# Hijack This log. SVCHOST problem



## Nightmare (Sep 23, 2004)

svchost keeps on starting and eating up more thatn 50% of my resources. I stop it and it starts again. I also have Google as my default search engine but when I click on a link, I get redirected to varoious ad sites and never to the link that I clicked on.

Also, when svchost starts again, my computers beeps, sometimes three or four times.

I have CA antivirus running.

I have run Malwarebytes and also Superantispyware toc clean my system but the problem persists.

Any advice?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:21:50 AM, on 2/1/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baynews9.com/weather/klystron9?animate=hillsborough
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 94.63.147.16 www.google.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CA Anti-Phishing Toolbar Helper - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll
O3 - Toolbar: CA Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\casc.exe"
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [dlldevice] %APPDATA%\dlldevice.exe
O4 - HKLM\..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [dlldevice] %APPDATA%\dlldevice.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266880529093
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://www.gunbroker.com/WebResourc...ksu6ajL4Qvm6a-2VX8ROm8K0&t=634230999680000000
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB31DA00-4F6F-4CC7-8627-C5A142E1FC7C} (SyncXfer Class) - http://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: 1235904601_m7d_opf_260209 - 1235904601_m7d_opf_260209.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: hemine - {9d6fac42-a7be-4702-87ef-75d8dc14249e} - (no file)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAAMSvc - CA - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32 Intelligent Application Manager (IAM) (clr_optimization_v2.0.50727_32 Intelligent Application Manager (IAM)) - Unknown owner - C:\WINDOWS\system32\acodel.exe (file missing)
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32lanmanserver (clr_optimization_v2.0.50727_32lanmanserver) - Unknown owner - C:\WINDOWS\system32\ALSndMgre.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HID Input Service HidServNla (HidServNla) - Unknown owner - C:\WINDOWS\system32\apcupsr.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: TM Engine (UmxEngine) - CA - C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe

--
End of file - 10625 bytes

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702
Run by Steven at 10:37:53 on 2012-02-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2102 [GMT -5:00]
.
AV: CA Anti-Virus Plus *Enabled/Updated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
FW: CA Personal Firewall *Enabled* 
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamscanner.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.baynews9.com/weather/klystron9?animate=hillsborough
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CA Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
TB: CA Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [<NO NAME>] 
mRun: [dlldevice] %APPDATA%\dlldevice.exe
mRun: [dplaysvr] %APPDATA%\dplaysvr.exe
dRun: [dplaysvr] %APPDATA%\dplaysvr.exe
dRun: [dlldevice] %APPDATA%\dlldevice.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\VetRedir.dll
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266880529093
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.gunbroker.com/WebResource.axd?d=Qydpf0KIwF1Fr6RRPI2vp09Qx7960W1PefrwdgTL1YWRWyUo6in6PN6VS7m59gst6zjhnPK4xtevtkkiPAeNbVdLz1lm1BKvO-eVx_B2d1Lb7EFrywmMr-EfCQUqniwFPL_qr5-6LT50B9lSJqZDgme2Vksu6ajL4Qvm6a-2VX8ROm8K0&t=634230999680000000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DB31DA00-4F6F-4CC7-8627-C5A142E1FC7C} - hxxp://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{709889B9-1732-4423-80DE-B9F188664A3D} : DhcpNameServer = 192.168.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: 1235904601_m7d_opf_260209 - 1235904601_m7d_opf_260209.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
AppInit_DLLs: UmxSbxExw.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {9d6fac42-a7be-4702-87ef-75d8dc14249e} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 94.63.147.16	www.google.com
.
============= SERVICES / DRIVERS ===============
.
R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2011-7-29 164944]
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2011-7-29 123984]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2011-1-24 13696]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2011-7-29 83536]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2011-7-29 63056]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2011-7-28 116304]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 67664]
R1 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver;c:\windows\system32\ZDCndis5.sys [2009-3-25 20736]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-31 116608]
R2 CAAMSvc;CAAMSvc;c:\program files\ca\ca internet security suite\ca anti-virus plus\CAAMSvc.exe [2011-5-30 206152]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2011-5-30 222544]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2011-5-30 206160]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-1-29 21992]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2011-7-29 150608]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2011-7-29 82000]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2007-2-24 23200]
R2 uacFlt;Plantronics USB Audio Adapter EQ Filter Driver;c:\windows\system32\drivers\uacflt.sys [2007-3-3 21276]
R2 UmxEngine;TM Engine;c:\program files\ca\sharedcomponents\tmengine\UmxEngine.exe [2011-4-4 662096]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\MAudioDelta.sys [2011-1-26 302472]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2011-7-29 331344]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-1-29 27632]
S0 ajxm;ajxm;c:\windows\system32\drivers\ebynkc.sys --> c:\windows\system32\drivers\ebynkc.sys [?]
S2 clr_optimization_v2.0.50727_32 Intelligent Application Manager (IAM);.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32 Intelligent Application Manager (IAM);c:\windows\system32\acodel.exe srv --> c:\windows\system32\acodel.exe srv [?]
S2 clr_optimization_v2.0.50727_32lanmanserver;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32lanmanserver;c:\windows\system32\alsndmgre.exe srv --> c:\windows\system32\ALSndMgre.exe srv [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-30 136176]
S2 HidServNla;HID Input Service HidServNla;c:\windows\system32\apcupsr.exe srv --> c:\windows\system32\apcupsr.exe srv [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-1-24 1684736]
S3 APL531;35mm Film Scanner;c:\windows\system32\drivers\filmscan.sys --> c:\windows\system32\drivers\FILMSCAN.sys [?]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-30 136176]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [2008-8-7 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [2008-8-7 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [2008-8-7 60816]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NPUSB;NPUSB;c:\windows\system32\drivers\npusb.sys [2007-2-24 15360]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [2006-3-20 1452032]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 RioDrv;Rio600 driver;c:\windows\system32\drivers\riodrv.sys [2001-8-17 12032]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-12-16 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-12-16 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-12-16 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-12-16 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-12-16 98568]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 12872]
S3 STTub203;Thrustmaster HOTAS USB Bulk Out;c:\windows\system32\drivers\sttub203.sys --> c:\windows\system32\drivers\STTub203.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2003-7-16 14336]
.
=============== Created Last 30 ================
.
2012-02-01 15:13:20	388096	----a-r-	c:\documents and settings\steven\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-31 22:42:33	12568	----a-w-	c:\windows\system32\drivers\PROCEXP113.SYS
2012-01-21 17:39:17	--------	d-----w-	c:\documents and settings\steven\System
2012-01-21 17:39:17	--------	d-----w-	c:\documents and settings\steven\application data\SmartDraw
2012-01-21 17:28:26	--------	d-----w-	C:\SmartDraw 2012
2012-01-18 04:20:11	--------	d-----w-	c:\windows\system32\wbem\repository\FS
2012-01-18 04:20:10	--------	d-----w-	c:\windows\system32\wbem\Repository
2012-01-12 21:33:33	--------	d-----w-	c:\documents and settings\steven\local settings\application data\Mozilla
2012-01-12 21:33:15	--------	d-----w-	c:\program files\Aurora
.
==================== Find3M ====================
.
2012-01-12 21:37:20	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57:19	293376	----a-w-	c:\windows\system32\winsrv.dll
2011-11-23 13:25:32	1859584	----a-w-	c:\windows\system32\win32k.sys
2011-11-18 12:35:08	60416	----a-w-	c:\windows\system32\packager.exe
2011-11-16 14:21:44	354816	----a-w-	c:\windows\system32\winhttp.dll
2011-11-16 14:21:44	152064	----a-w-	c:\windows\system32\schannel.dll
2011-11-04 19:20:51	916992	----a-w-	c:\windows\system32\wininet.dll
2011-11-04 19:20:51	43520	------w-	c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51	1469440	------w-	c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59	385024	------w-	c:\windows\system32\html.iec
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500KS-00MJB0 rev.02.01C03 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89CD949F]<< 
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89ce0738]; MOV EAX, [0x89ce08ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B01AAB8]
3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000007c[0x8AFA1510]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8B021940]
\Driver\atapi[0x8A7E02D8] -> IRP_MJ_CREATE -> 0x89CD949F
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89CD92C6
user & kernel MBR OK 
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 10:45:19.79 ===============


