cdrom - detected ForgedFile.Multi.Generic (1)

2011/07/06 00:21:53.0109 2760 CmBatt (e1d783898e7335443b07ca2b30a5d71b) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/07/06 00:21:53.0187 2760 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/07/06 00:21:53.0343 2760 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/07/06 00:21:53.0531 2760 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/07/06 00:21:53.0750 2760 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/07/06 00:21:53.0937 2760 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/07/06 00:21:54.0046 2760 Disk (8e79f7438df5ff7968cbca677c10ff28) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/06 00:21:54.0265 2760 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys

2011/07/06 00:21:54.0421 2760 dmboot (a29086830d1f3c0f0e40554226a71494) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/06 00:21:54.0531 2760 dmio (aa2ef626f931ad46e700bbed5928faeb) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/06 00:21:54.0593 2760 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/06 00:21:54.0703 2760 DMusic (01f621d9ec31c15564cd6fda02cccb1a) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/06 00:21:54.0906 2760 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/07/06 00:21:55.0046 2760 DritekPortIO (5beb3bdaecc6c9348fc0d169ce65ecc6) C:\PROGRA~1\LAUNCH~1\DPortIO.sys

2011/07/06 00:21:55.0125 2760 drmkaud (baa7593744480e0ecfb7e64d5d8acfb2) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/06 00:21:58.0515 2760 EMSCR (5aee9eedcfbf2b0f9dec53c27ee722a3) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys

2011/07/06 00:21:58.0718 2760 ESDCR (8e56ab21d10c368029cea57de47d79c2) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys

2011/07/06 00:21:58.0921 2760 ESMCR (0a58fade5e12d3a611427292073362cb) C:\WINDOWS\system32\DRIVERS\ESM7SK.sys

2011/07/06 00:21:59.0265 2760 Fastfat (36341b5ac32718e7c6f42dd080199d3a) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/06 00:21:59.0562 2760 Fdc (de503f555512a1519631ab5ef7393fcf) C:\WINDOWS\system32\drivers\Fdc.sys

2011/07/06 00:21:59.0843 2760 Fips (9165aa0625bce181e3967e552b0e0cc9) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/06 00:22:00.0125 2760 Flpydisk (8f7cdd70f54703857970daf19cea0833) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/07/06 00:22:00.0281 2760 FltMgr (f9ecd3b42cedf9729d8b39af2c7a19ce) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/07/06 00:22:00.0390 2760 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/06 00:22:00.0500 2760 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/06 00:22:00.0765 2760 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/07/06 00:22:01.0046 2760 Gpc (f65022c9e5b76cf4ab8f82f74e59e2aa) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/06 00:22:01.0234 2760 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/07/06 00:22:01.0578 2760 HidUsb (adf1be3160e645987b40e02105b60437) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/06 00:22:01.0812 2760 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/07/06 00:22:02.0046 2760 HSFHWAZL (358ae1d350e05f5c45f65dca0be6ba40) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2011/07/06 00:22:02.0359 2760 HSF_DPV (c17b97f331a08bed979961245331413d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2011/07/06 00:22:02.0640 2760 HSXHWAZL (83f221ddae2d2353b41f0227e6e411d7) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys

2011/07/06 00:22:02.0812 2760 HTTP (1c9485d5a089c14318f067770f8deb02) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/06 00:22:03.0156 2760 i2omgmt (3dfe681847872f5da5931666efab6fb7) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/07/06 00:22:03.0500 2760 i2omp (cfdd067ebde88aff5b6078ef85fb20cb) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/07/06 00:22:03.0781 2760 i8042prt (9758fc7153e42ad3c6d44a745dfa018e) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/06 00:22:04.0078 2760 Imapi (5ddce01beae83661cf78d8ac8d38a064) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/06 00:22:04.0343 2760 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/07/06 00:22:04.0609 2760 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\WINDOWS\system32\drivers\int15.sys

2011/07/06 00:22:05.0031 2760 IntcAzAudAddService (909d03b3b7fb7c830b74f74f4d0ea7ce) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/07/06 00:22:05.0500 2760 IntelIde (8782fda97b1a1133bcc2d3c1035807e2) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/07/06 00:22:05.0593 2760 Ip6Fw (c6ffd0fda29b6220fa38e2c8d6183272) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/07/06 00:22:05.0671 2760 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/06 00:22:05.0953 2760 IpInIp (6e53502824b51c3fd289d883d7d24ab9) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/06 00:22:06.0234 2760 IpNat (9c527dea05ebb8e4c85ef4d52d82e9d0) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/06 00:22:06.0531 2760 IPSec (a409f81c50f06b42aa27866bcf0d528d) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/06 00:22:06.0828 2760 irda (8edcd869868bb23400d46df28b8676a0) C:\WINDOWS\system32\DRIVERS\irda.sys

2011/07/06 00:22:07.0125 2760 IRENUM (e5ec5cd79b61f899ca53c887d27f834b) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/06 00:22:07.0312 2760 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys

2011/07/06 00:22:07.0625 2760 isapnp (363af372258c1c9ae5d0e9b7c4c4c847) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/06 00:22:07.0921 2760 Kbdclass (8ae37e480218183e17592ec47920d1cc) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/06 00:22:08.0500 2760 kmixer (99f4e83e286d27944c2cd62643835306) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/06 00:22:08.0781 2760 KSecDD (7b74409c0f359e29b69773eb01e870a5) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/06 00:22:09.0656 2760 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/07/06 00:22:09.0859 2760 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/07/06 00:22:10.0000 2760 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/06 00:22:10.0296 2760 Modem (2e5971dabcea376df993dfde808b951d) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/06 00:22:10.0562 2760 Mouclass (61c7d01e30a83590ad8215d4e9ba30d0) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/06 00:22:10.0781 2760 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/06 00:22:11.0171 2760 MountMgr (ef4fe84adb5ba32e25a13c5426ba7a93) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/06 00:22:11.0375 2760 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/07/06 00:22:11.0687 2760 MRxDAV (32ebcbc196a3540428c34d614db20029) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/06 00:22:11.0984 2760 MRxSmb (d4ad92f0af2de85170d37541cbf50b55) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/06 00:22:12.0281 2760 Msfs (873cafe6c178fee3b1c59aa17c12c3a4) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/06 00:22:12.0578 2760 MSKSSRV (21180e15d892de3c8eb7639ae606c1d8) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/06 00:22:12.0843 2760 MSPCLOCK (33fbe079592b2a3d52deb6b29b6bf8e0) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/06 00:22:13.0109 2760 MSPQM (a3eea681d8fac980810763ba36b1c44c) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/06 00:22:13.0250 2760 mssmbios (d81aebaefa8fe19096d1c2b816069fb5) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/06 00:22:13.0515 2760 Mup (ed570aa3ebb3c7f55a8f4628146836b2) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/06 00:22:13.0812 2760 NDIS (e65ae42c335d0b5701a05fb339c453d4) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/06 00:22:14.0078 2760 NdisTapi (edf5a9e7a91f9a9a0211c345243051b9) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/06 00:22:14.0343 2760 Ndisuio (8ebf03edd75e150b86974a60f1c81efb) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/06 00:22:14.0609 2760 NdisWan (5840063ed4e7c4fb1be022bbf291a2d6) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/06 00:22:14.0890 2760 NDProxy (bdc1a55c6fb9cda87cf4818bc13b8001) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/06 00:22:15.0140 2760 NetBIOS (159abc392769f8562a9f71990efea3d7) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/06 00:22:15.0437 2760 NetBT (275b99fac807fbb3ad6e13a1ea0484b4) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/06 00:22:15.0796 2760 NIC1394 (fa6c984ac9730a3d09f98a93ebaaeb79) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/07/06 00:22:16.0359 2760 Npfs (f644029590a3a46a10c14121384f5874) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/06 00:22:16.0656 2760 Ntfs (6ffbf609c4d1956967d549ee9d26de6e) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/06 00:22:16.0875 2760 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys

2011/07/06 00:22:16.0968 2760 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/06 00:22:17.0078 2760 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/06 00:22:17.0140 2760 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/06 00:22:17.0406 2760 NwlnkIpx (c55b0cea0e249583c38c36916920d361) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

2011/07/06 00:22:17.0500 2760 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

2011/07/06 00:22:17.0625 2760 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

2011/07/06 00:22:17.0890 2760 ohci1394 (edad3a2e21fed8c5cf13f44cf292219b) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/07/06 00:22:18.0171 2760 Parport (392e8d639a0e69b135c76a479fda1ed0) C:\WINDOWS\system32\drivers\Parport.sys

2011/07/06 00:22:18.0234 2760 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/06 00:22:18.0312 2760 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/06 00:22:18.0578 2760 PCI (da06144577cfaba30922edf417d21df5) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/06 00:22:19.0015 2760 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/06 00:22:19.0312 2760 Pcmcia (d03b1326818ab9b4a097cebf9f2c1718) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/07/06 00:22:20.0656 2760 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/07/06 00:22:20.0843 2760 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/07/06 00:22:21.0171 2760 PptpMiniport (8c4da2768e0f16ce671ba06b2eedc3e9) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/06 00:22:21.0437 2760 Processor (cce64b2d46e3498f3b49f85ba51d207a) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/07/06 00:22:21.0703 2760 PSched (67be9c80be9118944d5e6de0f4d5abfd) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/06 00:22:21.0765 2760 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/06 00:22:21.0968 2760 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/07/06 00:22:22.0156 2760 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/07/06 00:22:22.0343 2760 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/07/06 00:22:22.0515 2760 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/07/06 00:22:22.0734 2760 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/07/06 00:22:22.0921 2760 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/07/06 00:22:22.0984 2760 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/06 00:22:23.0187 2760 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

2011/07/06 00:22:23.0437 2760 Rasl2tp (fed62e63ae154227801b78a4f16e63a7) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/06 00:22:23.0687 2760 RasPppoe (8ab27a574634b1aa461983dfe301bc15) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/06 00:22:23.0734 2760 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/06 00:22:24.0015 2760 Rdbss (c04957198332a8029eb0123432b7e04b) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/06 00:22:24.0078 2760 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/06 00:22:24.0359 2760 rdpdr (d4849c130a71196932c9ac932dd7bd13) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/07/06 00:22:24.0640 2760 RDPWD (3fca11c2685bef139f4681ec3130ebe7) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/06 00:22:24.0953 2760 redbook (ac82fa3391a6e3cee9d55c70e067c383) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/06 00:22:25.0140 2760 rspndr (b09e22b1877d5bc119f477cd671e5631) C:\WINDOWS\system32\DRIVERS\rspndr.sys

2011/07/06 00:22:25.0359 2760 RTL8023xp (911e07056b865760c0762f6221145999) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

2011/07/06 00:22:25.0640 2760 SbcpHid (30d94039a729571146eb9d736ec1aadd) C:\WINDOWS\system32\Drivers\SbcpHid.sys

2011/07/06 00:22:25.0859 2760 sdbus (ce03e9dbaf30ce352a63d1c7a30d92af) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/07/06 00:22:26.0156 2760 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/06 00:22:26.0171 2760 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\secdrv.sys. Real md5: d26e26ea516450af9d072635c60387f4, Fake md5: ba0d892d2f786bcebdf03b0a252b47f3

2011/07/06 00:22:26.0187 2760 Secdrv - detected ForgedFile.Multi.Generic (1)

2011/07/06 00:22:26.0453 2760 Serial (d21629103df0a27db47cfc93bb10addc) C:\WINDOWS\system32\drivers\Serial.sys

2011/07/06 00:22:26.0687 2760 Sfloppy (214d8a687112b7801c11ae9605f4a411) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/06 00:22:26.0812 2760 shdbus (cefb95b9e01545c2c6806dab0a67c209) C:\WINDOWS\system32\drivers\shdbus.sys

2011/07/06 00:22:26.0906 2760 Shield (cd718dd78e002f7ad8432953bd2b2090) C:\WINDOWS\system32\drivers\Shield.sys

2011/07/06 00:22:27.0078 2760 Shieldf (fca0ef03905bcee88891284d9c9f2c60) C:\WINDOWS\system32\drivers\Shieldf.sys

2011/07/06 00:22:27.0265 2760 shieldm (4b6013dc151f67b125ea5b20764ae9ac) C:\WINDOWS\system32\drivers\shieldm.sys

2011/07/06 00:22:27.0687 2760 sisagp (65adb4314ffce05e7e3f8bae46191d24) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/07/06 00:22:27.0875 2760 SMCIRDA (62556d170f22c43a544481e4ee16d2e2) C:\WINDOWS\system32\DRIVERS\smcirda.sys

2011/07/06 00:22:28.0156 2760 snapman (90257773f4b4065bd0c6cc2164fd52e5) C:\WINDOWS\system32\DRIVERS\snapman.sys

2011/07/06 00:22:28.0281 2760 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/07/06 00:22:28.0531 2760 splitter (3e9bc056dab801f260c02ed5c866c34d) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/06 00:22:28.0781 2760 sr (f4954551f7e3103ef6b4192b0afc3425) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/06 00:22:29.0062 2760 Srv (21e928edf5c0c1b156cacd083135a7ef) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/06 00:22:29.0328 2760 swenum (297f7f84ecfdcbdd8db473982dee52ce) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/06 00:22:29.0562 2760 swmidi (09cccd18bf6c06d69081b549392248cd) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/06 00:22:29.0796 2760 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/07/06 00:22:29.0984 2760 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/07/06 00:22:30.0187 2760 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/07/06 00:22:30.0390 2760 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/07/06 00:22:30.0609 2760 SynTP (66f680409fc3bddf62741e3e920a8454) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/07/06 00:22:30.0890 2760 sysaudio (6a56a06633753ad5cc774bb257a4a7b0) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/06 00:22:31.0187 2760 Tcpip (e5b13c9cda9abdf4e4a565b453133bad) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/06 00:22:31.0453 2760 Tcpip6 (2878d4adb7b6877c17a83ea359084c1c) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

2011/07/06 00:22:31.0703 2760 TDPIPE (5fc500971653d3c74b6e0991b3b7e954) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/06 00:22:32.0000 2760 TDTCP (1fc88d7502f73823f421312abc901820) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/06 00:22:32.0218 2760 TermDD (c5b58e1ebeac38bb164b4e04b3ae79b4) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/06 00:22:32.0484 2760 tifsfilter (7369f74dd9172c6527a8aceb010e28f1) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys

2011/07/06 00:22:32.0718 2760 timounter (53fec95b844c46489f6683dc0a606e01) C:\WINDOWS\system32\DRIVERS\timntr.sys

2011/07/06 00:22:32.0953 2760 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/07/06 00:22:33.0109 2760 tunmp (e6acf530a0a976ab0ab4c2f655cb8ded) C:\WINDOWS\system32\DRIVERS\tunmp.sys

2011/07/06 00:22:33.0328 2760 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\WINDOWS\system32\drivers\tvicport.sys

2011/07/06 00:22:33.0515 2760 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys

2011/07/06 00:22:33.0765 2760 Udfs (43a4db046683f3898b75a48387f4e845) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/06 00:22:33.0968 2760 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/07/06 00:22:34.0109 2760 Update (5e81d22995ecb28f45a727277b2e7d67) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/06 00:22:34.0843 2760 usbehci (5bb78a273648f84761074cde9191939c) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/06 00:22:35.0078 2760 usbhub (07f40f400a377533649f903f890094f6) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/06 00:22:35.0281 2760 usbohci (a1e7762e3fd076ac94fcbc51e6c6e806) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/07/06 00:22:35.0609 2760 usbscan (3d869a71a9d9f908fb7dccf69660f91e) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/07/06 00:22:35.0828 2760 USBSTOR (85142ab3165a07903c62251f77003560) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/06 00:22:36.0062 2760 VgaSave (79ff42ff5df9f920f30af9d668a0ba3e) C:\WINDOWS\System32\drivers\vga.sys

2011/07/06 00:22:36.0187 2760 viaagp (aaa8696047c2d29a20c1f6919755eb57) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/07/06 00:22:36.0406 2760 ViaIde (4b4aecf420fc239b32cd60c9be16bcb2) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/07/06 00:22:36.0625 2760 VolSnap (0ba96a6735dbbddeb50bdbbe77f746b6) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/06 00:22:36.0890 2760 Wanarp (e87ea20a87e8869811d15d87836fe1c5) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/06 00:22:37.0421 2760 wdmaud (60715dc5ec8f73789f9b55188d37deaf) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/06 00:22:37.0703 2760 winachsf (6f25b08ebbac9e02e6a0829f2c28999b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/07/06 00:22:38.0000 2760 WmiAcpi (d70bfbadedcbb2cdc61a43f52c7a1c37) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/07/06 00:22:38.0281 2760 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/07/06 00:22:38.0406 2760 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/07/06 00:22:38.0687 2760 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/06 00:22:38.0984 2760 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/07/06 00:22:43.0984 2760 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\WINDOWS\system32\drivers\zntport.sys

2011/07/06 00:22:44.0093 2760 MBR (0x1B8) (81f4fdfac4871a9821da03bb991c1b68) \Device\Harddisk0\DR0

2011/07/06 00:22:44.0109 2760 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/07/06 00:22:44.0125 2760 Boot (0x1200) (a99687258330f51ebd9379980574ac60) \Device\Harddisk0\DR0\Partition0

2011/07/06 00:22:44.0171 2760 Boot (0x1200) (bd9ff873451338a33b59da5b101eb6d0) \Device\Harddisk0\DR0\Partition1

2011/07/06 00:22:44.0187 2760 ================================================================================

2011/07/06 00:22:44.0187 2760 Scan finished

2011/07/06 00:22:44.0187 2760 ================================================================================

2011/07/06 00:22:44.0218 2592 Detected object count: 3

2011/07/06 00:22:44.0218 2592 Actual detected object count: 3

2011/07/06 00:23:12.0812 2592 ForgedFile.Multi.Generic(Cdrom) - User select action: Skip

2011/07/06 00:23:12.0812 2592 ForgedFile.Multi.Generic(Secdrv) - User select action: Skip

2011/07/06 00:23:12.0843 2592 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/07/06 00:23:12.0843 2592 \Device\Harddisk0\DR0 - ok

2011/07/06 00:23:12.0843 2592 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/07/06 00:23:48.0265 3852 Deinitialize success

Link to post
Share on other sites

---------------------

combofix

---------------------

ComboFix 11-07-05.03 - Unknown 07/06/2011 0:43.1.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.523 [GMT -6:00]

Running from: c:\documents and settings\Unknown\My Documents\Downloads\ComboFix.exe

AV: ESET NOD32 antivirus system 2.70 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Unknown\WINDOWS

c:\windows\`.BAT

c:\windows\C.BAT

c:\windows\D.BAT

c:\windows\G.EXE

c:\windows\M.BAT

c:\windows\R.BAT

c:\windows\system\WING32.DLL

c:\windows\system32\kock

c:\windows\system32\kock\system@a1.interclick[1].txt

c:\windows\system32\kock\system@abmr[2].txt

c:\windows\system32\kock\system@admonkey.dapper[1].txt

c:\windows\system32\kock\system@ads.undertone[2].txt

c:\windows\system32\kock\system@beyondthedow[1].txt

c:\windows\system32\kock\system@data.beyond[2].txt

c:\windows\system32\kock\system@fetchback[2].txt

c:\windows\system32\kock\system@interclick[1].txt

c:\windows\system32\kock\system@quantserve[1].txt

c:\windows\system32\kock\system@ru4[1].txt

c:\windows\system32\kock\system@scorecardresearch[1].txt

c:\windows\system32\kock\system@scorecardresearch[2].txt

c:\windows\system32\kock\system@servlet[1].txt

c:\windows\system32\kock\system@sharethis[1].txt

c:\windows\system32\kock\system@turn[1].txt

c:\windows\system32\kock\system@undertone[1].txt

c:\windows\system32\Packet.dll

c:\windows\system32\wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_IAS

-------\Legacy_ITLPERF

-------\Legacy_NPF

-------\Service_itlperf

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2011-06-06 to 2011-07-06 )))))))))))))))))))))))))))))))

.

.

2011-06-30 05:06 . 2011-06-30 05:06 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-06-30 05:06 . 2011-06-30 05:06 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-06-29 21:37 . 2011-06-29 21:37 388096 ----a-r- c:\documents and settings\Unknown\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-29 21:37 . 2011-06-29 21:37 -------- d-----w- c:\program files\Trend Micro

2011-06-29 19:12 . 2011-06-29 19:12 -------- d-----w- c:\documents and settings\Unknown\Application Data\SUPERAntiSpyware.com

2011-06-29 19:12 . 2011-06-29 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-06-11 22:56 . 2011-06-11 22:56 -------- d-----w- c:\program files\CCleaner

2011-06-11 22:51 . 2004-03-09 06:00 187904 ----a-w- c:\windows\system32\TABCTL32.OCX

2011-06-11 22:51 . 2003-12-30 01:26 90624 ----a-w- c:\windows\system32\GradientButtonS.ocx

2011-06-11 20:32 . 2011-06-11 20:32 -------- d-----w- C:\FOUND.022

2011-06-10 13:57 . 2011-06-10 13:57 -------- d-----w- C:\FOUND.021

2011-06-09 01:44 . 2011-06-09 01:44 -------- d-----w- C:\FOUND.020

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 15:11 . 2011-05-07 22:09 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 15:11 . 2011-05-07 22:08 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-08 20:06 . 2011-05-08 20:06 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys

2011-05-07 21:53 . 2011-05-07 21:53 50704 ----a-w- c:\windows\system32\drivers\npf.sys

2011-05-05 15:33 . 2004-08-11 02:00 12400 ----a-w- c:\windows\system32\drivers\secdrv.sys

2006-02-23 14:16 . 2007-01-17 05:50 34048 ----a-w- c:\program files\mozilla firefox\plugins\upd62i9x.dll

2006-02-23 14:16 . 2007-01-17 05:50 45056 ----a-w- c:\program files\mozilla firefox\plugins\upd62int.dll

2005-04-20 00:25 . 2007-01-17 05:43 53323 ----a-w- c:\program files\opera\program\plugins\PlugDef.dll

2006-02-23 14:16 . 2007-01-17 05:50 34048 ----a-w- c:\program files\opera\program\plugins\upd62i9x.dll

2006-02-23 14:16 . 2007-01-17 05:50 45056 ----a-w- c:\program files\opera\program\plugins\upd62int.dll

2011-06-30 05:06 . 2011-04-30 06:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

<pre>
c:\program files\Common Files\Acronis\Schedule2\schedhlp .exe
c:\program files\Common Files\Ahead\Lib\NeroCheck .exe
c:\program files\Realtek\InstallShield\AzMixerSel .exe
c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\program files\Launch Manager\LManager .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\windows\ehome\ehtray .exe
</pre>

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Uniblue SpeedUpMyPC"="" [N/A]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="" [N/A]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-12-27 988736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-07-19 15360]

"SvrWsc"="" [N/A]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 1 (0x1)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]

"NoAutoUpdate"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srvFFC]

@="service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\TARDIS95.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\System32\\dpvsetup.exe"=

"c:\\Program Files\\Steam\\SteamApps\\ryanehlers18\\counter-strike source\\hl2.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"56477:TCP"= 56477:TCP:Pando Media Booster

"56477:UDP"= 56477:UDP:Pando Media Booster

.

R0 shdbus;shdbus;c:\windows\system32\drivers\SHDBUS.sys [5/9/2006 3:26 PM 3328]

R0 Shield;Shield;c:\windows\system32\drivers\Shield.sys [5/9/2006 3:26 PM 61568]

R0 Shieldf;Shieldf;c:\windows\system32\drivers\Shieldf.sys [5/9/2006 3:26 PM 18944]

R0 shieldm;shieldm;c:\windows\system32\drivers\Shieldm.sys [5/9/2006 3:26 PM 11904]

S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]

S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]

S2 srvFFC;srvFFC;c:\windows\system32\svchost.exe -k netsvcs [8/10/2004 8:00 PM 14336]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/7/2011 4:09 PM 39984]

S3 XDva092;XDva092;\??\c:\windows\system32\XDva092.sys --> c:\windows\system32\XDva092.sys [?]

S3 XDva143;XDva143;\??\c:\windows\system32\XDva143.sys --> c:\windows\system32\XDva143.sys [?]

S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WUAUSERV

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

srvFFC

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

TCP: DhcpNameServer = 172.27.35.1

FF - ProfilePath - c:\documents and settings\Unknown\Application Data\Mozilla\Firefox\Profiles\ywo49adf.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Notify-itlntfy - itlnfw32.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-06 00:56

Windows 5.1.2600 Service Pack 3, v.3180 FAT NTAPI

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srvFFC]

"servicedll"="\\?\globalroot\Device\HarddiskVolume2\Documents and Settings\Unknown\Local Settings\Temp\srvFFC.tmp"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1020)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(708)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\acer\Empowering Technology\ePerformance\MemCheck.exe

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Rollback\shdserv.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\system32\wbem\wmiapsrv.exe

.

**************************************************************************

.

Completion time: 2011-07-06 01:00:27 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-06 07:00

.

Pre-Run: 9,152,888,832 bytes free

Post-Run: 9,066,053,632 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP" /execute /fastdetect

C:\ = "dos"

.