----------



## Nightmare (Sep 23, 2004)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/1/2006 12:40:56 AM
System Uptime: 2/1/2012 10:02:09 AM (0 hours ago)
.
Motherboard: BIOSTAR Group | | TA790GX 128M
Processor: AMD Phenom(tm) II X2 545 Processor | CPU 1 | 3000/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 119.439 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 42.692 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1448: 11/20/2011 3:39:16 PM - System Checkpoint
RP1449: 11/23/2011 4:35:49 PM - System Checkpoint
RP1450: 11/24/2011 5:20:18 PM - System Checkpoint
RP1451: 11/30/2011 7:50:01 AM - Software Distribution Service 3.0
RP1452: 12/1/2011 8:40:02 AM - System Checkpoint
RP1453: 12/2/2011 2:02:16 PM - System Checkpoint
RP1454: 12/3/2011 2:29:23 PM - System Checkpoint
RP1455: 12/4/2011 3:18:21 PM - System Checkpoint
RP1456: 12/5/2011 4:05:07 PM - System Checkpoint
RP1457: 12/6/2011 4:56:25 PM - System Checkpoint
RP1458: 12/15/2011 11:14:31 PM - System Checkpoint
RP1459: 12/18/2011 2:47:40 AM - Software Distribution Service 3.0
RP1460: 12/19/2011 11:33:14 AM - System Checkpoint
RP1461: 12/20/2011 1:53:46 PM - System Checkpoint
RP1462: 12/21/2011 3:24:31 PM - System Checkpoint
RP1463: 12/22/2011 4:08:33 PM - System Checkpoint
RP1464: 12/23/2011 6:32:57 PM - System Checkpoint
RP1465: 12/24/2011 7:04:31 PM - System Checkpoint
RP1466: 12/26/2011 1:20:53 PM - System Checkpoint
RP1467: 12/27/2011 1:57:52 PM - System Checkpoint
RP1468: 12/28/2011 3:45:24 PM - System Checkpoint
RP1469: 12/30/2011 12:05:50 PM - System Checkpoint
RP1470: 12/31/2011 9:42:35 AM - Software Distribution Service 3.0
RP1471: 1/1/2012 1:28:02 PM - System Checkpoint
RP1472: 1/2/2012 1:46:10 PM - System Checkpoint
RP1473: 1/3/2012 3:35:22 PM - System Checkpoint
RP1474: 1/4/2012 6:12:42 PM - System Checkpoint
RP1475: 1/6/2012 1:37:06 AM - System Checkpoint
RP1476: 1/7/2012 1:44:23 AM - System Checkpoint
RP1477: 1/8/2012 7:51:36 AM - System Checkpoint
RP1478: 1/9/2012 8:53:34 AM - System Checkpoint
RP1479: 1/10/2012 4:32:42 PM - System Checkpoint
RP1480: 1/11/2012 6:46:43 PM - System Checkpoint
RP1481: 1/11/2012 11:28:41 PM - Software Distribution Service 3.0
RP1482: 1/12/2012 9:52:02 PM - Software Distribution Service 3.0
RP1483: 1/14/2012 12:42:11 PM - System Checkpoint
RP1484: 1/15/2012 1:49:00 PM - System Checkpoint
RP1485: 1/16/2012 2:52:41 PM - System Checkpoint
RP1486: 1/17/2012 11:17:33 PM - Restore Operation
RP1487: 1/17/2012 11:27:01 PM - Unsigned driver install
RP1488: 1/18/2012 12:46:33 PM - Installed HP Product Detection
RP1489: 1/18/2012 12:46:45 PM - Installed Hewlett-Packard ACLM.NET v1.1.0.0.
RP1490: 1/19/2012 12:56:33 PM - System Checkpoint
RP1491: 1/20/2012 2:55:39 PM - System Checkpoint
RP1492: 1/21/2012 12:37:33 PM - Removed Google Earth Plug-in.
RP1493: 1/22/2012 1:03:39 PM - System Checkpoint
RP1494: 1/23/2012 5:10:26 PM - System Checkpoint
RP1495: 1/24/2012 9:24:05 PM - System Checkpoint
RP1496: 1/26/2012 11:22:47 AM - System Checkpoint
RP1497: 1/27/2012 2:51:28 PM - System Checkpoint
RP1498: 1/28/2012 4:09:52 PM - System Checkpoint
RP1499: 1/29/2012 4:44:55 PM - System Checkpoint
RP1500: 1/30/2012 5:09:56 PM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Audition 1.5
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS3
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Viewer CS3
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader 9.1.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe XMP Panels CS4
APH placeholder
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Attribute Changer 6.10b
AutoUpdate
BluScenes: Coral Reef Aquarium
Bonjour
BufferChm
CA Anti-Phishing
CA Anti-Virus Plus
CA Backup and Migration
CA Internet Security Suite
CA Personal Firewall
CameraDrivers
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDDRV_Installer
CNET TechTracker
Connect
CPUID CPU-Z 1.56
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
DeLorme Earthmate GPS PN-20 Update
DeLorme Topo USA 6
DeLorme Topo USA 6.0
DeLorme Topo USA 6.0 DVD Data
DeLorme Topo USA 6.0 Merge Modules
DeLorme Topo USA 6.0 PN Merge Modules
Destinations
DeviceManagementQFolder
DivX
DNAMigrator
DVD43 v4.4.1
Earthmate Image Tagger
eSupportQFolder
Falcon 4 Free Falcon
Falcon 4.0: Allied Force
Foxware
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.0.0
HiJackThis
HijackThis 2.0.2
HiTilesAF
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Driver Diagnostics
HP Extended Capabilities 5.3
HP Imaging Device Functions 5.3
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Product Assistant
HP Product Detection
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
Image Plugin
InstaCodecs
Ipswitch WS_FTP LE
Java(TM) 6 Update 15
Java(TM) 6 Update 3
KhalInstallWrapper
kuler
LightScribe 1.8.15.1
Logitech Harmony Remote Software 7
Logitech SetPoint
Logitech Updater
M-Audio Delta Driver 6.0.2 (x86)
Magellan Content Manager
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
MGI PhotoSuite II SE (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Pro Step by Step Interactive
Microsoft Office XP Standard
Microsoft Publisher 97
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVCMergeModules
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
NVIDIA Control Panel 266.58
NVIDIA Graphics Driver 266.58
NVIDIA Install Application
NVIDIA nView 135.50
NVIDIA nView Desktop Manager
PerfectDisk
Philips Device Manager
Philips Device Plug-in
Photoshop Camera Raw
PrimaScan 2400U
PS470
PSPrinters08
PSTAPlugin
QuickTime
Qurb
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Roxio Drag-to-Disc
Roxio Easy Media Creator 9 Suite
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SetPointPatch
Skins
SolutionCenter
Sonic CinePlayer DVD Pack
Spelling Dictionaries Support For Adobe Reader 9
Status
Street Atlas USA 2004
Street Atlas USA 2004 Data
Suite Shared Configuration CS4
SUPERAntiSpyware Free Edition
SureThing CD Labeler Deluxe Trial 5
TeamSpeak 2 RC2
TrayApp
TWC Customer Controls
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB896256)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
ViewSonic Windows XP Signed Files
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
Xingtone Ringtone Maker
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
2/1/2012 9:30:42 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
1/31/2012 9:49:01 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
1/31/2012 9:15:10 AM, error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: Access is denied.
1/31/2012 9:15:10 AM, error: Rasman [20035] - Remote Access Connection Manager failed to start because it could not create buffers. Restart the computer. Access is denied.
1/31/2012 8:54:50 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/30/2012 8:51:14 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:.
.
==== End Of File ===========================


----------



## Nightmare (Sep 23, 2004)

I'm going to hang onto the gmer log unless I have to post it. Lots of personal information there.


----------



## Nightmare (Sep 23, 2004)

Mods - please delete the data in this thread as it no longer applies.. Windows XP crashed and I had to recover windows using a boot disk. Will post new logs once I run Hijack This and other as incated in the now post.

Thanks


----------



## Nightmare (Sep 23, 2004)

I caught a nasty Google redirect virus last week, even while running my CA Anti Virus. The redirect would cause any links that I selected from a Google search to send me to other sites that were pimping various wares. It also caused the scvhost to start, restart, and continually restart to do who knows what, even after I terminated the process using the Task Manager. 

While posting the Hijack This and other logs in the Malware section for help, my computer crashed and I got the BSOD. Upon restart, I would get BSODs and I could not get the system to boot either normally or in safe mode. The BSOD indicated a kdcom.dll as the problem at first. I replaced the kdcom.dll file with the windows disk I386 file copy. Upon trying to reboot, I got another BSOD for atapi.sys. I wound up rebuilding my boot.ini file and finally made it into safe mode where I move all the needed data I had on the D and C drives to a external disk. But upon restarting windows, I got another BSOD and could not get into windows and I could not get the BSOD data because even is I selected no reboot upon BSOD, the screen would immediatly shut down. I finally ended up using a boot CD to get into windows, however, I need to use a boot cd to get into windows every time as I still get a BSOD or black screen if I try to load windows off the HDD, even when using the new boot.ini file.

I need help to stabilize windows to be able to start it up independent of a boot cd so that I can tackle the malware/virus issue which does not seem to be a prevelant factor now that windows is running and the redirect is gone, I suspect from a bootable cd.

I have run a complete CA scan for viruses and none are detected on the entire system including the external storage device. Same with MalwareBytes and Super Anti Spyware

I have also noted that each time I try to boot, my D drive gets a warning to chkdsk every time. I am now running the Seagate Sea Tools "Fix All Long" on my Seagate drive to see if there are any bad sectors that are causing the chkdsk utility to want to run each time windows starts. Windows is loaded on the C drive.

What can I do to help you help me fix this problem?


TIA


----------



## Cookiegal (Aug 27, 2003)

Please do not start a new thread to add new information. I've merged your threads together here.

I've also edited out the name of the boot CD as we do not support its use here due to copyright violation issues.

Please double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.*

Open the ark.txt file and copy and paste the contents of the log here please.


----------



## Nightmare (Sep 23, 2004)

I can not post the log under copy and paste. I have tried twice and IE8 gives a warning that there is a sctipt file running and it ask if I want to cancel the script. I indicate no and IE refreshed to a blank screen.

The ark.txt file has the "Show All" checked so I do not know if the file is too big or not.

Also, while running Gmer the first time, there was a pwer failure. I rebooted into Windows XP Rebuild (this is using the boot.ini file that I had to create when the system was BSODing. While running Gmer once the system rebooted, the Gmer program crashed. I ran it again to completion.

The ark.txt file is 2.11 MB.


----------



## Cookiegal (Aug 27, 2003)

Please zip the file and then you should be able to attach it.


----------



## Nightmare (Sep 23, 2004)

Here is the Zip file.


----------



## Cookiegal (Aug 27, 2003)

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool (Vista/Windows 7 users - right click to run as administrator) and allow it to download the Avast database.

Click *Scan*.

Upon completion of the scan, click *Save log* then save it to your desktop and post that log in your next reply for review. 
*Note - do NOT attempt any Fix yet. *


----------



## Nightmare (Sep 23, 2004)

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-07 12:46:47
-----------------------------
12:46:47.171 OS Version: Windows 5.1.2600 Service Pack 3
12:46:47.171 Number of processors: 2 586 0x402
12:46:47.171 ComputerName: MACHINEMASTER UserName: Steven
12:46:50.953 Initialize success
12:47:49.578 AVAST engine defs: 12020701
12:48:18.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:48:18.250 Disk 0 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238475MB BusType: 3
12:48:18.265 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-e
12:48:18.265 Disk 1 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 3
12:48:18.265 Device \Driver\atapi -> DriverStartIo 8a1ae2c6
12:48:18.312 Disk 0 MBR read successfully
12:48:18.328 Disk 0 MBR scan
12:48:18.484 Disk 0 Windows XP default MBR code
12:48:18.500 Disk 0 MBR hidden
12:48:18.500 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 305243 MB offset 63
12:48:18.546 Disk 0 scanning sectors +488376000
12:48:18.640 Disk 0 scanning C:\WINDOWS\system32\drivers
12:48:18.640 Service scanning
12:48:20.906 Modules scanning
12:48:22.906 Disk 0 trace - called modules:
12:48:22.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a1ae49f]<<
12:48:22.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8affa968]
12:48:22.953 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000081[0x8b017278]
12:48:22.968 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> [0x8b010940]
12:48:22.984 \Driver\atapi[0x8aa66308] -> IRP_MJ_CREATE -> 0x8a1ae49f
12:48:23.640 AVAST engine scan C:\WINDOWS
12:48:30.625 AVAST engine scan C:\WINDOWS\system32
12:48:44.515 AVAST engine scan C:\WINDOWS\system32\drivers
12:48:51.484 AVAST engine scan C:\Documents and Settings\Steven
12:48:58.437 AVAST engine scan C:\Documents and Settings\All Users
12:48:58.468 Scan finished successfully
12:49:24.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Steven\Desktop\MBR.dat"
12:49:24.843 The log file has been saved successfully to "C:\Documents and Settings\Steven\Desktop\aswMBR.txt"


----------



## Cookiegal (Aug 27, 2003)

Please go to the following link and download and run TDSSKiller:

http://support.kaspersky.com/viruses/solutions?qid=208280684

Allow it cure anything if prompted.

Please post the log back here.


----------



## Nightmare (Sep 23, 2004)

Which one do you want me to do? Cure it as indicated in the third line or _*not*_ cure it as indicated on line 9?


----------



## Cookiegal (Aug 27, 2003)

Sorry, allow it to cure.


----------



## Nightmare (Sep 23, 2004)

TDSS ran and found something and required a reboot but there is not log. I missed the log under the "Report" button before the reboot. There are some quarentined folders in the TDSS folder on the C drive but nothing in either .log or .txt. Is there a way to recover the log file?

During the reboot, my system again asked me to run a check disk for the D drive. It does this everytime I reboot.

I think that this is what it found. It is contained in an object file in the TDSS folder.

[InfectedObject]
Verdict: Rootkit.Boot.Pihar.b


----------



## Cookiegal (Aug 27, 2003)

Please download *TDSSQLook* to your desktop. Double-click TDSSQlook.exe to run the program and select option A. This option will just scan and create a log called TDSSQ.txt on your desktop. Please open the log in Notepad and copy and paste the contents here.


----------



## Nightmare (Sep 23, 2004)

Not a valid Win32 application error.


----------



## Nightmare (Sep 23, 2004)

Tried it again and got his.