- - End Of File - - 0624613769734AC924935BB77DAE50AD

----------------

security check

----------------

Results of screen317's Security Check version 0.99.17

Windows XP Service Pack 3

Internet Explorer 6 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

Antivirus out of date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 11

Out of date Java installed!

Flash Player Out of Date!

Adobe Flash Player 10.2.159.1

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

Link to post
Share on other sites

Let's try running a new copy of TDSSKiller again ;):

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt

how the PC is running now?

Link to post
Share on other sites

here is the second TDSSKiller log:

2011/07/06 23:31:17.0015 1896 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21

2011/07/06 23:31:17.0953 1896 ================================================================================

2011/07/06 23:31:17.0953 1896 SystemInfo:

2011/07/06 23:31:17.0953 1896

2011/07/06 23:31:17.0953 1896 OS Version: 5.1.2600 ServicePack: 3.0

2011/07/06 23:31:17.0953 1896 Product type: Workstation

2011/07/06 23:31:17.0953 1896 ComputerName: ACE

2011/07/06 23:31:18.0078 1896 UserName: Unknown

2011/07/06 23:31:18.0078 1896 Windows directory: C:\WINDOWS

2011/07/06 23:31:18.0093 1896 System windows directory: C:\WINDOWS

2011/07/06 23:31:18.0093 1896 Processor architecture: Intel x86

2011/07/06 23:31:18.0093 1896 Number of processors: 1

2011/07/06 23:31:18.0093 1896 Page size: 0x1000

2011/07/06 23:31:18.0093 1896 Boot type: Normal boot

2011/07/06 23:31:18.0093 1896 ================================================================================

2011/07/06 23:31:20.0484 1896 Initialize success

2011/07/06 23:31:24.0859 3628 ================================================================================

2011/07/06 23:31:24.0859 3628 Scan started

2011/07/06 23:31:24.0859 3628 Mode: Manual;

2011/07/06 23:31:24.0859 3628 ================================================================================

2011/07/06 23:31:27.0109 3628 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/07/06 23:31:27.0250 3628 ACPI (14f095a512b1dfa3cf34b52b1e5c3974) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/06 23:31:27.0328 3628 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/07/06 23:31:27.0515 3628 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/07/06 23:31:27.0640 3628 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/06 23:31:27.0750 3628 AFD (69179a07789e6299769f011e66350703) C:\WINDOWS\System32\drivers\afd.sys

2011/07/06 23:31:27.0968 3628 agp440 (06abba5c28f663df5c0a59ffb5b765f2) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/07/06 23:31:28.0125 3628 agpCPQ (e35f238f1472f594e3e51c831337d222) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/07/06 23:31:28.0312 3628 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/07/06 23:31:28.0500 3628 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/07/06 23:31:28.0687 3628 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/07/06 23:31:28.0781 3628 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/07/06 23:31:28.0937 3628 alim1541 (69bf1c4a03170851bf726f119ef2992b) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/07/06 23:31:29.0062 3628 amdagp (503d7baf7ac6a8855fa3d97d2c15a745) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/07/06 23:31:29.0265 3628 AmdK8 (ff8562f78b45a811c1ee23431622d4cc) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

2011/07/06 23:31:29.0531 3628 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/07/06 23:31:29.0640 3628 Arp1394 (d58a4be1edbe756c48a73cb6dc499c89) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/07/06 23:31:29.0843 3628 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/07/06 23:31:30.0031 3628 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/07/06 23:31:30.0218 3628 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/07/06 23:31:30.0343 3628 AsyncMac (67b0d103f4b1d0d9d8a39234ce17eba5) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/06 23:31:30.0531 3628 atapi (ecc752d74b5c8648206fcd47485ece2f) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/06 23:31:31.0125 3628 ati2mtag (669a8717dbe1a6b03898a190e4708b2f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/07/06 23:31:31.0328 3628 Atmarpc (b196a4e79f8fcb5e494dfceebc125eb1) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/06 23:31:31.0546 3628 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/06 23:31:34.0359 3628 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2011/07/06 23:31:34.0453 3628 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/06 23:31:34.0765 3628 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/07/06 23:31:35.0000 3628 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/06 23:31:35.0187 3628 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/07/06 23:31:35.0234 3628 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/06 23:31:35.0375 3628 Cdfs (71da710d1ffacbd7a9b6e6863c1c0856) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/06 23:31:35.0468 3628 Cdrom (dc6ac6867c83cc634365d5e01508134e) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/06 23:31:35.0578 3628 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: dc6ac6867c83cc634365d5e01508134e, Fake md5: 4b0a100eaf5c49ef3cca8c641431eacc

2011/07/06 23:31:35.0593 3628 Cdrom - detected ForgedFile.Multi.Generic (1)

2011/07/06 23:31:35.0984 3628 CmBatt (e1d783898e7335443b07ca2b30a5d71b) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/07/06 23:31:36.0093 3628 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/07/06 23:31:36.0265 3628 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/07/06 23:31:36.0468 3628 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/07/06 23:31:36.0687 3628 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/07/06 23:31:36.0875 3628 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/07/06 23:31:36.0984 3628 Disk (8e79f7438df5ff7968cbca677c10ff28) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/06 23:31:37.0203 3628 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys

2011/07/06 23:31:37.0375 3628 dmboot (a29086830d1f3c0f0e40554226a71494) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/06 23:31:37.0484 3628 dmio (aa2ef626f931ad46e700bbed5928faeb) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/06 23:31:37.0531 3628 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/06 23:31:37.0609 3628 DMusic (01f621d9ec31c15564cd6fda02cccb1a) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/06 23:31:37.0890 3628 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/07/06 23:31:38.0015 3628 DritekPortIO (5beb3bdaecc6c9348fc0d169ce65ecc6) C:\PROGRA~1\LAUNCH~1\DPortIO.sys

2011/07/06 23:31:38.0125 3628 drmkaud (baa7593744480e0ecfb7e64d5d8acfb2) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/06 23:31:41.0500 3628 EMSCR (5aee9eedcfbf2b0f9dec53c27ee722a3) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys

2011/07/06 23:31:41.0734 3628 ESDCR (8e56ab21d10c368029cea57de47d79c2) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys

2011/07/06 23:31:41.0968 3628 ESMCR (0a58fade5e12d3a611427292073362cb) C:\WINDOWS\system32\DRIVERS\ESM7SK.sys

2011/07/06 23:31:42.0343 3628 Fastfat (36341b5ac32718e7c6f42dd080199d3a) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/06 23:31:42.0656 3628 Fdc (de503f555512a1519631ab5ef7393fcf) C:\WINDOWS\system32\drivers\Fdc.sys

2011/07/06 23:31:42.0968 3628 Fips (9165aa0625bce181e3967e552b0e0cc9) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/06 23:31:43.0312 3628 Flpydisk (8f7cdd70f54703857970daf19cea0833) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/07/06 23:31:43.0484 3628 FltMgr (f9ecd3b42cedf9729d8b39af2c7a19ce) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/07/06 23:31:43.0546 3628 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/06 23:31:43.0656 3628 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/06 23:31:43.0937 3628 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/07/06 23:31:44.0250 3628 Gpc (f65022c9e5b76cf4ab8f82f74e59e2aa) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/06 23:31:44.0437 3628 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/07/06 23:31:44.0843 3628 HidUsb (adf1be3160e645987b40e02105b60437) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/06 23:31:45.0093 3628 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/07/06 23:31:45.0328 3628 HSFHWAZL (358ae1d350e05f5c45f65dca0be6ba40) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2011/07/06 23:31:45.0640 3628 HSF_DPV (c17b97f331a08bed979961245331413d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2011/07/06 23:31:45.0875 3628 HSXHWAZL (83f221ddae2d2353b41f0227e6e411d7) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys

2011/07/06 23:31:46.0078 3628 HTTP (1c9485d5a089c14318f067770f8deb02) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/06 23:31:46.0406 3628 i2omgmt (3dfe681847872f5da5931666efab6fb7) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/07/06 23:31:46.0703 3628 i2omp (cfdd067ebde88aff5b6078ef85fb20cb) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/07/06 23:31:46.0984 3628 i8042prt (9758fc7153e42ad3c6d44a745dfa018e) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/06 23:31:47.0296 3628 Imapi (5ddce01beae83661cf78d8ac8d38a064) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/06 23:31:47.0562 3628 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/07/06 23:31:47.0828 3628 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\WINDOWS\system32\drivers\int15.sys

2011/07/06 23:31:48.0281 3628 IntcAzAudAddService (909d03b3b7fb7c830b74f74f4d0ea7ce) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/07/06 23:31:48.0781 3628 IntelIde (8782fda97b1a1133bcc2d3c1035807e2) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/07/06 23:31:48.0921 3628 Ip6Fw (c6ffd0fda29b6220fa38e2c8d6183272) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/07/06 23:31:49.0015 3628 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/06 23:31:49.0343 3628 IpInIp (6e53502824b51c3fd289d883d7d24ab9) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/06 23:31:49.0640 3628 IpNat (9c527dea05ebb8e4c85ef4d52d82e9d0) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/06 23:31:49.0953 3628 IPSec (a409f81c50f06b42aa27866bcf0d528d) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/06 23:31:50.0250 3628 irda (8edcd869868bb23400d46df28b8676a0) C:\WINDOWS\system32\DRIVERS\irda.sys

2011/07/06 23:31:50.0546 3628 IRENUM (e5ec5cd79b61f899ca53c887d27f834b) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/06 23:31:50.0765 3628 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys

2011/07/06 23:31:51.0078 3628 isapnp (363af372258c1c9ae5d0e9b7c4c4c847) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/06 23:31:51.0375 3628 Kbdclass (8ae37e480218183e17592ec47920d1cc) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/06 23:31:51.0953 3628 kmixer (99f4e83e286d27944c2cd62643835306) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/06 23:31:52.0265 3628 KSecDD (7b74409c0f359e29b69773eb01e870a5) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/06 23:31:53.0140 3628 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/07/06 23:31:53.0359 3628 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/07/06 23:31:53.0515 3628 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/06 23:31:53.0875 3628 Modem (2e5971dabcea376df993dfde808b951d) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/06 23:31:54.0187 3628 Mouclass (61c7d01e30a83590ad8215d4e9ba30d0) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/06 23:31:54.0437 3628 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/06 23:31:54.0750 3628 MountMgr (ef4fe84adb5ba32e25a13c5426ba7a93) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/06 23:31:54.0953 3628 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/07/06 23:31:55.0250 3628 MRxDAV (32ebcbc196a3540428c34d614db20029) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/06 23:31:55.0562 3628 MRxSmb (d4ad92f0af2de85170d37541cbf50b55) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/06 23:31:55.0859 3628 Msfs (873cafe6c178fee3b1c59aa17c12c3a4) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/06 23:31:56.0140 3628 MSKSSRV (21180e15d892de3c8eb7639ae606c1d8) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/06 23:31:56.0421 3628 MSPCLOCK (33fbe079592b2a3d52deb6b29b6bf8e0) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/06 23:31:56.0703 3628 MSPQM (a3eea681d8fac980810763ba36b1c44c) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/06 23:31:56.0875 3628 mssmbios (d81aebaefa8fe19096d1c2b816069fb5) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/06 23:31:57.0156 3628 Mup (ed570aa3ebb3c7f55a8f4628146836b2) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/06 23:31:57.0453 3628 NDIS (e65ae42c335d0b5701a05fb339c453d4) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/06 23:31:57.0703 3628 NdisTapi (edf5a9e7a91f9a9a0211c345243051b9) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/06 23:31:58.0000 3628 Ndisuio (8ebf03edd75e150b86974a60f1c81efb) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/06 23:31:58.0281 3628 NdisWan (5840063ed4e7c4fb1be022bbf291a2d6) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/06 23:31:58.0578 3628 NDProxy (bdc1a55c6fb9cda87cf4818bc13b8001) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/06 23:31:58.0859 3628 NetBIOS (159abc392769f8562a9f71990efea3d7) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/06 23:31:59.0156 3628 NetBT (275b99fac807fbb3ad6e13a1ea0484b4) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/06 23:31:59.0531 3628 NIC1394 (fa6c984ac9730a3d09f98a93ebaaeb79) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/07/06 23:31:59.0828 3628 Npfs (f644029590a3a46a10c14121384f5874) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/06 23:32:00.0125 3628 Ntfs (6ffbf609c4d1956967d549ee9d26de6e) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/06 23:32:00.0328 3628 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys

2011/07/06 23:32:00.0453 3628 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/06 23:32:00.0562 3628 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/06 23:32:00.0640 3628 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/06 23:32:00.0937 3628 NwlnkIpx (c55b0cea0e249583c38c36916920d361) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

2011/07/06 23:32:01.0062 3628 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

2011/07/06 23:32:01.0218 3628 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