*TDSSKiller Quarantine Information log* 
Version 1.0.0.4 
***** START SCAN Tue 02/07/2012 16:19:40.96 *****

---------- *TDSSKiller logs* ----------

TDSSKiller.2.7.10.0_07.02.2012_13.23.58_log.txt 
TDSSKiller.2.7.10.0_07.02.2012_13.30.13_log.txt 
TDSSKiller.2.7.10.0_07.02.2012_13.33.34_log.txt

---------- *TDSSStarter logs* ----------

---------- *DIR LIST* ----------

C:\TDSSKiller_Quarantine\07.02.2012_13.23.58
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\object.ini
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\mbr0000
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\mbr0000\tsk0001.dta
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\mbr0000\object.ini
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\mbr0000\tsk0000.dta
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\mbr0000\tsk0000.ini
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\mbr0000\tsk0001.ini
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\object.ini
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0009.ini
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0008.ini
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0007.ini
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0007.dta
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0006.ini
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0006.dta
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0005.ini
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0005.dta
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0003.ini
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0004.ini
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0003.dta
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0002.ini
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0002.dta
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0001.ini
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0000.ini
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0000.dta

---------- *INI FILES* ----------

=== *C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\object.ini*

[InfectedObject]
Verdict: Rootkit.Boot.Pihar.b

=== *C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\mbr0000\object.ini*

[InfectedObject]
Type: MBR
Name: \Device\Harddisk0\DR0

=== *C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\mbr0000\tsk0000.ini*

[InfectedFile]
Type: Raw image

=== *C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\mbr0000\tsk0001.ini*

[InfectedFile]
Type: Raw BB image

=== *C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\object.ini*

[InfectedObject]
Verdict: TDSS File System
Name: \Device\Harddisk0\DR0

=== *C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0000.ini*

[InfectedFile]
Name: phm
Size: 512
File time: 2012/01/31 02:38:16.0812

=== *C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0001.ini*

[InfectedFile]
Name: ph.dll
Size: 28672
File time: 2012/01/31 02:38:16.0828

=== *C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0002.ini*

[InfectedFile]
Name: phx.dll
Size: 3072
File time: 2012/01/31 02:38:16.0859

=== *C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0003.ini*

[InfectedFile]
Name: phd
Size: 28672
File time: 2012/01/31 02:38:16.0859

=== *C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0004.ini*

[InfectedFile]
Name: phdx
Size: 22016
File time: 2012/01/31 02:38:16.0890

=== *C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0005.ini*

[InfectedFile]
Name: phs
Size: 152
File time: 2012/01/31 02:38:17.0046

=== *C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0006.ini*

[InfectedFile]
Name: phdata
Size: 96
File time: 2012/01/31 02:38:17.0062

=== *C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0007.ini*

[InfectedFile]
Name: phld
Size: 1247
File time: 2012/01/31 02:38:17.0062

=== *C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0008.ini*

[InfectedFile]
Name: phln
Size: 3142
File time: 2012/01/31 02:38:17.0093

=== *C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0009.ini*

[InfectedFile]
Name: phlx
Size: 3656
File time: 2012/01/31 02:38:17.0218


----------



## Cookiegal (Aug 27, 2003)

OK, please run aswmbr again and post the new log.


----------



## Nightmare (Sep 23, 2004)

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-07 17:35:04
-----------------------------
17:35:04.031 OS Version: Windows 5.1.2600 Service Pack 3
17:35:04.031 Number of processors: 2 586 0x402
17:35:04.031 ComputerName: MACHINEMASTER UserName: Steven
17:35:04.703 Initialize success
17:35:08.546 AVAST engine defs: 12020701
17:35:20.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:35:20.453 Disk 0 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238475MB BusType: 3
17:35:20.453 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-e
17:35:20.468 Disk 1 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 3
17:35:20.468 Disk 0 MBR read successfully
17:35:20.484 Disk 0 MBR scan
17:35:20.500 Disk 0 Windows XP default MBR code
17:35:20.500 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
17:35:20.515 Disk 0 scanning sectors +488376000
17:35:20.593 Disk 0 scanning C:\WINDOWS\system32\drivers
17:35:38.562 Service scanning
17:35:40.234 Modules scanning
17:35:45.281 Disk 0 trace - called modules:
17:35:45.343 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys amdide.sys PCIIDEX.SYS 
17:35:45.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8affb968]
17:35:45.359 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000081[0x8b012510]
17:35:45.375 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b011940]
17:35:46.328 AVAST engine scan C:\
17:36:34.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Steven\Desktop\MBR.dat"
17:36:34.953 The log file has been saved successfully to "C:\Documents and Settings\Steven\Desktop\aswMBR1.txt"

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-07 17:37:07
-----------------------------
17:37:07.281 OS Version: Windows 5.1.2600 Service Pack 3
17:37:07.281 Number of processors: 2 586 0x402
17:37:07.281 ComputerName: MACHINEMASTER UserName: Steven
17:37:08.046 Initialize success
17:37:11.890 AVAST engine defs: 12020701
17:37:14.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:37:14.140 Disk 0 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238475MB BusType: 3
17:37:14.156 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-e
17:37:14.156 Disk 1 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 3
17:37:14.171 Disk 0 MBR read successfully
17:37:14.187 Disk 0 MBR scan
17:37:14.234 Disk 0 Windows XP default MBR code
17:37:14.250 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
17:37:14.265 Disk 0 scanning sectors +488376000
17:37:14.343 Disk 0 scanning C:\WINDOWS\system32\drivers
17:37:34.421 Service scanning
17:37:36.531 Modules scanning
17:37:44.187 Disk 0 trace - called modules:
17:37:44.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys amdide.sys PCIIDEX.SYS 
17:37:44.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8affb968]
17:37:44.250 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000081[0x8b012510]
17:37:44.265 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b011940]
17:37:45.171 AVAST engine scan C:\WINDOWS
17:37:57.625 AVAST engine scan C:\WINDOWS\system32
17:41:59.703 AVAST engine scan C:\WINDOWS\system32\drivers
17:42:29.968 AVAST engine scan C:\Documents and Settings\Steven
18:03:19.359 AVAST engine scan C:\Documents and Settings\All Users
18:07:06.812 Scan finished successfully
18:15:05.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Steven\Desktop\MBR.dat"
18:15:05.078 The log file has been saved successfully to "C:\Documents and Settings\Steven\Desktop\aswMBR1.txt"


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## Nightmare (Sep 23, 2004)

I have to uninstall my CA Anti Virus for ComboFix to run.


----------



## Cookiegal (Aug 27, 2003)

OK, we'll use something else.

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
Under the *Additional Scans *section put a check in the box next to Disabled MS Config Items, Drivers32, NetSvcs, SafeBoot Minimal and EventViewer logs (Last 10 errors)
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## Nightmare (Sep 23, 2004)

It's alright. I have free access to CA so I went ahead and unloaded it. Here is the ComboFix log (puppy.exe as you requested)

ComboFix 12-02-07.01 - Steven 02/07/2012 18:43:08.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2762 [GMT -5:00]
Running from: c:\documents and settings\Steven\Desktop\puppy.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-07 to 2012-02-07 )))))))))))))))))))))))))))))))
.
.
2012-02-07 18:25 . 2012-02-07 18:25	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-02-07 17:20 . 2012-02-07 17:20	--------	d-----w-	c:\documents and settings\Steven\Local Settings\Application Data\WinZip
2012-02-07 17:18 . 2012-02-07 17:20	--------	d-----w-	c:\documents and settings\All Users\Application Data\WinZip
2012-02-06 02:03 . 2012-02-06 02:03	--------	d-----w-	c:\program files\Microsoft.NET
2012-02-06 01:06 . 2012-02-06 01:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\Seagate
2012-02-06 01:06 . 2012-02-06 01:06	44384	----a-w-	c:\windows\system32\drivers\tifsfilt.sys
2012-02-06 01:06 . 2012-02-06 01:06	441760	----a-w-	c:\windows\system32\drivers\timntr.sys
2012-02-06 01:06 . 2012-02-06 01:06	132224	----a-w-	c:\windows\system32\drivers\snapman.sys
2012-02-06 01:06 . 2012-02-06 01:06	368480	----a-w-	c:\windows\system32\drivers\tdrpman.sys
2012-02-06 01:05 . 2012-02-06 02:13	--------	d-----w-	c:\program files\Seagate
2012-02-06 01:05 . 2012-02-06 01:06	--------	d-----w-	c:\program files\Common Files\Seagate
2012-02-02 19:23 . 2012-02-07 23:36	--------	d-----w-	c:\documents and settings\All Users\Application Data\CA
2012-02-01 15:13 . 2012-02-01 15:13	388096	----a-r-	c:\documents and settings\Steven\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-31 14:07 . 2012-01-31 14:07	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-01-21 17:39 . 2012-01-21 18:00	--------	d-----w-	c:\documents and settings\Steven\Application Data\SmartDraw
2012-01-21 17:28 . 2012-01-21 17:29	--------	d-----w-	C:\SmartDraw 2012
2012-01-18 17:46 . 2012-01-18 17:46	--------	d-----w-	c:\program files\Hewlett-Packard
2012-01-18 04:20 . 2012-01-18 04:20	--------	d-----w-	c:\windows\system32\wbem\Repository
2012-01-12 21:33 . 2012-01-12 21:33	--------	d-----w-	c:\documents and settings\Steven\Local Settings\Application Data\Mozilla
2012-01-12 21:33 . 2012-01-13 03:59	--------	d-----w-	c:\program files\Aurora
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-05 16:57 . 2011-06-15 13:25	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-04 19:28 . 2012-02-04 19:28	9072	----a-w-	c:\windows\system32\drivers\22100
2011-11-25 21:57 . 2003-07-16 16:45	293376	----a-w-	c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2003-07-16 16:45	1859584	----a-w-	c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2003-07-16 16:34	60416	----a-w-	c:\windows\system32\packager.exe
2011-11-16 14:21 . 2007-01-19 02:25	354816	----a-w-	c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2003-07-16 16:37	152064	----a-w-	c:\windows\system32\schannel.dll
.
.
((((((((((((((((((((((((((((( [email protected]_18.39.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-06 02:07 . 2012-02-06 02:07	21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
- 2011-05-30 14:26 . 2011-10-07 17:48	95568 c:\windows\system32\vetredir.dll
+ 2011-05-30 14:26 . 2011-05-30 08:01	95568 c:\windows\system32\vetredir.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15	51024 c:\windows\system32\vcomp100.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15	80720 c:\windows\system32\mfcm100u.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15	80208 c:\windows\system32\mfcm100.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15	60752 c:\windows\system32\mfc100rus.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15	43344 c:\windows\system32\mfc100kor.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15	43856 c:\windows\system32\mfc100jpn.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15	62288 c:\windows\system32\mfc100ita.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15	64336 c:\windows\system32\mfc100fra.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15	63824 c:\windows\system32\mfc100esn.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15	55120 c:\windows\system32\mfc100enu.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15	64336 c:\windows\system32\mfc100deu.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15	36176 c:\windows\system32\mfc100cht.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15	36176 c:\windows\system32\mfc100chs.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	70472 c:\windows\system32\dxva2.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	17760 c:\windows\system32\aspnet_counters.dll
+ 2008-06-08 00:00 . 2008-06-08 00:00	12800 c:\windows\system32\acrotls.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	97624 c:\windows\Microsoft.NET\Framework\v4.0.30319\XamlBuildTask.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	87408 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsFormsIntegration.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	93024 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationTypes.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	35688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationProvider.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	17784 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Presentation.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	58240 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Input.Manipulations.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	67912 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	31576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WMINet_Utils.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	14160 c:\windows\Microsoft.NET\Framework\v4.0.30319\webengine.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	69960 c:\windows\Microsoft.NET\Framework\v4.0.30319\TLBREF.DLL
+ 2010-03-18 21:47 . 2010-03-18 21:47	29544 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.Hosting.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	70040 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.Design.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	24928 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Routing.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	81272 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.RegularExpressions.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	33144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DynamicData.Design.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	93576 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DataVisualization.Design.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	44920 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.ApplicationServices.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	24944 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Abstractions.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	28024 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.WasHosting.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	12168 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.ServiceMoniker40.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	37240 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Channels.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	95592 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Caching.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	64352 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Numerics.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	45952 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Thunk.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	86888 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.Design.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	51032 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Device.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	50552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.DataSetExtensions.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	81784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Configuration.Install.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	81800 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.DataAnnotations.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	39784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.Contract.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	68952 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll
+ 2010-03-18 19:58 . 2010-03-18 19:58	96088 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\SetupUtility.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16	78152 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16	18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\3082\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\3076\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\2070\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\2052\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1055\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1053\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1049\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1046\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1045\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1044\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1043\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	15192 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1042\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	15704 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1041\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1040\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1038\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	16728 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1037\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1036\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1035\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1033\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1032\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1031\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1030\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1029\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1028\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\1025\SetupResources.dll
+ 2010-03-18 19:58 . 2010-03-18 19:58	96088 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUtility.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16	78152 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16	18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3082\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\3076\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2070\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\2052\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1055\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1053\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1049\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1046\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1045\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	17752 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1044\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1043\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	15192 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1042\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	15704 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1041\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1040\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1038\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	16728 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1037\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1036\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1035\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1033\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	19288 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1032\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	18776 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1031\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1030\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	18264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1029\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1028\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\1025\SetupResources.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	17256 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceMonikerSupport.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	13648 c:\windows\Microsoft.NET\Framework\v4.0.30319\SbsNclPerf.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	58192 c:\windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16	32592 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16	52040 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16	21336 c:\windows\Microsoft.NET\Framework\v4.0.30319\normalization.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	27984 c:\windows\Microsoft.NET\Framework\v4.0.30319\MUI\0409\mscorsecr.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	15184 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsn.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	40784 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpe.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	20816 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreeis.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	96592  c:\windows\Microsoft.NET\Framework\v4.0.30319\MmcAspExt.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	21880 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe
+ 2010-03-18 21:47 . 2010-03-18 21:47	40304 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.STLCLR.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	12128 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.Dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	97680 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	38784 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Data.Entity.Build.Tasks.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	67968 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Conversion.v4.0.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	36168 c:\windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16	78168 c:\windows\Microsoft.NET\Framework\v4.0.30319\ISymWrapper.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	58200 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtilLib.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	27992 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16	42312 c:\windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	84296 c:\windows\Microsoft.NET\Framework\v4.0.30319\EdmGen.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16	11592 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16	88904 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	60248 c:\windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16	31048 c:\windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16	81248 c:\windows\Microsoft.NET\Framework\v4.0.30319\CustomMarshalers.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	95048 c:\windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
+ 2010-03-18 21:47 . 2010-03-18 21:47	32592 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
+ 2010-03-18 21:47 . 2010-03-18 21:47	35160 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
+ 2010-03-18 21:47 . 2010-03-18 21:47	30040 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
+ 2010-03-18 21:47 . 2010-03-18 21:47	19808 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
+ 2010-03-18 21:47 . 2010-03-18 21:47	78160 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_rc.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	30040 c:\windows\Microsoft.NET\Framework\v4.0.30319\Aspnet_perf.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	14168 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	24408 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_filter.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	30048 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16	29008 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16	29528 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16	29016 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16	17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\Accessibility.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	11608 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\FileTrackerUI.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	10064 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\CvtResUI.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	24400 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\alinkui.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	13648 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorlib.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	13648 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	13648 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	13648 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	13648 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	13648 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	13648 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	13648 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	13648 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	13648 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
+ 2012-02-06 02:03 . 2012-02-06 02:03	12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-07 17:19 . 2012-02-07 17:19	29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}\IconCD95F6617.exe
+ 2012-02-06 02:13 . 2012-02-06 02:13	11264 c:\windows\Installer\{98613C99-1399-416C-A07C-1EE1C585D872}\Icon98613C992.exe
+ 2012-02-06 02:10 . 2012-02-06 02:10	96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\0eb3c18ec758534395684f3ca286a201\UIAutomationProvider.ni.dll
+ 2012-02-06 02:12 . 2012-02-06 02:12	54784 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\70c840dc13aae2e1323b13d7b27030ae\System.Xaml.Hosting.ni.dll
+ 2012-02-06 02:25 . 2012-02-06 02:25	35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\9bbefd2263d8f2169ab3695798208293\System.Windows.Presentation.ni.dll
+ 2012-02-06 02:25 . 2012-02-06 02:25	24064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\9484262c4f1cfaace92aa9d1fee76025\System.Web.Routing.ni.dll
+ 2012-02-06 02:25 . 2012-02-06 02:25	46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\569a7210fae634e8827a1bd805922540\System.Web.DynamicData.Design.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\02068ef9dafba3308b13444b8f4e5940\System.Web.ApplicationServices.ni.dll
+ 2012-02-06 02:24 . 2012-02-06 02:24	24576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\0d2eb147f2b4b13af1141810688e2d5f\System.Web.Abstractions.ni.dll
+ 2012-02-06 02:24 . 2012-02-06 02:24	82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c3831eb95ccf3904bab81a97a9b08ed3\System.ServiceModel.Channels.ni.dll
+ 2012-02-06 02:24 . 2012-02-06 02:24	12288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\2ac3fd2abc9bb5eab553ef8e44ca77ca\System.ServiceModel.ServiceMoniker40.ni.dll
+ 2012-02-06 02:11 . 2012-02-06 02:11	78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\5c87f21925d5a61059ee68cef72841f4\System.AddIn.Contract.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	37376 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\6a8da5dd61b1fcfed27f84047a3e2bad\Microsoft.Workflow.Compiler.ni.exe
+ 2012-02-06 02:10 . 2012-02-06 02:10	11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\552a460a8bcf608aecc6418db0d40216\Microsoft.VisualC.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\01254caa0efc15b5cd48fb3178018701\Accessibility.ni.dll
+ 2008-06-08 11:11 . 2008-06-08 11:11	8704 c:\windows\system32\relog_ap.dll
- 2003-07-16 16:26 . 2003-07-16 16:26	7040 c:\windows\system32\kdcom.dll