2011/07/06 23:32:01.0531 3628 ohci1394 (edad3a2e21fed8c5cf13f44cf292219b) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/07/06 23:32:01.0796 3628 Parport (392e8d639a0e69b135c76a479fda1ed0) C:\WINDOWS\system32\drivers\Parport.sys

2011/07/06 23:32:01.0890 3628 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/06 23:32:02.0015 3628 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/06 23:32:02.0265 3628 PCI (da06144577cfaba30922edf417d21df5) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/06 23:32:02.0640 3628 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/06 23:32:02.0921 3628 Pcmcia (d03b1326818ab9b4a097cebf9f2c1718) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/07/06 23:32:04.0265 3628 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/07/06 23:32:04.0437 3628 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/07/06 23:32:04.0781 3628 PptpMiniport (8c4da2768e0f16ce671ba06b2eedc3e9) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/06 23:32:05.0078 3628 Processor (cce64b2d46e3498f3b49f85ba51d207a) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/07/06 23:32:05.0359 3628 PSched (67be9c80be9118944d5e6de0f4d5abfd) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/06 23:32:05.0437 3628 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/06 23:32:05.0656 3628 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/07/06 23:32:05.0859 3628 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/07/06 23:32:06.0046 3628 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/07/06 23:32:06.0250 3628 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/07/06 23:32:06.0421 3628 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/07/06 23:32:06.0625 3628 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/07/06 23:32:06.0703 3628 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/06 23:32:06.0906 3628 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

2011/07/06 23:32:07.0187 3628 Rasl2tp (fed62e63ae154227801b78a4f16e63a7) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/06 23:32:07.0468 3628 RasPppoe (8ab27a574634b1aa461983dfe301bc15) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/06 23:32:07.0546 3628 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/06 23:32:07.0828 3628 Rdbss (c04957198332a8029eb0123432b7e04b) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/06 23:32:07.0875 3628 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/06 23:32:08.0187 3628 rdpdr (d4849c130a71196932c9ac932dd7bd13) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/07/06 23:32:08.0484 3628 RDPWD (3fca11c2685bef139f4681ec3130ebe7) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/06 23:32:08.0781 3628 redbook (ac82fa3391a6e3cee9d55c70e067c383) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/06 23:32:08.0968 3628 rspndr (b09e22b1877d5bc119f477cd671e5631) C:\WINDOWS\system32\DRIVERS\rspndr.sys

2011/07/06 23:32:09.0296 3628 RTL8023xp (911e07056b865760c0762f6221145999) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

2011/07/06 23:32:09.0578 3628 SbcpHid (30d94039a729571146eb9d736ec1aadd) C:\WINDOWS\system32\Drivers\SbcpHid.sys

2011/07/06 23:32:09.0828 3628 sdbus (ce03e9dbaf30ce352a63d1c7a30d92af) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/07/06 23:32:10.0109 3628 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/06 23:32:10.0140 3628 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\secdrv.sys. Real md5: d26e26ea516450af9d072635c60387f4, Fake md5: ba0d892d2f786bcebdf03b0a252b47f3

2011/07/06 23:32:10.0156 3628 Secdrv - detected ForgedFile.Multi.Generic (1)

2011/07/06 23:32:10.0421 3628 Serial (d21629103df0a27db47cfc93bb10addc) C:\WINDOWS\system32\drivers\Serial.sys

2011/07/06 23:32:10.0687 3628 Sfloppy (214d8a687112b7801c11ae9605f4a411) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/06 23:32:10.0812 3628 shdbus (cefb95b9e01545c2c6806dab0a67c209) C:\WINDOWS\system32\drivers\shdbus.sys

2011/07/06 23:32:10.0906 3628 Shield (cd718dd78e002f7ad8432953bd2b2090) C:\WINDOWS\system32\drivers\Shield.sys

2011/07/06 23:32:11.0078 3628 Shieldf (fca0ef03905bcee88891284d9c9f2c60) C:\WINDOWS\system32\drivers\Shieldf.sys

2011/07/06 23:32:11.0265 3628 shieldm (4b6013dc151f67b125ea5b20764ae9ac) C:\WINDOWS\system32\drivers\shieldm.sys

2011/07/06 23:32:11.0687 3628 sisagp (65adb4314ffce05e7e3f8bae46191d24) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/07/06 23:32:11.0859 3628 SMCIRDA (62556d170f22c43a544481e4ee16d2e2) C:\WINDOWS\system32\DRIVERS\smcirda.sys

2011/07/06 23:32:12.0140 3628 snapman (90257773f4b4065bd0c6cc2164fd52e5) C:\WINDOWS\system32\DRIVERS\snapman.sys

2011/07/06 23:32:12.0187 3628 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/07/06 23:32:12.0437 3628 splitter (3e9bc056dab801f260c02ed5c866c34d) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/06 23:32:12.0750 3628 sr (f4954551f7e3103ef6b4192b0afc3425) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/06 23:32:13.0046 3628 Srv (21e928edf5c0c1b156cacd083135a7ef) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/06 23:32:13.0359 3628 swenum (297f7f84ecfdcbdd8db473982dee52ce) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/06 23:32:13.0609 3628 swmidi (09cccd18bf6c06d69081b549392248cd) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/06 23:32:13.0890 3628 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/07/06 23:32:14.0062 3628 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/07/06 23:32:14.0250 3628 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/07/06 23:32:14.0437 3628 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/07/06 23:32:14.0687 3628 SynTP (66f680409fc3bddf62741e3e920a8454) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/07/06 23:32:15.0000 3628 sysaudio (6a56a06633753ad5cc774bb257a4a7b0) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/06 23:32:15.0296 3628 Tcpip (e5b13c9cda9abdf4e4a565b453133bad) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/06 23:32:15.0578 3628 Tcpip6 (2878d4adb7b6877c17a83ea359084c1c) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

2011/07/06 23:32:15.0859 3628 TDPIPE (5fc500971653d3c74b6e0991b3b7e954) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/06 23:32:16.0125 3628 TDTCP (1fc88d7502f73823f421312abc901820) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/06 23:32:16.0375 3628 TermDD (c5b58e1ebeac38bb164b4e04b3ae79b4) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/06 23:32:16.0640 3628 tifsfilter (7369f74dd9172c6527a8aceb010e28f1) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys

2011/07/06 23:32:16.0890 3628 timounter (53fec95b844c46489f6683dc0a606e01) C:\WINDOWS\system32\DRIVERS\timntr.sys

2011/07/06 23:32:17.0125 3628 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/07/06 23:32:17.0265 3628 tunmp (e6acf530a0a976ab0ab4c2f655cb8ded) C:\WINDOWS\system32\DRIVERS\tunmp.sys

2011/07/06 23:32:17.0578 3628 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\WINDOWS\system32\drivers\tvicport.sys

2011/07/06 23:32:17.0796 3628 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys

2011/07/06 23:32:18.0046 3628 Udfs (43a4db046683f3898b75a48387f4e845) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/06 23:32:18.0265 3628 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/07/06 23:32:18.0406 3628 Update (5e81d22995ecb28f45a727277b2e7d67) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/06 23:32:19.0171 3628 usbehci (5bb78a273648f84761074cde9191939c) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/06 23:32:19.0421 3628 usbhub (07f40f400a377533649f903f890094f6) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/06 23:32:19.0703 3628 usbohci (a1e7762e3fd076ac94fcbc51e6c6e806) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/07/06 23:32:19.0968 3628 usbscan (3d869a71a9d9f908fb7dccf69660f91e) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/07/06 23:32:20.0234 3628 USBSTOR (85142ab3165a07903c62251f77003560) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/06 23:32:20.0453 3628 VgaSave (79ff42ff5df9f920f30af9d668a0ba3e) C:\WINDOWS\System32\drivers\vga.sys

2011/07/06 23:32:20.0593 3628 viaagp (aaa8696047c2d29a20c1f6919755eb57) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/07/06 23:32:20.0828 3628 ViaIde (4b4aecf420fc239b32cd60c9be16bcb2) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/07/06 23:32:21.0062 3628 VolSnap (0ba96a6735dbbddeb50bdbbe77f746b6) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/06 23:32:21.0328 3628 Wanarp (e87ea20a87e8869811d15d87836fe1c5) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/06 23:32:21.0859 3628 wdmaud (60715dc5ec8f73789f9b55188d37deaf) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/06 23:32:22.0156 3628 winachsf (6f25b08ebbac9e02e6a0829f2c28999b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/07/06 23:32:22.0484 3628 WmiAcpi (d70bfbadedcbb2cdc61a43f52c7a1c37) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/07/06 23:32:22.0750 3628 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/07/06 23:32:22.0968 3628 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/07/06 23:32:23.0296 3628 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/06 23:32:23.0546 3628 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/07/06 23:32:28.0531 3628 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\WINDOWS\system32\drivers\zntport.sys

2011/07/06 23:32:28.0640 3628 MBR (0x1B8) (fb6647a89cb1d59819578178a427ae38) \Device\Harddisk0\DR0

2011/07/06 23:32:36.0187 3628 Boot (0x1200) (a99687258330f51ebd9379980574ac60) \Device\Harddisk0\DR0\Partition0

2011/07/06 23:32:36.0218 3628 Boot (0x1200) (bd9ff873451338a33b59da5b101eb6d0) \Device\Harddisk0\DR0\Partition1

2011/07/06 23:32:36.0234 3628 ================================================================================

2011/07/06 23:32:36.0234 3628 Scan finished

2011/07/06 23:32:36.0234 3628 ================================================================================

2011/07/06 23:32:36.0265 3688 Detected object count: 2

2011/07/06 23:32:36.0265 3688 Actual detected object count: 2

2011/07/06 23:34:30.0062 3688 ForgedFile.Multi.Generic(Cdrom) - User select action: Skip

2011/07/06 23:34:30.0062 3688 ForgedFile.Multi.Generic(Secdrv) - User select action: Skip

Link to post
Share on other sites

We still have some major cleanup to do:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    cdrom.sys
    secdrv.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

here is the log from systemlook.

also i didn't mention this is the original post because i figured that the xmldm files were being created by the virus i was hoping to get rid of but i am unsure if that is the case so i will let you know that my svchost.exe is somehow infected, and has been for a while. i know this in part because it randomly use up all my cpu and my interenet will be slowed tremendously. Also my AVG scan has found some things inside my svchost files but AVG was unable to remove them. Even though i tell it to quarantine them, i have run scans a few days later and it finds them again. now after i uninstalled avg and ran combofix, tdsskiller and securitycheck as per your posts. i reinstalled avg afterwards and ran a scan. it did not find the svchost infection in the scan, and i have not noticed it acting up in the task manager. but i am curious if you can tell in the logs somewhere if that has for sure been removed or if not. if there is any way to fix this?

btw thanks for all your help :)

SystemLook 04.09.10 by jpshortstuff

Log created at 16:55 on 07/07/2011 by Unknown

Administrator - Elevation successful

========== filefind ==========

Searching for "cdrom.sys"

C:\WINDOWS\system32\drivers\cdrom.sys --a---- 62976 bytes [02:00 11/08/2004] [09:49 02/05/2008] 4B0A100EAF5C49EF3CCA8C641431EACC

C:\WINDOWS\system32\dllcache\cdrom.sys ------- 62976 bytes [16:50 24/01/2009] [09:49 02/05/2008] 4B0A100EAF5C49EF3CCA8C641431EACC

C:\WINDOWS\ServicePackFiles\i386\cdrom.sys ------- 62976 bytes [03:20 26/08/2007] [06:35 19/07/2007] DC6AC6867C83CC634365D5E01508134E

C:\WINDOWS\$NtUninstallKB932716-v2$\cdrom.sys ------- 62976 bytes [16:51 24/01/2009] [06:35 19/07/2007] DC6AC6867C83CC634365D5E01508134E

C:\i386\cdrom.sys ------- 62976 bytes [16:50 24/01/2009] [09:49 02/05/2008] 4B0A100EAF5C49EF3CCA8C641431EACC

Searching for "secdrv.sys"

C:\WINDOWS\system32\drivers\secdrv.sys --a---- 12400 bytes [02:00 11/08/2004] [15:33 05/05/2011] BA0D892D2F786BCEBDF03B0A252B47F3

C:\WINDOWS\ServicePackFiles\i386\secdrv.sys ------- 27440 bytes [03:20 26/08/2007] [02:22 30/12/2006] D26E26EA516450AF9D072635C60387F4

C:\Program Files\EA GAMES\Battlefield 1942\Mods\bf1942\SECDRV.SYS --a---- 12464 bytes [14:39 05/05/2011] [15:04 06/01/2004] 890CADA2AB7ACF53A5F9CCE7515522A2

C:\Program Files\EA GAMES\Battlefield 1942\Mods\XPack1\SECDRV.SYS --a---- 12464 bytes [14:44 05/05/2011] [10:34 23/01/2003] 890CADA2AB7ACF53A5F9CCE7515522A2

C:\Program Files\EA GAMES\Battlefield 1942\Mods\XPack2\SECDRV.SYS --a---- 12400 bytes [14:49 05/05/2011] [17:28 06/01/2004] BA0D892D2F786BCEBDF03B0A252B47F3

C:\Program Files\EA GAMES\Battlefield 1942\Patch Data\XPack1\SECDRV.SYS --a---- 12464 bytes [14:39 05/05/2011] [10:34 23/01/2003] 890CADA2AB7ACF53A5F9CCE7515522A2

-= EOF =-

Link to post
Share on other sites

btw thanks for all your help :)

No problem!

i reinstalled avg afterwards and ran a scan. it did not find the svchost infection in the scan, and i have not noticed it acting up in the task manager. but i am curious if you can tell in the logs somewhere if that has for sure been removed or if not. if there is any way to fix this?