+ 2001-08-18 12:00 . 2001-08-18 12:00	7040 c:\windows\system32\kdcom.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	8536 c:\windows\Microsoft.NET\NETFXRepair.3082.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	8536 c:\windows\Microsoft.NET\NETFXRepair.3076.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	8536 c:\windows\Microsoft.NET\NETFXRepair.2070.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	8024 c:\windows\Microsoft.NET\NETFXRepair.2052.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	8536 c:\windows\Microsoft.NET\NETFXRepair.1055.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	8536 c:\windows\Microsoft.NET\NETFXRepair.1053.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	9048 c:\windows\Microsoft.NET\NETFXRepair.1049.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	8536 c:\windows\Microsoft.NET\NETFXRepair.1046.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	8536 c:\windows\Microsoft.NET\NETFXRepair.1045.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	8536 c:\windows\Microsoft.NET\NETFXRepair.1044.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	8536 c:\windows\Microsoft.NET\NETFXRepair.1043.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	8536 c:\windows\Microsoft.NET\NETFXRepair.1042.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	8536 c:\windows\Microsoft.NET\NETFXRepair.1041.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	8536 c:\windows\Microsoft.NET\NETFXRepair.1040.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	8536 c:\windows\Microsoft.NET\NETFXRepair.1038.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	8536 c:\windows\Microsoft.NET\NETFXRepair.1037.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	9048 c:\windows\Microsoft.NET\NETFXRepair.1036.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	9048 c:\windows\Microsoft.NET\NETFXRepair.1035.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	8536 c:\windows\Microsoft.NET\NETFXRepair.1033.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	9048 c:\windows\Microsoft.NET\NETFXRepair.1032.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	8536 c:\windows\Microsoft.NET\NETFXRepair.1031.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	8536 c:\windows\Microsoft.NET\NETFXRepair.1030.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	8536 c:\windows\Microsoft.NET\NETFXRepair.1029.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	8024 c:\windows\Microsoft.NET\NETFXRepair.1028.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	8536 c:\windows\Microsoft.NET\NETFXRepair.1025.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelRegUI.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	8040 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\b9b6069e6da06eb57e89cc544397f735\dfsvc.ni.exe
+ 2012-02-06 02:03 . 2012-02-06 02:03	109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
+ 2009-10-16 22:24 . 2009-10-16 22:24	222488 c:\windows\system32\snapapi.dll
+ 2003-07-16 16:35 . 2012-02-07 23:40	533584 c:\windows\system32\perfh009.dat
+ 2003-07-16 16:35 . 2012-02-07 23:40	101044 c:\windows\system32\perfc009.dat
+ 2010-03-18 18:16 . 2010-03-18 18:16	771424 c:\windows\system32\msvcr100_clr0400.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15	770384 c:\windows\system32\msvcr100.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15	421200 c:\windows\system32\msvcp100.dll
+ 2009-09-24 05:30 . 2009-09-24 05:30	156488 c:\windows\system32\mscorier.dll
- 2011-11-30 14:12 . 2012-02-02 01:09	247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2011-11-30 14:12 . 2012-02-05 16:57	247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
- 2011-11-30 14:12 . 2012-02-02 01:09	335520 c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.dll
+ 2011-11-30 14:12 . 2012-02-05 16:57	335520 c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.dll
+ 2011-05-30 14:26 . 2011-05-30 08:01	206160 c:\windows\system32\Isafprod.dll
- 2011-05-30 14:26 . 2011-10-07 17:48	128336 c:\windows\system32\isafeif.dll
+ 2011-05-30 14:26 . 2011-05-30 08:01	128336 c:\windows\system32\isafeif.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	486216 c:\windows\system32\evr.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15	138056 c:\windows\system32\atl100.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	114520 c:\windows\Microsoft.NET\NETFXRepair.exe
+ 2010-03-18 21:47 . 2010-03-18 21:47	142672 c:\windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16	915800 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	753504 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16	350592 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClientsideProviders.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	163168 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClient.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	675672 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Speech.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	334688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Printing.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	581464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\ReachFramework.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	832856 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationUI.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	801136 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	181096 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	194424 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Royale.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	478576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Luna.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	167288 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Classic.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	232304 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Aero.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	587624 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationBuildTasks.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	807264 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NaturalLanguage6.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	492368 c:\windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	138592 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Linq.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	699224 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	431984 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.WorkflowServices.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	511344 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.Runtime.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	857960 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Services.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	826208 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Mobile.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	321912 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.Design.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	137568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Entity.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	132464 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Entity.Design.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	237928 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DynamicData.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	269672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Transactions.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	113512 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceProcess.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	316272 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Web.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	129912 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Routing.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	390008 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Discovery.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	505208 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activities.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	170872 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activation.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	261472 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Security.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	122264 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	291184 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Remoting.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	349568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.DurableInstancing.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	231760 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Net.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	253280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Messaging.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	134528 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.Instrumentation.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	378720 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	123736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IO.Log.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	125816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.Selectors.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	392552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.dll
+ 2010-03-18 05:51 . 2010-03-18 05:51	109568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Wrapper.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	246128 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	120152 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Dynamic.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	607064 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	182144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.Protocols.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	395120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	285072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.AccountManagement.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	829280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Deployment.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	747360 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.SqlXml.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	683368 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	178040 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Design.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	436600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Client.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	495984 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.OracleClient.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	683872 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Linq.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	804720 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Entity.Design.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	409448 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.configuration.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	210816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.Composition.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	149848 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	122248 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.DurableInstancing.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	525704 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Core.Presentation.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	112976 c:\windows\Microsoft.NET\Framework\v4.0.30319\sysglobl.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	124240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
+ 2009-08-31 10:44 . 2009-08-31 10:44	144416 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\sqmapi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	295248 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\SetupUi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	807256 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\SetupEngine.dll
+ 2010-03-18 23:55 . 2010-03-18 23:55	495616 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\netfx_extended_x86.msi
+ 2009-08-31 10:44 . 2009-08-31 10:44	144416 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\sqmapi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	295248 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupUi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16	807256 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\SetupEngine.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	173920 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2010-03-18 21:47 . 2010-03-18 21:47	181584 c:\windows\Microsoft.NET\Framework\v4.0.30319\peverify.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	121688 c:\windows\Microsoft.NET\Framework\v4.0.30319\PerfCounter.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	150856 c:\windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16	130384 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16	335184 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	110936 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsecimpl.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	372048 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	145752 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	413008 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	132944 c:\windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16	661352 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	349576 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	170368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	387960 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	746336 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.JScript.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	505184 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.CSharp.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	220024 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Utilities.v4.0.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	107376 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Framework.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	714600 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Engine.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	294728 c:\windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe
+ 2010-03-18 21:47 . 2010-03-18 21:47	173400 c:\windows\Microsoft.NET\Framework\v4.0.30319\FileTracker.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	794464 c:\windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	688472 c:\windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	129880 c:\windows\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	163672 c:\windows\Microsoft.NET\Framework\v4.0.30319\ComSvcConfig.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16	385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	498520 c:\windows\Microsoft.NET\Framework\v4.0.30319\AspNetMMCExt.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	102744 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16	105808 c:\windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16	105288 c:\windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	139088 c:\windows\Microsoft.NET\Framework\v4.0.30319\AdoNetDiag.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	255304 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\vbc7ui.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	255896 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\Microsoft.VisualBasic.Activities.CompilerUI.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	182088 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-02-06 01:34 . 2012-02-06 01:34	151552 c:\windows\Installer\8fab9.msi
+ 2012-02-06 02:13 . 2012-02-06 02:13	872960  c:\windows\Installer\2b9783.msi
+ 2012-02-06 02:07 . 2012-02-06 02:07	492544 c:\windows\Installer\22af5d.msi
+ 2012-02-07 17:19 . 2012-02-07 17:19	632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}\IconCD95F66110.exe
+ 2012-02-06 02:26 . 2012-02-06 02:26	399360 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\4daf91c66e01c3dd92b239feacaa8245\XamlBuildTask.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	353792 c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\3c0d21e75c9a48aba6fba3ddff0fcf39\WsatConfig.ni.exe
+ 2012-02-06 02:26 . 2012-02-06 02:26	245760 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\cc063533b04f9420d1aa571a36d1fabd\WindowsFormsIntegration.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	195584 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\5786f917a7b62d63ca8dd5b47aaf9610\UIAutomationTypes.ni.dll
+ 2012-02-06 02:26 . 2012-02-06 02:26	481792 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\ece129234f9ba9ad856d0e77e4849137\UIAutomationClient.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8eca92a64c232f34b5b559625b022369\System.Xml.Linq.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	187904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\18419dd13ced512c5f8dc15a79a601eb\System.Windows.Input.Manipulations.ni.dll
+ 2012-02-06 02:25 . 2012-02-06 02:25	192512 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\4cb0c81cca997d9fbecda9a1824f2fdb\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	218624 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\770e21411a66352a12b5d3f1e47e972e\System.Web.RegularExpressions.ni.dll
+ 2012-02-06 02:25 . 2012-02-06 02:25	858112 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\2e2096834f67f11a362be1e5c0da4d54\System.Web.Extensions.Design.ni.dll
+ 2012-02-06 02:24 . 2012-02-06 02:24	332288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\0d511c8f1da06cc18f2da9b593042841\System.Web.Entity.ni.dll
+ 2012-02-06 02:25 . 2012-02-06 02:25	296448 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\c69974f79eb0c96357fbf031df6d8ed0\System.Web.Entity.Design.ni.dll
+ 2012-02-06 02:24 . 2012-02-06 02:24	705536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\a1d43a413800a3fa024cba9161c34c44\System.Web.DynamicData.ni.dll
+ 2012-02-06 02:24 . 2012-02-06 02:24	256512 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\8fbe244f1f9ad9ce887c125bae44a50b\System.Web.DataVisualization.Design.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	645632 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dd9dbf82e44454689976a49a9e4ddb6d\System.Transactions.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	220672 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\6e7f1bdc845816dfc797f8002b76b5e8\System.ServiceProcess.ni.dll
+ 2012-02-06 02:12 . 2012-02-06 02:12	421888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\9e32918462a2d0c786fbf21a873cc358\System.ServiceModel.Activation.ni.dll
+ 2012-02-06 02:24 . 2012-02-06 02:24	365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\76a5d670ce969c0c65a905b7303d4bbf\System.ServiceModel.Routing.ni.dll
+ 2012-02-06 02:05 . 2012-02-06 02:05	721920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\09a97525ae5583cc2685e2c39a3078bd\System.Security.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	310272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d0ff3383438d688a0118d0fa19ed1dc4\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	767488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dc1f0dbf1d3ba856eccec90b62b55d79\System.Runtime.Remoting.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	239616 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\565496636c549f7f72fff7db554685b6\System.Runtime.Caching.ni.dll
+ 2012-02-06 02:05 . 2012-02-06 02:05	144896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\b07f0d26a34ad53fc369248f289d1126\System.Numerics.ni.dll
+ 2012-02-06 02:24 . 2012-02-06 02:24	651264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\dd5c866d2462dd913ed0a0287396aa50\System.Net.ni.dll
+ 2012-02-06 02:12 . 2012-02-06 02:12	625152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\3ab3e80af8e5e95a5a62092cc9293c91\System.Messaging.ni.dll
+ 2012-02-06 02:24 . 2012-02-06 02:24	392704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\8b5fe7aff54a7aed07287257a9b8e420\System.Management.Instrumentation.ni.dll
+ 2012-02-06 02:23 . 2012-02-06 02:23	405504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\150da10324f2811a48da58d3496bbe10\System.IO.Log.ni.dll
+ 2012-02-06 02:12 . 2012-02-06 02:12	228352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\386f41f744eedacd1517c8a15750a48b\System.IdentityModel.Selectors.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	230912 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\8b6e9d6171aad3561263ce2cd05c57df\System.EnterpriseServices.Wrapper.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	784896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\8b6e9d6171aad3561263ce2cd05c57df\System.EnterpriseServices.ni.dll
+ 2012-02-06 02:05 . 2012-02-06 02:05	373248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\1331ee3a7146218388537aa7e41303af\System.Dynamic.ni.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	223744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\8f9993d3eb4cd33d1452155f79b23d65\System.Drawing.Design.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	461824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\7f4419b6f829a2485d83b3c3e7b26a97\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-06 02:23 . 2012-02-06 02:23	911872 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\46a7f51ef1a9d917598b96f7a758a459\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-06 02:23 . 2012-02-06 02:23	112128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\36342e6024e2844502d0bdaa9d30971a\System.Device.ni.dll
+ 2012-02-06 02:23 . 2012-02-06 02:23	499712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\ec884cc78d6c5bb67bc2c819b1f00ee5\System.Data.Services.Design.ni.dll
+ 2012-02-06 02:11 . 2012-02-06 02:11	134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\caecc65b5c0ede0fe0d55b9f48ada80f\System.Data.DataSetExtensions.ni.dll
+ 2012-02-06 02:05 . 2012-02-06 02:05	973312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	145920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\aea1d325200e1a7b1ee7ec86fba33db4\System.Configuration.Install.ni.dll
+ 2012-02-06 02:11 . 2012-02-06 02:11	193536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\7d8e51e92fede804332703770695afdb\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-06 02:05 . 2012-02-06 02:05	690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\4a518b841f06ee4f07320159cf918a2c\System.ComponentModel.Composition.ni.dll
+ 2012-02-06 02:11 . 2012-02-06 02:11	613888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\767e70aec1ffb52f95c2b07c08fa0781\System.AddIn.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	402944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\8594d07d18330843968d649ed6ef6166\System.Activities.DurableInstancing.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	316928 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\38f0d77629891e7808424103aaef0728\SMSvcHost.ni.exe
+ 2012-02-06 02:10 . 2012-02-06 02:10	142336 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4d2a51c03b27e615ff9f1c430f2014ba\SMDiagnostics.ni.dll
+ 2012-02-06 02:05 . 2012-02-06 02:05	283648 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f5e029e2215c95ab38a1eefef7b32ac9\PresentationFramework.Classic.ni.dll
+ 2012-02-06 02:05 . 2012-02-06 02:05	450048 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3555f5f74c56fa92c0ab7a635af91bfa\PresentationFramework.Aero.ni.dll
+ 2012-02-06 02:05 . 2012-02-06 02:05	327168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\040571d65dc822e5df020d5e084f4b45\PresentationFramework.Royale.ni.dll
+ 2012-02-06 02:05 . 2012-02-06 02:05	656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\016f9a150fce0e0a4c93532d8fa4c749\PresentationFramework.Luna.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	273920 c:\windows\assembly\NativeImages_v4.0.30319_32\MSBuild\aa25092606e5e9826db7a7bd0adb9b2b\MSBuild.ni.exe
+ 2012-02-06 02:10 . 2012-02-06 02:10	219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\edcde6e8ccca7996c2e1ad40bd0f2758\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	418304 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\5f595338c63c2fdb5a171760c29d5bcf\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	629248 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\b384b96460ad28697e8990e56b0234d8\Microsoft.Build.Utilities.v4.0.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	257536 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\11ef4be6ee227fce3725d6df534297a4\Microsoft.Build.Framework.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	135680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\837fa037ca302e7432ea9913ae453e70\Microsoft.Build.Conversion.v4.0.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	193024 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\d2574c8ae333ff959be2e0d83121ad10\CustomMarshalers.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	471040 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\51819c709096229ee187a7feee395d9f\ComSvcConfig.ni.exe
+ 2012-02-06 02:10 . 2012-02-06 02:10	842752 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\03bf63d8ea6622a32b9a3fc6851801a9\AspNetMMCExt.ni.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15	4368720 c:\windows\system32\mfc100u.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15	4342088 c:\windows\system32\mfc100.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	1663320 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	1303896 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	6346600 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	3545952 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	2650464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsLexicons0009.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	4881752 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsData0009.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	2199880 c:\windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16	2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	1587064 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.ComponentModel.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	1070960 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Workflow.Activities.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	4982120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	1711496 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	1836904 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Extensions.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	5174608 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	1697144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.DataVisualization.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	6067048 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	1026936 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	3481928 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	5078360 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Design.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	4464480 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Entity.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	2970968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	1339736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	1462648 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Presentation.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	1199968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.dll
+ 2010-03-18 20:26 . 2010-03-18 20:26	1163264 c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\netfx_core_x86.msi
+ 2010-03-18 18:16 . 2010-03-18 18:16	5196112 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	1141592 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	2989456 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	1064816 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll
+ 2010-03-18 21:47 . 2010-03-18 21:47	1327968 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Build.dll
+ 2010-03-18 18:16 . 2010-03-18 18:16	1972552 c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
+ 2010-03-18 18:16 . 2010-03-18 18:16	6730056 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	1587064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.ComponentModel\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.ComponentModel.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	1070960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Activities.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	1836904 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	1697144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	5078360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	1327968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	1064816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Tasks.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.v4.0.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	5174608 c:\windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-02-06 02:03 . 2012-02-06 02:03	5196112 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-06 02:04 . 2012-02-06 02:04	2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-02-07 17:19 . 2012-02-07 17:19	1734144 c:\windows\Installer\5af6c1.msi
+ 2012-02-06 02:04 . 2012-02-06 02:04	1160192 c:\windows\Installer\22af57.msi
+ 2012-02-02 19:55 . 2012-02-02 19:55	9049600 c:\windows\Installer\{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}\{D2B942CC-0565-43C6-82F9-DE26EA4928E6}\HIPS2.msi
+ 2012-02-06 02:05 . 2012-02-06 02:05	3779072 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
+ 2012-02-06 02:26 . 2012-02-06 02:26	1055744 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\5904383f7c86f1374a14198872dfa7d8\UIAutomationClientsideProviders.ni.dll
+ 2012-02-06 02:12 . 2012-02-06 02:12	1332736 c:\windows\assembly\NativeImages_v4.0.30319_32\Temp\1dd8-0\System.Data.Services.Client.dll
+ 2012-02-06 02:05 . 2012-02-06 02:05	9000960 c:\windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
+ 2012-02-06 02:05 . 2012-02-06 02:05	5571584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	1776640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
+ 2012-02-06 02:26 . 2012-02-06 02:26	1203712 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\ad9facc364268611cc4ca65f77caeddd\System.WorkflowServices.ni.dll
+ 2012-02-06 02:26 . 2012-02-06 02:26	1956352 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\be049b8fe1bf23daab7e76159a7e00dd\System.Workflow.Runtime.ni.dll
+ 2012-02-06 02:26 . 2012-02-06 02:26	4428800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\467bcaca5f4d2914922f62772ea4ea7d\System.Workflow.ComponentModel.ni.dll
+ 2012-02-06 02:25 . 2012-02-06 02:25	2839552 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\544e73a3f3f2daea050f03e4c94e9a6d\System.Workflow.Activities.ni.dll
+ 2012-02-06 02:25 . 2012-02-06 02:25	4496384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\9cf13572472dc2efe8f3b7c2ab6198d3\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	1864704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\149f2dcb9c9706e592d1980a945850c2\System.Web.Services.ni.dll
+ 2012-02-06 02:25 . 2012-02-06 02:25	2324992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\c7b1290bb35d3e3c53d20e5928c9fa73\System.Web.Mobile.ni.dll
+ 2012-02-06 02:12 . 2012-02-06 02:12	3078144 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\0f643b7bd4525c3165733f6988bdbfe2\System.Web.Extensions.ni.dll
+ 2012-02-06 02:24 . 2012-02-06 02:24	4429312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\9df99ed350ef0a43fbcc1b9e586f1c7f\System.Web.DataVisualization.ni.dll
+ 2012-02-06 02:24 . 2012-02-06 02:24	1992192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\61a931da70f8078539a51cef3888d02d\System.Speech.ni.dll
+ 2012-02-06 02:24 . 2012-02-06 02:24	1127424 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\dbf07cb14b4dcc210cdf8b5d90a12a56\System.ServiceModel.Discovery.ni.dll
+ 2012-02-06 02:12 . 2012-02-06 02:12	1388032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\52481fccddb053768631c640d5059d4b\System.ServiceModel.Activities.ni.dll
+ 2012-02-06 02:11 . 2012-02-06 02:11	1046528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\51c60db370e050d9cdcac17060aaac53\System.ServiceModel.Web.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	2625024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e9f8a45b1063d6c6a62718c88a5623d1\System.Runtime.Serialization.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	1011200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f3989d3e9cb8904e4edf23ede5adb6c1\System.Runtime.DurableInstancing.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	1047040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\eb9369fc9393d29afe51e45cb49aa4be\System.Printing.ni.dll
+ 2012-02-06 02:12 . 2012-02-06 02:12	1159168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\6a6f4be744ed5bc5273cbcf0fcf303e3\System.Management.ni.dll
+ 2012-02-06 02:12 . 2012-02-06 02:12	1065984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\9eac876f58a3ebca8878b8654efdc817\System.IdentityModel.ni.dll
+ 2012-02-06 02:05 . 2012-02-06 02:05	1651200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	1151488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\5166bf93ac5239837c9c92b58d183ea6\System.DirectoryServices.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	1872384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\90fd7fc9fbf5f4eed9135996b515a38a\System.Deployment.ni.dll
+ 2012-02-06 02:05 . 2012-02-06 02:05	6754816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\92cccedc7cda413ff6fc6492cb256b58\System.Data.ni.dll
+ 2012-02-06 02:05 . 2012-02-06 02:05	2538496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\1fdd0961d8d07ef4d1fcaf30f0050c0a\System.Data.SqlXml.ni.dll
+ 2012-02-06 02:11 . 2012-02-06 02:11	2008576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\62f067f8572551df931b3ee6493383d7\System.Data.Services.ni.dll
+ 2012-02-06 02:23 . 2012-02-06 02:23	1332736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\685c7df1332a74aaa899f2bdb3beabc3\System.Data.Services.Client.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	1183744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\db33744fb49e77c7233adb50f07fe62a\System.Data.OracleClient.ni.dll
+ 2012-02-06 02:05 . 2012-02-06 02:05	2499072 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\87a713cee613d08ee04ae9483a9d4716\System.Data.Linq.ni.dll
+ 2012-02-06 02:11 . 2012-02-06 02:11	1398272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\7bab044e648dfea461b73dc898150539\System.Data.Entity.Design.ni.dll
+ 2012-02-06 02:05 . 2012-02-06 02:05	7025664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	4103168 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\931ad0783c03deb967760d5c2387274a\System.Activities.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	3691520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\a57e34a36f38a007aa24f1bd07a167ab\System.Activities.Presentation.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	1506304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\607df7a11c3334146664bc74130bc38f\System.Activities.Core.Presentation.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	2842624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\42f0e1a4e3081c50503d74ebc0540a60\ReachFramework.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	1622528 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\15578874ee1464dc6a3545d4be842e59\PresentationUI.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	1467904 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationBuildTa#\d0e67f49781c157069bc3298454354bd\PresentationBuildTasks.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	1819648 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e8ab3b63bade82c3522613f2b1240c0d\Microsoft.VisualBasic.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	1167872 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\2eef2f34c0295f1fe5d6d4441f9e790b\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	1133056 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\17921c875097ce0f638aa81a59093d3a\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	1079808 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\9952f66fc592ffc21b024803c8c955fd\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-06 02:12 . 2012-02-06 02:12	2441728 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\08b2c2639708ab20748653185d6b67be\Microsoft.JScript.ni.dll
+ 2012-02-06 02:05 . 2012-02-06 02:05	1612288 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\05503f37aef5261d80ccca19f8078679\Microsoft.CSharp.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	4226560 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build\3bfb841477d28ca866b91211f50199bb\Microsoft.Build.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	2850816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Tas#\8973265600edd2135ecf5e369a087dfb\Microsoft.Build.Tasks.v4.0.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	1914368 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Eng#\7cfd4a64a95807ee7cb6ae50cfabd93c\Microsoft.Build.Engine.ni.dll
+ 2012-02-06 01:06 . 2012-02-06 01:06	10541568 c:\windows\Installer\6e5e895.msi
+ 2012-02-06 02:05 . 2012-02-06 02:05	13006336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
+ 2012-02-06 02:10 . 2012-02-06 02:10	11912704 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web\a70842538614699d690561ef5f43598b\System.Web.ni.dll
+ 2012-02-06 02:12 . 2012-02-06 02:12	17919488 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\250b525aa8c17327216e102569c0d766\System.ServiceModel.ni.dll
+ 2012-02-06 02:07 . 2012-02-06 02:07	10847744 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\95a46d4775428acf5dd84f12aaa9f06f\System.Design.ni.dll
+ 2012-02-06 02:11 . 2012-02-06 02:11	13273600 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\642a7b3d47828fb0070a55cfeb58f42b\System.Data.Entity.ni.dll
+ 2012-02-06 02:05 . 2012-02-06 02:05	17629184 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll
+ 2012-02-06 02:05 . 2012-02-06 02:05	11057664 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
+ 2012-02-06 02:05 . 2012-02-06 02:05	14415872 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-16 1325936]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-16 904840]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-16 136544]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-09-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-08 16:22	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42	72208	----a-w-	c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk
backup=c:\windows\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-07-31 13:00	1116920	----a-w-	c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-08-10 16:10	221184	----a-w-	c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\Sonic Shared\\RoxioUPnPRenderer9.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
.
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1/24/2011 10:01 PM 13696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 11:43 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/31/2010 9:27 AM 116608]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [1/29/2011 10:31 AM 21992]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2/24/2007 12:48 AM 23200]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [10/16/2009 6:39 PM 431456]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\MAudioDelta.sys [1/26/2011 7:44 PM 302472]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [1/29/2010 10:21 AM 27632]
S0 ajxm;ajxm;c:\windows\system32\drivers\ebynkc.sys --> c:\windows\system32\drivers\ebynkc.sys [?]
S2 clr_optimization_v2.0.50727_32 Intelligent Application Manager (IAM);.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32 Intelligent Application Manager (IAM);c:\windows\system32\acodel.exe srv --> c:\windows\system32\acodel.exe srv [?]
S2 clr_optimization_v2.0.50727_32lanmanserver;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32lanmanserver;c:\windows\system32\ALSndMgre.exe srv --> c:\windows\system32\ALSndMgre.exe srv [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/30/2011 6:28 PM 136176]
S3 22100;22100;c:\windows\system32\drivers\22100 [2/4/2012 2:28 PM 9072]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/24/2011 10:20 PM 1684736]
S3 APL531;35mm Film Scanner;c:\windows\system32\Drivers\FILMSCAN.sys --> c:\windows\system32\Drivers\FILMSCAN.sys [?]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/30/2011 6:28 PM 136176]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [8/7/2008 11:48 AM 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [8/7/2008 11:48 AM 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [8/7/2008 11:50 AM 60816]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NPUSB;NPUSB;c:\windows\system32\drivers\npusb.sys [2/24/2007 1:37 AM 15360]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [3/20/2006 5:34 PM 1452032]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/3/2008 12:39 AM 47360]
S3 RioDrv;Rio600 driver;c:\windows\system32\drivers\riodrv.sys [8/17/2001 8:24 AM 12032]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [12/16/2007 12:58 PM 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [12/16/2007 12:58 PM 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [12/16/2007 12:58 PM 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [12/16/2007 12:58 PM 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [12/16/2007 12:58 PM 98568]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 12872]
S3 STTub203;Thrustmaster HOTAS USB Bulk Out;c:\windows\system32\Drivers\STTub203.sys --> c:\windows\system32\Drivers\STTub203.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [7/16/2003 11:41 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM	REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 21:53	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-30 23:27]
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-30 23:27]
.
2012-02-07 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\smartd~1\Messages\SDNotify.exe [2012-01-21 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.baynews9.com/weather/klystron9?animate=hillsborough
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.gunbroker.com/WebResource.axd?d=Qydpf0KIwF1Fr6RRPI2vp09Qx7960W1PefrwdgTL1YWRWyUo6in6PN6VS7m59gst6zjhnPK4xtevtkkiPAeNbVdLz1lm1BKvO-eVx_B2d1Lb7EFrywmMr-EfCQUqniwFPL_qr5-6LT50B9lSJqZDgme2Vksu6ajL4Qvm6a-2VX8ROm8K0&t=634230999680000000
DPF: {DB31DA00-4F6F-4CC7-8627-C5A142E1FC7C} - hxxp://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab
.
- - - - ORPHANS REMOVED - - - -
.
Notify-PFW - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-07 18:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\22100]
"ImagePath"="System32\DRIVERS\22100"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(832)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'lsass.exe'(888)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(2072)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-02-07 18:51:02
ComboFix-quarantined-files.txt 2012-02-07 23:51
ComboFix2.txt 2012-02-02 18:49
.
Pre-Run: 17,040,662,528 bytes free
Post-Run: 18,284,216,320 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect/NoExecute=Optin
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Broken Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
.
- - End Of File - - 541CC0AD51D4B6C4F74A6483CEA24D0C