AVG NEEDS to remain uninstalled until I tell you its safest to reinstall it. AVG can and WILL cause serious conflicts with ComboFix, which can leave your computer a mere doorstop.

Please uninstall it immediately.

***Note: In order for ComboFix to run properly AVG must be uninstalled. Please go here and follow the instructions to uninstall AVG.

You can reinstall it after the computer is clean.

=========================================

Please do the following ;):

Locate the following file (in bold):

C:\WINDOWS\system32\drivers\cdrom.sys

Once you have highlighted it, Right-Click and select Copy.

Then, save it to your Desktop.

Repeat the same procedure for the following file:

C:\WINDOWS\system32\drivers\secdrv.sys

Leaving the 2 copied files on your Desktop, please do the following:

----------

Please go to http://www.virustotal.com,

Click on Browse

Then, upload the following file(s) for review (in bold):

(these are the ones you've pasted to your Desktop)

cdrom.sys

secdrv.sys

NOTE: You'll only be able to have one file scanned at a time.

Please include both online file scan results in your next reply ;).

=========================================

Next,

You have ComboFix running from a bad location.

Please delete the following file (in bold): c:\documents and settings\Unknown\My Documents\Downloads\ComboFix.exe.

Then, download a new copy of ComboFix, save it to your Desktop, and run it. Please include the newly-created C:\ComboFix.txt in your next reply ;)

Link to post
Share on other sites

this is the scan for secdrv.sys:

File name:

secdrv.sys

Submission date:

2011-07-07 23:53:26 (UTC)

Current status:

finished

Result:

0/ 42 (0.0%)

Antivirus Version Last Update Result

AhnLab-V3 2011.07.08.00 2011.07.07 -

AntiVir 7.11.11.27 2011.07.07 -

Antiy-AVL 2.0.3.7 2011.07.07 -

Avast 4.8.1351.0 2011.07.07 -

Avast5 5.0.677.0 2011.07.07 -

AVG 10.0.0.1190 2011.07.07 -

BitDefender 7.2 2011.07.08 -

CAT-QuickHeal 11.00 2011.07.07 -

ClamAV 0.97.0.0 2011.07.07 -

Commtouch 5.3.2.6 2011.07.07 -

Comodo 9313 2011.07.08 -

DrWeb 5.0.2.03300 2011.07.08 -

Emsisoft 5.1.0.8 2011.07.07 -

eSafe 7.0.17.0 2011.07.07 -

eTrust-Vet 36.1.8432 2011.07.07 -

F-Prot 4.6.2.117 2011.07.07 -

F-Secure 9.0.16440.0 2011.07.07 -

Fortinet 4.2.257.0 2011.07.08 -

GData 22 2011.07.08 -

Ikarus T3.1.1.104.0 2011.07.07 -

Jiangmin 13.0.900 2011.07.07 -

K7AntiVirus 9.107.4883 2011.07.07 -

Kaspersky 9.0.0.837 2011.07.08 -

McAfee 5.400.0.1158 2011.07.08 -

McAfee-GW-Edition 2010.1D 2011.07.07 -

Microsoft 1.7000 2011.07.07 -

NOD32 6275 2011.07.07 -

Norman 6.07.10 2011.07.07 -

nProtect 2011-07-07.01 2011.07.07 -

Panda 10.0.3.5 2011.07.07 -

PCTools 8.0.0.5 2011.07.07 -

Prevx 3.0 2011.07.08 -

Rising 23.65.03.03 2011.07.07 -

Sophos 4.67.0 2011.07.08 -

SUPERAntiSpyware 4.40.0.1006 2011.07.07 -

Symantec 20111.1.0.186 2011.07.08 -

TheHacker 6.7.0.1.248 2011.07.07 -

TrendMicro 9.200.0.1012 2011.07.07 -

TrendMicro-HouseCall 9.200.0.1012 2011.07.08 -

VIPRE 9799 2011.07.08 -

ViRobot 2011.7.7.4556 2011.07.07 -

VirusBuster 14.0.114.0 2011.07.07 -

Additional information

MD5 : ba0d892d2f786bcebdf03b0a252b47f3

SHA1 : 0383b69f98d0a9c0383c8130d52d6b431c79ac48

SHA256: 4ed103bd45ece4d2b6029c36d0e209c8a6f1c34e0f72b01553742773cb1f43a1

VT Community

this is the file scan for cdrom.sys:

File name:

cdrom.sys

Submission date:

2011-07-07 23:56:59 (UTC)

Current status:

finished

Result:

0/ 43 (0.0%)

Antivirus Version Last Update Result

AhnLab-V3 2011.07.07.01 2011.07.07 -

AntiVir 7.11.10.246 2011.07.07 -

Antiy-AVL 2.0.3.7 2011.07.07 -

Avast 4.8.1351.0 2011.07.06 -

Avast5 5.0.677.0 2011.07.06 -

AVG 10.0.0.1190 2011.07.06 -

BitDefender 7.2 2011.07.07 -

CAT-QuickHeal 11.00 2011.07.07 -

ClamAV 0.97.0.0 2011.07.07 -

Commtouch 5.3.2.6 2011.07.07 -

Comodo 9303 2011.07.07 -

DrWeb 5.0.2.03300 2011.07.07 -

Emsisoft 5.1.0.8 2011.07.07 -

eSafe 7.0.17.0 2011.07.06 -

eTrust-Vet 36.1.8429 2011.07.06 -

F-Prot 4.6.2.117 2011.07.06 -

F-Secure 9.0.16440.0 2011.07.07 -

Fortinet 4.2.257.0 2011.07.07 -

GData 22 2011.07.07 -

Ikarus T3.1.1.104.0 2011.07.07 -

Jiangmin 13.0.900 2011.07.06 -

K7AntiVirus 9.107.4878 2011.07.06 -

Kaspersky 9.0.0.837 2011.07.07 -

McAfee 5.400.0.1158 2011.07.07 -

McAfee-GW-Edition 2010.1D 2011.07.07 -

Microsoft 1.7000 2011.07.07 -

NOD32 6271 2011.07.07 -

Norman 6.07.10 2011.07.07 -

nProtect 2011-07-07.01 2011.07.07 -

Panda 10.0.3.5 2011.07.06 -

PCTools 8.0.0.5 2011.07.07 -

Prevx 3.0 2011.07.08 -

Rising 23.65.02.03 2011.07.06 -

Sophos 4.67.0 2011.07.07 -

SUPERAntiSpyware 4.40.0.1006 2011.07.07 -

Symantec 20111.1.0.186 2011.07.07 -

TheHacker 6.7.0.1.248 2011.07.07 -

TrendMicro 9.200.0.1012 2011.07.07 -

TrendMicro-HouseCall 9.200.0.1012 2011.07.07 -

VBA32 3.12.16.4 2011.07.06 -

VIPRE 9792 2011.07.07 -

ViRobot 2011.7.7.4555 2011.07.07 -

VirusBuster 14.0.112.1 2011.07.06 -

Additional information

MD5 : 4b0a100eaf5c49ef3cca8c641431eacc

SHA1 : 50120809df7dabaa2f2ac6384725d3eeec45a6e8

SHA256: 88d9c066ffb863910ee1863ce63d38846aca2df72d6b5fdfce0f3379a6da5ef9

Link to post
Share on other sites

yes sorry i thought the combofix would probably restart my computer and i had already scanned the other files so i posted those while i had them

here is the combofix log. i uninstalled avg before i ran it as i did before. but this time i will leave avg uninstalled.

btw i forgot to tell you. for some reason combofix tells me that i have eset nod32 antivirus running on my computer. it told me to turn it off before running combofix but combofix does not have an "exit" button so when i clicked "x" it ran anyways. that was on the first scan.

let me say: I HAVE NEVER HEARD OF NOD32. i have never installed it on my computer. i could not see a process running even remotely close to nod32. I went into add/remove programs and it was not on the list. i even googled it. i have never seen eset nod32 before in my life. so i'm not sure how it got on my computer but apparently its still running somehow. because on this second scan. it alerted me again that nod32 was running, but as i said before once i start combofix i can't stop it. so it ran again.

here is the log:

ComboFix 11-07-07.05 - Unknown 07/07/2011 18:25:23.2.1 - FAT32x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.517 [GMT -6:00]

Running from: c:\documents and settings\Unknown\Desktop\ComboFix.exe

AV: ESET NOD32 antivirus system 2.70 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

.

((((((((((((((((((((((((( Files Created from 2011-06-08 to 2011-07-08 )))))))))))))))))))))))))))))))

.

.

2011-07-06 20:38 . 2011-07-06 20:38 -------- d-----w- c:\documents and settings\Unknown\Local Settings\Application Data\AVG Security Toolbar

2011-06-30 05:06 . 2011-06-30 05:06 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-06-30 05:06 . 2011-06-30 05:06 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-06-29 21:37 . 2011-06-29 21:37 -------- d-----w- c:\program files\Trend Micro

2011-06-29 19:12 . 2011-06-29 19:12 -------- d-----w- c:\documents and settings\Unknown\Application Data\SUPERAntiSpyware.com

2011-06-29 19:12 . 2011-06-29 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-06-11 22:56 . 2011-06-11 22:56 -------- d-----w- c:\program files\CCleaner

2011-06-11 22:51 . 2004-03-09 06:00 187904 ----a-w- c:\windows\system32\TABCTL32.OCX

2011-06-11 22:51 . 2003-12-30 01:26 90624 ----a-w- c:\windows\system32\GradientButtonS.ocx

2011-06-11 20:32 . 2011-06-11 20:32 -------- d-----w- C:\FOUND.022

2011-06-10 13:57 . 2011-06-10 13:57 -------- d-----w- C:\FOUND.021

2011-06-09 01:44 . 2011-06-09 01:44 -------- d-----w- C:\FOUND.020

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-29 15:11 . 2011-05-07 22:09 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 15:11 . 2011-05-07 22:08 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-08 20:06 . 2011-05-08 20:06 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys

2011-05-07 21:53 . 2011-05-07 21:53 50704 ----a-w- c:\windows\system32\drivers\npf.sys

2011-05-05 15:33 . 2004-08-11 02:00 12400 ----a-w- c:\windows\system32\drivers\secdrv.sys

2006-02-23 14:16 . 2007-01-17 05:50 34048 ----a-w- c:\program files\mozilla firefox\plugins\upd62i9x.dll

2006-02-23 14:16 . 2007-01-17 05:50 45056 ----a-w- c:\program files\mozilla firefox\plugins\upd62int.dll

2005-04-20 00:25 . 2007-01-17 05:43 53323 ----a-w- c:\program files\opera\program\plugins\PlugDef.dll

2006-02-23 14:16 . 2007-01-17 05:50 34048 ----a-w- c:\program files\opera\program\plugins\upd62i9x.dll

2006-02-23 14:16 . 2007-01-17 05:50 45056 ----a-w- c:\program files\opera\program\plugins\upd62int.dll

2011-06-30 05:06 . 2011-04-30 06:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

<pre>
c:\program files\Common Files\Acronis\Schedule2\schedhlp .exe
c:\program files\Common Files\Ahead\Lib\NeroCheck .exe
c:\program files\Realtek\InstallShield\AzMixerSel .exe
c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI .exe
c:\program files\Synaptics\SynTP\SynTPEnh .exe
c:\program files\Launch Manager\LManager .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\windows\ehome\ehtray .exe
</pre>

.