----------



## Nightmare (Sep 23, 2004)

Hijack This log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:53:42 PM, on 2/7/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baynews9.com/weather/klystron9?animate=hillsborough
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266880529093
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://www.gunbroker.com/WebResourc...ksu6ajL4Qvm6a-2VX8ROm8K0&t=634230999680000000
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB31DA00-4F6F-4CC7-8627-C5A142E1FC7C} (SyncXfer Class) - http://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32 Intelligent Application Manager (IAM) (clr_optimization_v2.0.50727_32 Intelligent Application Manager (IAM)) - Unknown owner - C:\WINDOWS\system32\acodel.exe (file missing)
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32lanmanserver (clr_optimization_v2.0.50727_32lanmanserver) - Unknown owner - C:\WINDOWS\system32\ALSndMgre.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe

--
End of file - 8841 bytes


----------



## Nightmare (Sep 23, 2004)

Also, when I rebooted into windows from the Uninstall of CA, the system did not ask me to run a chkdsk of the D drive. There is nothing on the D drive as I had formated it.


----------



## Cookiegal (Aug 27, 2003)

Are you receiving help elsewhere? Because I see you ran ComboFix on February 2nd, 2012 and the log you posted is the second run.

I would like to see the log from the first run please. You will find it here:

C:\qoobox\ComboFix2.txt


----------



## Nightmare (Sep 23, 2004)

No I am not getting any help except from you. I am following your instruction and not doing anything unless you tell me to. Yes I did run ComboFix last week before my system crashed. Here is the first log. I ran ComboFix for the log only. I have not made or attempted to make any repairs except to be able to get into Windows when my system was BSODing and that was to replace the kdcom.dll (which I loaded form the XP Disk i386 file) and to rebuild the boot.ini file using the ATTRIB (-H, -S, -R) and BootCfg /Rebuild file. Both of these repairs were done in the command prompt interface as I was not able to get into Windows or the Safe Mode of Windows.

ComboFix 12-01-30.02 - Steven 02/02/2012 13:17:37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2071 [GMT -5:00]
Running from: c:\documents and settings\Steven\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
c:\documents and settings\All Users\Application Data\DragToDiscUserNameE.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Favorites\Thumbs.db
c:\documents and settings\Steven\Application Data\inst.exe
c:\documents and settings\Steven\Application Data\Sun\lfmt.txt
c:\documents and settings\Steven\Local Settings\Application Data\{4DA47910-449D-4BFD-A79C-15F5C520AA4D}
c:\documents and settings\Steven\Local Settings\Application Data\{4DA47910-449D-4BFD-A79C-15F5C520AA4D}\chrome\content\_cfg.js
c:\documents and settings\Steven\Local Settings\Application Data\{4DA47910-449D-4BFD-A79C-15F5C520AA4D}\chrome\content\overlay.xul
c:\documents and settings\Steven\Local Settings\Application Data\{4DA47910-449D-4BFD-A79C-15F5C520AA4D}\install.rdf
c:\documents and settings\Steven\System
c:\documents and settings\Steven\System\win_qs8.jqx
c:\documents and settings\Steven\WINDOWS
c:\program files\driver
c:\windows\settings.reg
c:\windows\system32\3277825239.dat
c:\windows\system32\DC120fc7_32.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\nsb5A.tmp
c:\windows\system32\nsb5D.tmp
c:\windows\system32\nsg5E.tmp
c:\windows\system32\nsr5B.tmp
c:\windows\system32\nsw5C.tmp
c:\windows\system32\nsw5F.tmp
c:\windows\system32\OLD9.tmp
c:\windows\system32\SET2B.tmp
c:\windows\system32\SET2F.tmp
c:\windows\system32\SET36.tmp
c:\windows\system32\SET56.tmp
c:\windows\system32\twain.dll
c:\windows\system32\zlibwapi.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_HIDSERVNLA
-------\Legacy_KSI32SK
-------\Legacy_NETSIK
-------\Legacy_NICSK32
-------\Legacy_uacFlt
-------\Service_HidServNla
-------\Service_uacFlt
.
.
((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))))
.
.
2012-02-01 15:13 . 2012-02-01 15:13	388096	----a-r-	c:\documents and settings\Steven\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-31 14:07 . 2012-01-31 14:07	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-01-21 17:39 . 2012-01-21 18:00	--------	d-----w-	c:\documents and settings\Steven\Application Data\SmartDraw
2012-01-21 17:28 . 2012-01-21 17:29	--------	d-----w-	C:\SmartDraw 2012
2012-01-18 17:46 . 2012-01-18 17:46	--------	d-----w-	c:\program files\Hewlett-Packard
2012-01-18 04:20 . 2012-01-18 04:20	--------	d-----w-	c:\windows\system32\wbem\Repository
2012-01-12 21:33 . 2012-01-12 21:33	--------	d-----w-	c:\documents and settings\Steven\Local Settings\Application Data\Mozilla
2012-01-12 21:33 . 2012-01-13 03:59	--------	d-----w-	c:\program files\Aurora
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-02 01:09 . 2011-06-15 13:25 414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2003-07-16 16:45	293376	----a-w-	c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2003-07-16 16:45	1859584	----a-w-	c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2003-07-16 16:34	60416	----a-w-	c:\windows\system32\packager.exe
2011-11-16 14:21 . 2007-01-19 02:25	354816	----a-w-	c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2003-07-16 16:37	152064	----a-w-	c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2007-01-19 02:34	916992	----a-w-	c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2003-07-16 16:26	43520	------w-	c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2003-07-16 16:24	1469440	------w-	c:\windows\system32\inetcpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-09-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-08 16:22	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42	72208	----a-w-	c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk
backup=c:\windows\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-07-31 13:00	1116920	----a-w-	c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-08-10 16:10	221184	----a-w-	c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\Sonic Shared\\RoxioUPnPRenderer9.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
.
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1/24/2011 10:01 PM 13696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 11:43 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/31/2010 9:27 AM 116608]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [1/29/2011 10:31 AM 21992]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2/24/2007 12:48 AM 23200]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\MAudioDelta.sys [1/26/2011 7:44 PM 302472]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [1/29/2010 10:21 AM 27632]
S0 ajxm;ajxm;c:\windows\system32\drivers\ebynkc.sys --> c:\windows\system32\drivers\ebynkc.sys [?]
S2 clr_optimization_v2.0.50727_32 Intelligent Application Manager (IAM);.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32 Intelligent Application Manager (IAM);c:\windows\system32\acodel.exe srv --> c:\windows\system32\acodel.exe srv [?]
S2 clr_optimization_v2.0.50727_32lanmanserver;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32lanmanserver;c:\windows\system32\ALSndMgre.exe srv --> c:\windows\system32\ALSndMgre.exe srv [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/30/2011 6:28 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/24/2011 10:20 PM 1684736]
S3 APL531;35mm Film Scanner;c:\windows\system32\Drivers\FILMSCAN.sys --> c:\windows\system32\Drivers\FILMSCAN.sys [?]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/30/2011 6:28 PM 136176]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [8/7/2008 11:48 AM 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [8/7/2008 11:48 AM 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [8/7/2008 11:50 AM 60816]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NPUSB;NPUSB;c:\windows\system32\drivers\npusb.sys [2/24/2007 1:37 AM 15360]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [3/20/2006 5:34 PM 1452032]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/3/2008 12:39 AM 47360]
S3 RioDrv;Rio600 driver;c:\windows\system32\drivers\riodrv.sys [8/17/2001 8:24 AM 12032]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [12/16/2007 12:58 PM 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [12/16/2007 12:58 PM 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [12/16/2007 12:58 PM 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [12/16/2007 12:58 PM 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [12/16/2007 12:58 PM 98568]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 12872]
S3 STTub203;Thrustmaster HOTAS USB Bulk Out;c:\windows\system32\Drivers\STTub203.sys --> c:\windows\system32\Drivers\STTub203.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [7/16/2003 11:41 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM	REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 21:53	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-30 23:27]
.
2012-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-30 23:27]
.
2012-02-02 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\smartd~1\Messages\SDNotify.exe [2012-01-21 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.baynews9.com/weather/klystron9?animate=hillsborough
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.gunbroker.com/WebResource.axd?d=Qydpf0KIwF1Fr6RRPI2vp09Qx7960W1PefrwdgTL1YWRWyUo6in6PN6VS7m59gst6zjhnPK4xtevtkkiPAeNbVdLz1lm1BKvO-eVx_B2d1Lb7EFrywmMr-EfCQUqniwFPL_qr5-6LT50B9lSJqZDgme2Vksu6ajL4Qvm6a-2VX8ROm8K0&t=634230999680000000
DPF: {DB31DA00-4F6F-4CC7-8627-C5A142E1FC7C} - hxxp://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-dlldevice - c:\documents and settings\Steven\Application Data\dlldevice.exe
HKLM-Run-dplaysvr - c:\documents and settings\Steven\Application Data\dplaysvr.exe
HKU-Default-Run-dplaysvr - c:\documents and settings\Steven\Application Data\dplaysvr.exe
HKU-Default-Run-dlldevice - c:\documents and settings\Steven\Application Data\dlldevice.exe
Notify-1235904601_m7d_opf_260209 - 1235904601_m7d_opf_260209.dll
MSConfigStartUp-M-Audio Taskbar Icon - c:\windows\System32\M-AudioTaskBarIcon.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-02 13:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500KS-00MJB0 rev.02.01C03 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8AD0A2C6
user & kernel MBR OK 
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2624)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Raxco\PerfectDisk\PDEngine.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\SureThing Shared\stllssvr.exe
c:\program files\Windows Media Player\WMPNetwk.exe
.
**************************************************************************
.
Completion time: 2012-02-02 13:49:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-02 18:49
.
Pre-Run: 129,317,232,640 bytes free
Post-Run: 130,298,548,224 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
.
- - End Of File - - 70F7FF7F8F575C50CD7112D497D87238


----------



## Cookiegal (Aug 27, 2003)

You added this to the boot.ini? 