((((((((((((((((((((((((((((( SnapShot@2011-07-06_06.56.20 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-07-07 23:49 . 2011-07-07 23:49 16384 c:\windows\Temp\Perflib_Perfdata_7c8.dat

+ 2011-07-07 23:49 . 2011-07-07 23:49 16384 c:\windows\Temp\Perflib_Perfdata_57c.dat

+ 2011-07-06 08:47 . 2011-07-06 08:47 3489280 c:\windows\Installer\63e0ef.msi

+ 2011-07-06 08:44 . 2011-07-06 08:44 1611776 c:\windows\Installer\63e0eb.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Uniblue SpeedUpMyPC"="" [N/A]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="" [N/A]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 16248320]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-12-27 988736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2007-07-19 15360]

"SvrWsc"="" [N/A]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMBalloonTip"= 1 (0x1)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]

"NoAutoUpdate"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srvFFC]

@="service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\TARDIS95.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\System32\\dpvsetup.exe"=

"c:\\Program Files\\Steam\\SteamApps\\ryanehlers18\\counter-strike source\\hl2.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"56477:TCP"= 56477:TCP:Pando Media Booster

"56477:UDP"= 56477:UDP:Pando Media Booster

.

R0 shdbus;shdbus;c:\windows\system32\drivers\SHDBUS.sys [5/9/2006 3:26 PM 3328]

R0 Shield;Shield;c:\windows\system32\drivers\Shield.sys [5/9/2006 3:26 PM 61568]

R0 Shieldf;Shieldf;c:\windows\system32\drivers\Shieldf.sys [5/9/2006 3:26 PM 18944]

R0 shieldm;shieldm;c:\windows\system32\drivers\Shieldm.sys [5/9/2006 3:26 PM 11904]

S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\c:\windows\system32\eLock2BurnerLockDriver.sys --> c:\windows\system32\eLock2BurnerLockDriver.sys [?]

S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\c:\windows\system32\eLock2FSCTLDriver.sys --> c:\windows\system32\eLock2FSCTLDriver.sys [?]

S2 srvFFC;srvFFC;c:\windows\system32\svchost.exe -k netsvcs [8/10/2004 8:00 PM 14336]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/7/2011 4:09 PM 39984]

S3 XDva092;XDva092;\??\c:\windows\system32\XDva092.sys --> c:\windows\system32\XDva092.sys [?]

S3 XDva143;XDva143;\??\c:\windows\system32\XDva143.sys --> c:\windows\system32\XDva143.sys [?]

S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

srvFFC

.

.

------- Supplementary Scan -------

.

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

TCP: DhcpNameServer = 172.27.35.1

FF - ProfilePath - c:\documents and settings\Unknown\Application Data\Mozilla\Firefox\Profiles\ywo49adf.default\

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e142122&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-07 18:31

Windows 5.1.2600 Service Pack 3, v.3180 FAT NTAPI

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srvFFC]

"servicedll"="\\?\globalroot\Device\HarddiskVolume2\Documents and Settings\Unknown\Local Settings\Temp\srvFFC.tmp"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1028)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(588)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-07-07 18:34:58

ComboFix-quarantined-files.txt 2011-07-08 00:34

ComboFix2.txt 2011-07-06 07:00

.

Pre-Run: 8,423,505,920 bytes free

Post-Run: 8,403,615,744 bytes free

.

- - End Of File - - FDFEBB86B89EC6A82DE780D5282D2248

Link to post
Share on other sites

Okay, no worries. Before we move on, let's see if we can remove ESET NOD32 ;):

Please download and install Revo Uninstaller (Freeware) from here. Then please run Revo Uninstaller and select ESET (or NOD32).

Please click Uninstall icon to uninstall the selected program.

2ev563d.gif

Please choose Advanced.

aubbd2.gif

Then click Next and follow the prompts.

Please click Select All (1.) and Delete (2.)

2hdphqf.gif

to delete all registry items, folders and files listed by Revo.

If asked to restart the computer, please do so immediately.

Let me know if that showed up there ;)

Link to post
Share on other sites

Please follow these instructions for de-registering ESET:

**Note: Make sure you only delete ESET products.

  • Go Start > Run and copy/paste wbemtest into the Run box and click 'OK'.
  • Click 'Connect'.
  • Copy/paste root\securitycenter into the box and click 'Connect'.
  • Click 'Query'.
  • Copy/paste SELECT * FROM AntivirusProduct under 'Enter Query' and click 'Apply'.
  • If there is more than one result, it means there is more than one Antivirus program registered.
  • Double-click on each result to view the properties for that Antivirus product.
  • Identify the product(s) registered by scrolling down to 'companyName' then click 'Close'.
  • In the 'Query Result' window, click 'Delete' for any Antivirus software that is no longer installed.
  • Click 'Close', then 'Exit'.

DO NOT use the WMI Tester in any way other than the one described above. If you cannot find ESET there to remove then just exit out of WMI Tester and let me know.

If there's any problems with the instructions I've given you then let me know. ;)

Let me know if that resolves the issue. :)

Link to post
Share on other sites

Glad to hear ESET is gone!

We still have some deep cleaning to do; please do the following ;)

Download the latest version of Kaspersky Virus Removal Tool

  • Close all other applications and double-click and run the installer.
  • When the Kaspersky Virus Removal Tool starts, to the right of Security Level click Recommended, and select Settings.
  • In the window that opens (Autoscan), in the Scope tab place a checkmark to the left of Parse email formats.
  • Click the Additional tab and click to place a checkmark to the left of Deep scan, and click OK.
  • Select all the scanable items except for CD-ROM drives and click the Start scan button.
    6zvqld.gif
  • If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all button
  • In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.
  • In the Scan window click the Reports button and select Save to file.
  • Name the report AVPT.txt, and save it to the Desktop.
  • Close AVPTool.
  • You will be prompted if you want to uninstall the program; click Yes.
  • You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
  • Copy and paste the first part of the report (Detected) that you saved in your next reply.

Link to post
Share on other sites

i clicked on your link for the download of kaspersky virus removal tool but when i installed it a different screen appeared.

the options i have are

-Automatic scan

-start scanning

-Manual disinfection

-settings (*/ gear symbol)

-reports (paper symbol)

-a big yellow button

lol, i clicked on settings and "Scan Scope" tab appeared but there was no "parse email formats" selection available.

so normally i would just start pressing buttons. but i figured i'd wait and see what you say.

Link to post
Share on other sites

i found pretty much everything and ran the scan. about 10 mins into it, the scan found a threat. i followed steps and clicked ok to restart computer because it required special disinfection but it stopped the scan right then and restarted. should i run another scan?

i saved the top part of the log but its huge. do you want me to post it?

Link to post
Share on other sites

allrighty

Automatic Scan: stopped 18 minutes ago (events: 14611, objects: 13560, time: 00:11:33)

7/8/2011 5:04:15 PM Task stopped

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.cat Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.Manifest Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.cat Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.cat Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0.Manifest Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0.cat Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.Manifest Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.cat Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.Manifest Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.Manifest Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.cat Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.Manifest Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.cat Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.Manifest Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.cat Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.Manifest Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\mui\muisetup.exe Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\baseeapconnectionpropertiesv1.xsd Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\baseeapmethodconfig.xsd Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\baseeapmethodusercredentials.xsd Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\baseeapuserpropertiesv1.xsd Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\eapcommon.xsd Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\eapconnectionpropertiesv1.xsd Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\eapgenericusercredentials.xsd Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\eaphostconfig.xsd Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\eaphostusercredentials.xsd Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\eaptlsconnectionpropertiesv1.xsd Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\eaptlsuserpropertiesv1.xsd Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\eapuserpropertiesv1.xsd Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\mschapv2connectionpropertiesv1.xsd Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\mschapv2userpropertiesv1.xsd Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\mspeapconnectionpropertiesv1.xsd Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\mspeapuserpropertiesv1.xsd Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\wirelessprofile.xdr Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\mspeapuserpropertiesv1.xdr Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Resources\1033\daVinci.theme Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\mspeapconnectionpropertiesv1.xdr Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\mschapv2userpropertiesv1.xdr Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\mschapv2connectionpropertiesv1.xdr Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\masterfile.xdr Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\locations.xdr Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\flashconfig.xdr Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\flashconfigdevice.xdr Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\eapuserpropertiesv1.xdr Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\eapconnectionpropertiesv1.xdr Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\baseeapuserpropertiesv1.xdr Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\baseeapconnectionpropertiesv1.xdr Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\wizard.xdr Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\ssid.xdr Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\register.xdr Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\help.xdr Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Provisioning\Schemas\branding.xdr Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Resources\1033\Aquarium.Theme Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Resources\1033\Space.Theme Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Resources\1033\Nature.Theme Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\AppPatch\AcGenral.dll Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Resources\Themes\Space\SpaceRecEmpty.ico Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Resources\Themes\Space\SpaceRecFull.ico Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Resources\Themes\Nature\NatureRecEmpty.ico Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Resources\Themes\Nature\NatureRecFull.ico Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Resources\Themes\DaVinci\daVinciRecEmpty.ico Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Resources\Themes\DaVinci\daVinciRecFull.ico Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Resources\Themes\Aquarium\AquariumRecEmpty.ico Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Resources\Themes\Aquarium\AquariumRecFull.ico Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Resources\Themes\Royale\Shell\NormalColor\ShellStyle.dll Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Resources\Themes\Royale\Energy Bliss.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead\shellstyle.dll Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic\shellstyle.dll Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor\shellstyle.dll Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Resources\Themes\Luna\luna.msstyles Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Resources\Themes\Uninstall_Royale_Theme.exe Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Resources\Themes\Royale.Theme Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Resources\Themes\Windows Classic.theme Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Resources\Themes\Luna.theme Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Debug\WPD\wpdtrace.log Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Debug\UserMode\userenv.log Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Debug\UserMode\userenv.bak Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Debug\mrt.log Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Debug\msert.log Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Debug\PASSWD.LOG Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\AppPatch\AcLayers.dll Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\AppPatch\AcLua.dll Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\AppPatch\AcSpecfc.dll Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\AppPatch\AcXtrnal.dll Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\AppPatch\acadproc.dll Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\AppPatch\apph_sp.sdb Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\AppPatch\apphelp.sdb Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\AppPatch\msimain.sdb Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\AppPatch\sysmain.sdb Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\AppPatch\drvmain.sdb Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\twain_32\wiatwain.ds Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\DaVinci.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Temp\Perflib_Perfdata_7c8.dat Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Temp\Perflib_Perfdata_57c.dat Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\security\Database\Service Pack 3.sdb Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\security\Database\update.sdb Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\security\Database\secedit.sdb Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\security\logs\scecomp.log Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\security\logs\scecomp.old Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\security\templates\setup security.inf Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\security\templates\securews.inf Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\security\templates\securedc.inf Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\security\templates\rootsec.inf Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\security\templates\hisecdc.inf Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\security\templates\hisecws.inf Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\security\templates\compatws.inf Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\security\tmp.edb Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\security\edb.chk Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Stream.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\security\res1.log Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\security\res2.log Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\security\edb.log Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Driver Cache\i386\Psisrndr.ax Skipped by user

7/8/2011 5:04:15 PM OK C:\WINDOWS\Driver Cache\i386\psisdecd.dll Object was not changed (iChecker)

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Driver Cache\i386\Msdvbnp.ax Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Driver Cache\i386\irmon.dll Skipped by user

7/8/2011 5:04:15 PM OK C:\WINDOWS\Driver Cache\i386\portcls.sys Object was not changed (iChecker)

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\addins\fxsext.ecf Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\New Bliss.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Acer.bmp Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Bliss.bmp Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Follow.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Azul.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Ripple.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Crystal.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Wind.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Tulips.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Stonehenge.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Radiance.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Purple flower.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Power.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Peace.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Home.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Friend.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Autumn.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Ascent.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Vortec space.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Red moon desert.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Moon flower.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\StarTracks.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Space.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Ocean.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Aquarium.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Spring.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\Wallpaper\Windows XP.jpg Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\printers\images\ipp_0015.gif Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\printers\images\ipp_0012.gif Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\printers\images\ipp_0005.gif Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\printers\images\ipp_0004.gif Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\printers\images\ipp_0003.gif Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\printers\images\ipp_0002.gif Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\printers\page1.asp Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\printers\ipp_util.inc Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\printers\ipp_0014.asp Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\printers\ipp_0013.asp Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\printers\ipp_0010.asp Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\printers\ipp_0007.asp Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\printers\ipp_0006.asp Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\printers\ipp_0005.asp Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\printers\ipp_0004.asp Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\printers\ipp_0002.asp Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\printers\ipp_0001.asp Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\printers\prtwebvw.css Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\printers\ipp_res.inc Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\printers\ipp_adsi.inc Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\printers\ipp_0015.asp Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\printers\ipp_0003.asp Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\printers\ipp_0000.inc Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\exclam.gif Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\bullet.gif Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\deskmovr.htt Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\safemode.htt Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\tip.htm Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Web\tips.gif Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winSpaceSysStart.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winSpaceSysExit.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winSpaceRestoreUp.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winSpaceRestoreDown.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winSpaceRecycle.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winSpaceQuestion.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winSpaceOpen.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winSpaceMinimize.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winSpaceMenuPopUp.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winSpaceMenuCMD.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winSpaceMaximize.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winSpaceExclamation.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winSpaceError.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winSpaceDefault.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winSpaceCritStop.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winSpaceClose.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winSpaceAsterisk.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winNatureSysStart.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winNatureSysExit.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winNatureRestoreUp.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winNatureRestoreDown.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winNatureRecycle.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winNatureQuestion.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winNatureOpen.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winNatureMinimize.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winNatureMenuPopUp.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winNatureMenuCMD.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winNatureMaximize.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winNatureExclamation.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\windaVinciMenuCMD.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winNatureError.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winAquariumExclamation.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winNatureDefault.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winAquariumError.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winNatureCritStop.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winAquariumDefault.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winNatureClose.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winAquariumCritStop.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winNatureAsterisk.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winAquariumClose.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\windaVinciSysStart.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winAquariumAsterisk.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\windaVinciSysExit.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\ir_inter.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\ir_end.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Ir_begin.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\windaVinciMenuPopUp.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\windaVinciRestoreUp.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Information Bar.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Pop-up Blocked.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Startup.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Start.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Shutdown.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Ringout.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Ringin.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Restore.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Recycle.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Print complete.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Notify.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Minimize.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Menu Command.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Logon Sound.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Logoff Sound.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Hardware Remove.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Hardware Insert.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Hardware Fail.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Exclamation.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Error.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Ding.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Default.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Critical Stop.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Battery Low.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Battery Critical.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\Windows XP Balloon.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\windaVinciRestoreDown.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\windaVinciRecycle.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\windaVinciQuestion.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\windaVinciOpen.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\windaVinciMinimize.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\windaVinciMaximize.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\windaVinciExclamation.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\windaVinciError.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\windaVinciDefault.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\windaVinciCritStop.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\windaVinciClose.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\windaVinciAsterisk.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winAquariumSysStart.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winAquariumSysExit.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winAquariumRestoreUp.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winAquariumRestoreDown.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winAquariumRecycle.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winAquariumQuestion.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winAquariumOpen.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winAquariumMinimize.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winAquariumMenuPopUp.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winAquariumMenuCMD.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\winAquariumMaximize.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\town.mid Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\tada.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\start.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\ringout.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\ringin.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\recycle.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\onestop.mid Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\notify.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\flourish.mid Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\ding.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\chimes.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Media\chord.wav Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\daVinciArrow.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\SpacePen.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\SpaceHelp.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\SpaceHand.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\SpaceArrow.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\AquariumArrow.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\AquariumHand.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\NaturePen.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\NatureHelp.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\NatureHand.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\NatureArrow.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\AquariumHelp.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\AquariumPen.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\daVinciPen.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\daVinciHelp.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\daVinciHand.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\SpaceWait.ani Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\daVinciApp.ani Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\AquariumWait.ani Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\daVinciWait.ani Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\NatureApp.ani Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\NatureWait.ani Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\SpaceApp.ani Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\AquariumApp.ani Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\help_i.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\cross_im.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\cross_il.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\cross_i.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\busy_im.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\busy_il.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\busy_i.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\beam_im.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\beam_il.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\beam_i.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\arrow_im.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\arrow_il.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\arrow_i.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\wait_rm.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\wait_rl.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\wait_r.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\up_rm.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\up_rl.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\up_r.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\size4_rm.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\size4_rl.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\size4_r.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\size3_rm.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\size3_rl.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\size3_r.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\size2_rm.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\size2_rl.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\size2_r.cur Skipped by user

7/8/2011 5:04:15 PM Not processed C:\WINDOWS\Cursors\size1_rm.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\size1_rl.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\size1_r.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\pen_rm.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\pen_rl.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\pen_r.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\no_rm.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\no_rl.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\no_r.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\move_rm.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\move_rl.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\move_r.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\help_rm.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\help_rl.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\help_r.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\cross_rm.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\cross_rl.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\cross_r.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\busy_rm.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\busy_rl.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\busy_r.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\beam_rm.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\beam_rl.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\beam_r.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\arrow_rm.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\arrow_rl.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\arrow_r.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\lwe.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\lwait.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\lnwse.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\lns.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\lnodrop.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\lnesw.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\lmove.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\libeam.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\lcross.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\larrow.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\lappstrt.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\hwe.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\hnwse.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\hns.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\hnodrop.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\hnesw.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\wait_m.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\hmove.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\wait_l.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\hibeam.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\up_m.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\hcross.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\up_l.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\harrow.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\size4_m.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\cross.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\size4_l.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\3dwwe.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\size3_m.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\3dwnwse.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\size3_l.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\3dwns.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\size2_m.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\3dwno.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\size2_l.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\3dwnesw.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\size1_m.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\3dwmove.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\size1_l.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\3dwarro.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\pen_m.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\3dsnwse.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\pen_l.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\3dsns.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\no_m.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\3dsmove.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\no_l.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\3dgwe.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\move_m.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\3dgnwse.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\move_l.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\3dgns.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\help_m.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\3dgno.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\help_l.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\3dgnesw.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\cross_m.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\3dgmove.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\cross_l.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\3dgarro.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\busy_m.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\wagtail.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\busy_l.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\vanisher.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\beam_m.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\stopwtch.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\beam_l.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\sizewe.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\arrow_m.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\sizenwse.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\arrow_l.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\sizens.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\wait_im.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\sizenesw.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\wait_il.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\raindrop.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\wait_i.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\rainbow.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\up_im.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\piano.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\up_il.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\metronom.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\up_i.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\hourglas.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\size4_im.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\hourgla3.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\size4_il.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\hourgla2.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\size4_i.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\horse.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\size3_im.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\handwe.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\size3_il.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\handwait.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\size3_i.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\handnwse.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\size2_im.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\handns.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\size2_il.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\handno.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\size2_i.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\handnesw.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\size1_im.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\handapst.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\size1_il.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\hand.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\size1_i.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\fillitup.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\pen_im.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\drum.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\banana.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\pen_il.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\dinosaur.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\pen_i.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\dinosau2.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\move_il.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\no_im.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\counter.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\no_il.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\coin.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\no_i.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\barber.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\move_im.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\appstart.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\move_i.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\appstar3.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\help_im.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\appstar2.ani Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Cursors\help_il.cur Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\msagent\chars\merlin.acs Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\msagent\intl\agt0401.dll Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\msagent\intl\agt0404.dll Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\msagent\intl\agt0405.dll Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.Manifest Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\Driver Cache\i386\sp2.cab Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\msagent\intl\agt040e.dll Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\msagent\intl\agt0407.dll Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.Manifest Skipped by user

7/8/2011 5:04:14 PM Not processed C:\WINDOWS\msagent\intl\agt0406.dll Skipped by user

7/8/2011 5:04:13 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/hal.dll

7/8/2011 5:04:13 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/epcl5res.dll

7/8/2011 5:04:13 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/ep9res.dll

7/8/2011 5:04:13 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/dmutil.dll

7/8/2011 5:04:13 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/ctmasetp.dll

7/8/2011 5:04:12 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/cnbjmon2.dll

7/8/2011 5:04:12 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/cnbjmon.dll

7/8/2011 5:04:12 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/ch7xxnt5.dll

7/8/2011 5:04:12 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/bthserv.dll

7/8/2011 5:04:12 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/bthci.dll

7/8/2011 5:04:12 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/atv10nt5.dll

7/8/2011 5:04:12 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/atv06nt5.dll

7/8/2011 5:04:12 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/atv04nt5.dll

7/8/2011 5:04:12 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/atv02nt5.dll

7/8/2011 5:04:11 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/atv01nt5.dll

7/8/2011 5:04:11 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/ativvaxx.dll

7/8/2011 5:04:11 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/ativtmxx.dll

7/8/2011 5:04:11 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/ati3duag.dll

7/8/2011 5:04:11 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/ati3d2ag.dll

7/8/2011 5:04:11 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/ati3d1ag.dll

7/8/2011 5:04:11 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/ati2dvag.dll

7/8/2011 5:04:11 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/ati2dvaa.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/ati2cqag.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\msagent\intl\agt0408.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\msagent\intl\agt0409.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\msagent\intl\agt040b.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\msagent\intl\agt040c.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\msagent\intl\agt040d.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\msagent\intl\agt0410.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\msagent\intl\agt0411.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\msagent\intl\agt0412.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\msagent\intl\agt0413.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\msagent\intl\agt0804.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/adv11nt5.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/adv09nt5.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/adv08nt5.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/adv07nt5.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/adv05nt5.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/adv02nt5.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\msagent\intl\agt0414.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\msagent\intl\agt0415.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\msagent\intl\agt0416.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\msagent\intl\agt0419.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\msagent\intl\agt041d.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\msagent\intl\agt041f.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\msagent\intl\agt0816.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\msagent\intl\agt0c0a.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\msagent\agentanm.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\msagent\agentdpv.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/adv01nt5.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/cxthsfs2.cty

7/8/2011 5:04:10 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/irprops.cpl

7/8/2011 5:04:10 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/bthprops.cpl

7/8/2011 5:04:10 PM OK C:\WINDOWS\msagent\agentctl.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\msagent\agentdp2.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\msagent\agentmpx.dll

7/8/2011 5:04:10 PM OK C:\WINDOWS\msagent\agentpsh.dll

7/8/2011 5:04:09 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/ativmc20.cod

7/8/2011 5:04:09 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/blutooth.chm

7/8/2011 5:04:09 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/blutooth.chm/bluetooth_install_mouse.htm

7/8/2011 5:04:09 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/blutooth.chm/bluetooth_install_modem.htm

7/8/2011 5:04:09 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/blutooth.chm/bluetooth_install_keyboard.htm

7/8/2011 5:04:09 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/blutooth.chm/bluetooth_install_cellphone.htm

7/8/2011 5:04:09 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/blutooth.chm/bluetooth_enable_services_wireless.htm

7/8/2011 5:04:09 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/blutooth.chm/bluetooth_enable_discovery.htm

7/8/2011 5:04:09 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/blutooth.chm/bluetooth_dun_overview.htm

7/8/2011 5:04:09 PM OK C:\WINDOWS\msagent\agentsr.dll

7/8/2011 5:04:09 PM OK C:\WINDOWS\msagent\agentsvr.exe

7/8/2011 5:04:09 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/blutooth.chm/bluetooth_create_internet_conn.htm

7/8/2011 5:04:09 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/blutooth.chm/bluetooth_change_device_name.htm

7/8/2011 5:04:09 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/blutooth.chm/bluetooth.hhk

7/8/2011 5:04:09 PM Archive: CHM C:\WINDOWS\Driver Cache\i386\sp2.cab/blutooth.chm

7/8/2011 5:04:09 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/delta.cdf

7/8/2011 5:04:09 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/vidcap.ax

7/8/2011 5:04:09 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/psisrndr.ax

7/8/2011 5:04:09 PM OK C:\WINDOWS\msagent\mslwvtts.dll

7/8/2011 5:04:09 PM OK C:\WINDOWS\msagent\agtctl15.tlb

7/8/2011 5:04:09 PM OK C:\WINDOWS\msagent\agtintl.dll

7/8/2011 5:04:09 PM OK C:\WINDOWS\Fonts\vrinda.ttf

7/8/2011 5:04:09 PM OK C:\WINDOWS\Fonts\kartika.ttf

7/8/2011 5:04:09 PM OK C:\WINDOWS\Fonts\ariblk.ttf

7/8/2011 5:04:09 PM OK C:\WINDOWS\Fonts\impact.ttf

7/8/2011 5:04:09 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/msdvbnp.ax

7/8/2011 5:04:09 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/ksxbar.ax

7/8/2011 5:04:09 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/kswdmcap.ax

7/8/2011 5:04:09 PM OK C:\WINDOWS\Fonts\micross.ttf

7/8/2011 5:04:08 PM OK C:\WINDOWS\Fonts\simsun.ttc

7/8/2011 5:04:08 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/kstvtune.ax

7/8/2011 5:04:08 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/ksproxy.ax Object was not changed (iChecker)

7/8/2011 5:04:08 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/ipsink.ax

7/8/2011 5:04:08 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/dshowext.ax

7/8/2011 5:04:08 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/bdaplgin.ax

7/8/2011 5:04:08 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/ativmvxx.ax

7/8/2011 5:04:08 PM OK C:\WINDOWS\Driver Cache\i386\sp2.cab/ativdaxx.ax

7/8/2011 5:04:08 PM Archive: CAB C:\WINDOWS\Driver Cache\i386\sp2.cab

7/8/2011 5:04:08 PM OK C:\WINDOWS\Fonts\tahoma.ttf

7/8/2011 5:04:08 PM OK C:\WINDOWS\Fonts\tahomabd.ttf

7/8/2011 5:04:08 PM OK C:\WINDOWS\Fonts\Verdanaz.TTF

7/8/2011 5:04:08 PM OK C:\WINDOWS\Fonts\Verdanai.TTF

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\Verdanab.TTF

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\Georgiaz.TTF

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\Verdana.TTF

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\TahomSCB.TTF

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\SCRIPTBL.TTF

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\Georgiai.TTF

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\Georgiab.TTF

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\Georgia.TTF

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\Comicbd.TTF

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\Comic.TTF

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\smallfr.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\smaller.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\seriffr.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\serifer.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\cvgasys.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\ega80866.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\ega40866.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\courfr.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\courer.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\cga80866.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\cga40866.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\app866.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\app855.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\85855.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\8514sysr.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\8514oemr.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\8514fixr.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\vgasysg.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\vgafixg.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\vga869.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\vga950.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\vga737.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\sseriffg.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\cvgafix.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\sserifeg.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\c8514sys.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\smallfg.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\serifeg.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\c8514oem.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\smalleg.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\c8514fix.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\seriffg.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\app950.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\mingliu.ttc

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\ega80869.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\vga936.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\ega80737.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\svgasys.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\ega40869.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\svgafix.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\ega40737.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\s8514sys.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\dos737.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\s8514oem.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\courfg.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\s8514fix.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\coureg.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\app936.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\cga80869.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\simhei.ttf

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\cga80737.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\cga40869.fon

7/8/2011 5:04:07 PM OK C:\WINDOWS\Fonts\vga949.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\cga40737.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\hvgasys.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\8514sysg.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\hvgafix.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\8514oemg.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\h8514sys.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\8514fixg.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\h8514oem.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\vgas1257.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\h8514fix.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\vgaf1257.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\app949.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\vga775.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\batang.ttc

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\gulim.ttc

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\ssef1257.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\smae1257.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\ssee1257.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\vga932.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\smaf1257.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\jvgasys.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\jvgafix.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\serf1257.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\msgothic.ttc

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\jsmallf.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\sere1257.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\jsmalle.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\couf1257.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\j8514sys.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\coue1257.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\j8514oem.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\app775.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\j8514fix.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\85s1257.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\app932.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\85f1257.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\85775.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\segmcr.ttf

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\msmincho.ttc

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\vgasyse.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\segmcsb.ttf

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\vgafixe.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\vga852.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\vgasyst.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\sseriffe.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\vgafixt.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\sserifee.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\vga857.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\smallfe.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\sserifft.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\smallee.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\sserifet.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\seriffe.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\smallft.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\serifee.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\smallet.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\cga80852.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\ega80852.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\serifft.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\ega40852.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\serifet.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\courfe.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\ega80857.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\couree.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\ega40857.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\8514oeme.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\courft.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\cga40852.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\couret.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\app852.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\cga80857.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\8514syse.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\cga40857.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\app857.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\8514fixe.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\8514syst.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\vga865.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\8514oemt.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\vga863.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\8514fixt.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\vga860.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\vgasysr.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\smallf.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\vgafixr.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\app850.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\vga866.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\8514sys.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\vga855.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\8514oem.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\sseriffr.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\8514fix.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\sserifer.fon

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\lsansi.ttf

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\lsansdi.ttf

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\lsansd.ttf

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\lsans.ttf

7/8/2011 5:04:06 PM OK C:\WINDOWS\Fonts\times.ttf

7/8/2011 5:04:05 PM OK C:\WINDOWS\Fonts\timesbd.ttf

7/8/2011 5:04:05 PM OK C:\WINDOWS\Fonts\arialbd.ttf

7/8/2011 5:04:05 PM OK C:\WINDOWS\Fonts\trebuc.ttf

7/8/2011 5:04:05 PM OK C:\WINDOWS\Fonts\arial.ttf

7/8/2011 5:04:05 PM OK C:\WINDOWS\Fonts\seriff.fon

7/8/2011 5:04:05 PM OK C:\WINDOWS\Fonts\wst_swed.fon

7/8/2011 5:04:05 PM OK C:\WINDOWS\Fonts\wst_span.fon

7/8/2011 5:04:05 PM OK C:\WINDOWS\Fonts\wst_ital.fon

7/8/2011 5:04:05 PM OK C:\WINDOWS\Fonts\wst_germ.fon

7/8/2011 5:04:05 PM OK C:\WINDOWS\Fonts\wst_fren.fon

7/8/2011 5:04:05 PM OK C:\WINDOWS\Fonts\wst_engl.fon

7/8/2011 5:04:05 PM OK C:\WINDOWS\Fonts\wst_czec.fon

7/8/2011 5:04:05 PM OK C:\WINDOWS\Fonts\vga850.fon

7/8/2011 5:04:05 PM OK C:\WINDOWS\Fonts\sseriff.fon

7/8/2011 5:04:05 PM OK C:\WINDOWS\Fonts\courf.fon

7/8/2011 5:04:05 PM OK C:\WINDOWS\Fonts\framdit.ttf

7/8/2011 5:04:05 PM OK C:\WINDOWS\Fonts\framd.ttf

7/8/2011 5:04:05 PM OK C:\WINDOWS\Fonts\ega80850.fon

7/8/2011 5:04:05 PM OK C:\WINDOWS\Fonts\ega40850.fon

7/8/2011 5:04:05 PM OK C:\WINDOWS\Fonts\desktop.ini

7/8/2011 5:04:05 PM OK C:\WINDOWS\Fonts\cga80850.fon

7/8/2011 5:04:04 PM OK C:\WINDOWS\Fonts\cga40850.fon

7/8/2011 5:04:04 PM OK C:\WINDOWS\Fonts\wingding.ttf

7/8/2011 5:04:03 PM OK C:\WINDOWS\Fonts\webdings.ttf

7/8/2011 5:04:02 PM OK C:\WINDOWS\Fonts\trebucit.ttf

7/8/2011 5:04:01 PM OK C:\WINDOWS\Fonts\trebucbi.ttf

7/8/2011 5:04:01 PM OK C:\WINDOWS\Fonts\symbol.ttf

7/8/2011 5:04:00 PM OK C:\WINDOWS\Fonts\timesi.ttf

7/8/2011 5:04:00 PM OK C:\WINDOWS\Fonts\timesbi.ttf

7/8/2011 5:04:00 PM OK C:\WINDOWS\Fonts\palai.ttf

7/8/2011 5:03:59 PM OK C:\WINDOWS\Fonts\palabi.ttf

7/8/2011 5:03:58 PM OK C:\WINDOWS\Fonts\palab.ttf

7/8/2011 5:03:58 PM OK C:\WINDOWS\Fonts\pala.ttf

7/8/2011 5:03:57 PM OK C:\WINDOWS\Fonts\lucon.ttf

7/8/2011 5:03:57 PM OK C:\WINDOWS\Fonts\l_10646.ttf

7/8/2011 5:03:56 PM OK C:\WINDOWS\Fonts\couri.ttf

7/8/2011 5:03:56 PM OK C:\WINDOWS\Fonts\courbi.ttf

7/8/2011 5:03:56 PM OK C:\WINDOWS\Fonts\courbd.ttf

7/8/2011 5:03:55 PM OK C:\WINDOWS\Fonts\cour.ttf

7/8/2011 5:03:54 PM OK C:\WINDOWS\Fonts\trebucbd.ttf

7/8/2011 5:03:54 PM OK C:\WINDOWS\Fonts\ariali.ttf

7/8/2011 5:03:54 PM OK C:\WINDOWS\Fonts\arialbi.ttf

7/8/2011 5:03:53 PM OK C:\WINDOWS\Fonts\mvboli.ttf

7/8/2011 5:03:53 PM OK C:\WINDOWS\Fonts\marlett.ttf

7/8/2011 5:03:52 PM OK C:\WINDOWS\Fonts\serife.fon

7/8/2011 5:03:51 PM OK C:\WINDOWS\Fonts\sserife.fon

7/8/2011 5:03:51 PM OK C:\WINDOWS\Fonts\coure.fon

7/8/2011 5:03:50 PM OK C:\WINDOWS\Fonts\symbole.fon

7/8/2011 5:03:49 PM OK C:\WINDOWS\Fonts\smalle.fon

7/8/2011 5:03:49 PM OK C:\WINDOWS\Fonts\modern.fon

7/8/2011 5:03:48 PM OK C:\WINDOWS\Fonts\script.fon

7/8/2011 5:03:47 PM OK C:\WINDOWS\Fonts\roman.fon

7/8/2011 5:03:47 PM OK C:\WINDOWS\Fonts\cga40woa.fon

7/8/2011 5:03:46 PM OK C:\WINDOWS\Fonts\cga80woa.fon

7/8/2011 5:03:46 PM OK C:\WINDOWS\Fonts\ega40woa.fon

7/8/2011 5:03:45 PM OK C:\WINDOWS\Fonts\ega80woa.fon

7/8/2011 5:03:44 PM OK C:\WINDOWS\Fonts\dosapp.fon

7/8/2011 5:03:43 PM OK C:\WINDOWS\Fonts\vgafix.fon

7/8/2011 5:03:43 PM OK C:\WINDOWS\Fonts\vgasys.fon

7/8/2011 5:03:42 PM OK C:\WINDOWS\Fonts\vgaoem.fon

7/8/2011 5:03:42 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Scr\tour.js

7/8/2011 5:03:41 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Scr\tour.js/JIM

7/8/2011 5:03:40 PM OK C:\WINDOWS\Help\mail\smtpsnap.cnt

7/8/2011 5:03:39 PM OK C:\WINDOWS\Help\mail\smtpsnap.hlp

7/8/2011 5:03:38 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\viz.wmv

7/8/2011 5:03:36 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\rtuner.wmv

7/8/2011 5:03:35 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\nuskin.wmv

7/8/2011 5:03:34 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\mdlib.wmv

7/8/2011 5:03:33 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\copycd.wmv

7/8/2011 5:03:32 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Scr\events.js

7/8/2011 5:03:32 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Scr\events.js/JIM

7/8/2011 5:03:32 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Scr\controls.js

7/8/2011 5:03:31 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Scr\controls.js/JIM

7/8/2011 5:03:22 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm9.gif

7/8/2011 5:03:22 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm8.gif

7/8/2011 5:03:21 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm7.gif

7/8/2011 5:03:21 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm6.gif

7/8/2011 5:03:20 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm5.gif

7/8/2011 5:03:20 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm4.gif

7/8/2011 5:03:19 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm3.gif

7/8/2011 5:03:19 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm2.gif

7/8/2011 5:03:18 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm1.gif

7/8/2011 5:03:18 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\tplayh.gif

7/8/2011 5:03:17 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\tplay.gif

7/8/2011 5:03:17 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\tpauseh.gif

7/8/2011 5:03:16 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\tpause.gif

7/8/2011 5:03:16 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\taonh.gif

7/8/2011 5:03:15 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\taon.gif

7/8/2011 5:03:15 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\taoffh.gif

7/8/2011 5:03:14 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\taoff.gif

7/8/2011 5:03:14 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\cnth.gif

7/8/2011 5:03:13 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\cntd.gif

7/8/2011 5:03:13 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\cnt.gif

7/8/2011 5:03:12 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\cloapph.gif

7/8/2011 5:03:12 PM OK C:\WINDOWS\Help\wuauhelp.chm

7/8/2011 5:03:12 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\cloapp.gif

7/8/2011 5:03:12 PM OK C:\WINDOWS\Help\wuauhelp.chm/autoupdate_install.htm

7/8/2011 5:03:11 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\bktrh.gif

7/8/2011 5:03:11 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\bktr.gif

7/8/2011 5:03:10 PM OK C:\WINDOWS\Help\wuauhelp.chm/autoupdate_how_works.htm

7/8/2011 5:03:10 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\vidsamp.gif

7/8/2011 5:03:10 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\videobg.gif

7/8/2011 5:03:09 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\tourbg.gif

7/8/2011 5:03:09 PM OK C:\WINDOWS\Help\wuauhelp.chm/autoupdate_faq.htm

7/8/2011 5:03:09 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\mplogoh.gif

7/8/2011 5:03:08 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\mplogo.gif

7/8/2011 5:03:08 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Css\wmptour.css

7/8/2011 5:03:07 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Css\controls.css

7/8/2011 5:03:07 PM OK C:\WINDOWS\Help\wuauhelp.chm/autoupdate_downloading.htm

7/8/2011 5:03:06 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\contents.htm

7/8/2011 5:03:06 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\wmploc.js

7/8/2011 5:03:06 PM OK C:\WINDOWS\Help\wuauhelp.chm/autoupdate_decline.htm

7/8/2011 5:03:05 PM OK C:\WINDOWS\Help\apps_sp.chm

7/8/2011 5:03:05 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud9.wav

7/8/2011 5:03:05 PM OK C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud8.wav

7/8/2011 5:03:04 PM OK C:\WINDOWS\Help\wuauhelp.chm/autoupdate_check_new.htm

7/8/2011 5:03:04 PM OK C:\WINDOWS\Help\apps_sp.chm/idh_w2_20077_40D.htm

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.