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Broken Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the code box below into it:


```
File::
c:\windows\system32\drivers\ebynkc.sys
c:\windows\system32\drivers\22100

Driver::
ajxm
22100
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

*Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.*


----------



## Nightmare (Sep 23, 2004)

Cookiegal said:


> You added this to the boot.ini?
> 
> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Broken Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer


No, I did not add that to the boot.ini. When I rebuilt the boot.ini, the system asked me to name the new operating system. I named it "Windows XP Home Rebuild" and left the "Microsoft Windows XP Professional" in tact. I only renamed the "Windows XP Home Rebuild" to "Microsoft Windows XP Professional" after re-naming the broken "Microsoft Windows XP Professional" to "Broken Microsoft Windows XP Professional" so I would know which start up to utilize when rebooting windows. I never added the "/usepmtimer" to the string.


----------



## Nightmare (Sep 23, 2004)

Cookiegal said:


> You added this to the boot.ini?
> 
> multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Broken Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer





Cookiegal said:


> Open Notepad and copy and paste the text in the code box below into it:
> 
> 
> ```
> ...


Do you want me to drag it to "ComboFix" or to the "Puppy.exe" that you had me create earlier?


----------



## Cookiegal (Aug 27, 2003)

If you still have Combofix.exe it's the previous version you ran. You should remove that one (drag it to the recycle bin).

Use puppy.exe.


----------



## Nightmare (Sep 23, 2004)

I created the file and draged it to puppy.exe. The file ran and required a self reboot. The system re-booted fine and then puppy.exe created the log file which is seen here:

ComboFix 12-02-07.01 - Steven 02/07/2012 22:28:27.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2696 [GMT -5:00]
Running from: c:\documents and settings\Steven\Desktop\puppy.exe
Command switches used :: c:\documents and settings\Steven\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\drivers\22100"
"c:\windows\system32\drivers\ebynkc.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\22100
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_22100
-------\Service_22100
-------\Service_ajxm
.
.
((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))
.
.
2012-02-07 18:25 . 2012-02-07 18:25	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-02-07 17:20 . 2012-02-07 17:20	--------	d-----w-	c:\documents and settings\Steven\Local Settings\Application Data\WinZip
2012-02-07 17:18 . 2012-02-07 17:20	--------	d-----w-	c:\documents and settings\All Users\Application Data\WinZip
2012-02-06 02:03 . 2012-02-06 02:03	--------	d-----w-	c:\program files\Microsoft.NET
2012-02-06 01:06 . 2012-02-06 01:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\Seagate
2012-02-06 01:06 . 2012-02-06 01:06	44384	----a-w-	c:\windows\system32\drivers\tifsfilt.sys
2012-02-06 01:06 . 2012-02-06 01:06	441760	----a-w-	c:\windows\system32\drivers\timntr.sys
2012-02-06 01:06 . 2012-02-06 01:06	132224	----a-w-	c:\windows\system32\drivers\snapman.sys
2012-02-06 01:06 . 2012-02-06 01:06	368480	----a-w-	c:\windows\system32\drivers\tdrpman.sys
2012-02-06 01:05 . 2012-02-06 02:13	--------	d-----w-	c:\program files\Seagate
2012-02-06 01:05 . 2012-02-06 01:06	--------	d-----w-	c:\program files\Common Files\Seagate
2012-02-01 15:13 . 2012-02-01 15:13	388096	----a-r-	c:\documents and settings\Steven\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-31 14:07 . 2012-01-31 14:07	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-01-21 17:39 . 2012-01-21 18:00	--------	d-----w-	c:\documents and settings\Steven\Application Data\SmartDraw
2012-01-21 17:28 . 2012-01-21 17:29	--------	d-----w-	C:\SmartDraw 2012
2012-01-18 17:46 . 2012-01-18 17:46	--------	d-----w-	c:\program files\Hewlett-Packard
2012-01-18 04:20 . 2012-01-18 04:20	--------	d-----w-	c:\windows\system32\wbem\Repository
2012-01-12 21:33 . 2012-01-12 21:33	--------	d-----w-	c:\documents and settings\Steven\Local Settings\Application Data\Mozilla
2012-01-12 21:33 . 2012-01-13 03:59	--------	d-----w-	c:\program files\Aurora
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-05 16:57 . 2011-06-15 13:25	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2003-07-16 16:45	293376	----a-w-	c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2003-07-16 16:45	1859584	----a-w-	c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2003-07-16 16:34	60416	----a-w-	c:\windows\system32\packager.exe
2011-11-16 14:21 . 2007-01-19 02:25	354816	----a-w-	c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2003-07-16 16:37	152064	----a-w-	c:\windows\system32\schannel.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-16 1325936]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-16 904840]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-16 136544]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-09-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-08 16:22	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42	72208	----a-w-	c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk
backup=c:\windows\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-07-31 13:00	1116920	----a-w-	c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-08-10 16:10	221184	----a-w-	c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\Sonic Shared\\RoxioUPnPRenderer9.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
.
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1/24/2011 10:01 PM 13696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 11:43 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/31/2010 9:27 AM 116608]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [1/29/2011 10:31 AM 21992]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2/24/2007 12:48 AM 23200]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [10/16/2009 6:39 PM 431456]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\MAudioDelta.sys [1/26/2011 7:44 PM 302472]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [1/29/2010 10:21 AM 27632]
S2 clr_optimization_v2.0.50727_32 Intelligent Application Manager (IAM);.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32 Intelligent Application Manager (IAM);c:\windows\system32\acodel.exe srv --> c:\windows\system32\acodel.exe srv [?]
S2 clr_optimization_v2.0.50727_32lanmanserver;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32lanmanserver;c:\windows\system32\ALSndMgre.exe srv --> c:\windows\system32\ALSndMgre.exe srv [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/30/2011 6:28 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/24/2011 10:20 PM 1684736]
S3 APL531;35mm Film Scanner;c:\windows\system32\Drivers\FILMSCAN.sys --> c:\windows\system32\Drivers\FILMSCAN.sys [?]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/30/2011 6:28 PM 136176]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [8/7/2008 11:48 AM 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [8/7/2008 11:48 AM 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [8/7/2008 11:50 AM 60816]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NPUSB;NPUSB;c:\windows\system32\drivers\npusb.sys [2/24/2007 1:37 AM 15360]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [3/20/2006 5:34 PM 1452032]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/3/2008 12:39 AM 47360]
S3 RioDrv;Rio600 driver;c:\windows\system32\drivers\riodrv.sys [8/17/2001 8:24 AM 12032]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [12/16/2007 12:58 PM 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [12/16/2007 12:58 PM 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [12/16/2007 12:58 PM 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [12/16/2007 12:58 PM 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [12/16/2007 12:58 PM 98568]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 12872]
S3 STTub203;Thrustmaster HOTAS USB Bulk Out;c:\windows\system32\Drivers\STTub203.sys --> c:\windows\system32\Drivers\STTub203.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [7/16/2003 11:41 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM	REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 21:53	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-30 23:27]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-30 23:27]
.
2012-02-08 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\smartd~1\Messages\SDNotify.exe [2012-01-21 18:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.baynews9.com/weather/klystron9?animate=hillsborough
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.gunbroker.com/WebResource.axd?d=Qydpf0KIwF1Fr6RRPI2vp09Qx7960W1PefrwdgTL1YWRWyUo6in6PN6VS7m59gst6zjhnPK4xtevtkkiPAeNbVdLz1lm1BKvO-eVx_B2d1Lb7EFrywmMr-EfCQUqniwFPL_qr5-6LT50B9lSJqZDgme2Vksu6ajL4Qvm6a-2VX8ROm8K0&t=634230999680000000
DPF: {DB31DA00-4F6F-4CC7-8627-C5A142E1FC7C} - hxxp://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-07 22:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(840)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'lsass.exe'(896)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(2752)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Raxco\PerfectDisk\PDEngine.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\SureThing Shared\stllssvr.exe
c:\program files\Windows Media Player\WMPNetwk.exe
.
**************************************************************************
.
Completion time: 2012-02-07 22:37:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-08 03:37
ComboFix2.txt 2012-02-07 23:51
ComboFix3.txt 2012-02-02 18:49
.
Pre-Run: 18,273,165,312 bytes free
Post-Run: 18,278,080,512 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect/NoExecute=Optin
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Broken Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
.
- - End Of File - - 770610814FD61788F139E41553D109D9


----------



## Cookiegal (Aug 27, 2003)

Please run the following on-line scanner. Note that you must use Internet Explorer to perform the scan.

Note: If you're running a 64-bit system you have to choose the 32-bit option in IE. To do that, go to the Start Menu and right-click the Internet Explorer (32-bit) icon and then select 'Run as administrator' from the right-click menu.

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\EsetOnlineScanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please.


----------



## Nightmare (Sep 23, 2004)

I have no anti virus loaded at this time as I uninstalled CA to run one of the downloaded programs. I would like to re-install my AV as soon as you advise me to do so.

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=dd709cea3d9dcc45a3b2995e5596d736
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-08 05:08:21
# local_time=2012-02-08 12:08:21 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 75931119 75931119 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=158522
# found=2
# cleaned=2
# scan_time=3101
C:\Qoobox\Quarantine\C\Documents and Settings\Steven\Local Settings\Application Data\{4DA47910-449D-4BFD-A79C-15F5C520AA4D}\chrome\content\overlay.xul.vir	probably a variant of Win32/Agent.NVQFFQI trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\TDSSKiller_Quarantine\07.02.2012_13.23.58\mbr0000\tdlfs0000\tsk0002.dta	Win64/Olmarik.AD trojan (cleaned by deleting - quarantined)	00000000000000000000000000000000	C


----------



## Cookiegal (Aug 27, 2003)

Yes, please go ahead and reinstall CA. How's the system behaving now?


----------



## Nightmare (Sep 23, 2004)

It seems to be stable. I'll know more when I reboot after installing CA. I lost my Adobe Flash Player sometimes over the weekend and even when I try to install their nerest version, that system indicates a successful install but it is not working.

I also need to defrag my disk once all the programs and files/logs are uninstalled.

Will post in a few with reboot results.


----------



## Nightmare (Sep 23, 2004)

The system re-booted fine. The CA is installed. The boot.ini is going to need some cleanup work. Adobe Flash Player has not installed correctly so I will have to download and re-install to see if I can get it to work.

What do you want me to do next?

Also, Windows wants me to update.


----------



## Cookiegal (Aug 27, 2003)

As far as malware is concerned, everything looks fine now.

Do you actually have Windows installed twice (one called "broken"? Do you see those both as boot options when starting up?


----------



## Nightmare (Sep 23, 2004)

No. There is only one instance of windows installed on the computer. There are currently 4 options in the boot.ini file, these being:

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect/NoExecute=Optin
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Broken Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer

The only valid windows boot up is the "Microsoft Windows XP Professional" /fastdetect/NoExecute=OptIn

The Broken Microsoft Windows XP is just a line in the boot file and needs to be deleted. It points to the same location on the disk for the OS.

I don't know what the UnsupportedDebug is but it was installed sometime during the clean up process as was the Microsoft Recovery Console.

I see all four options when I boot.


----------



## Cookiegal (Aug 27, 2003)

Nightmare said:


> No. There is only one instance of windows installed on the computer. There are currently 4 options in the boot.ini file, these being:
> 
> [boot loader]
> timeout=2
> ...


OK then you should be able to just delete the bolded line then.


> I don't know what the UnsupportedDebug is but it was installed sometime during the clean up process as was the Microsoft Recovery Console.
> 
> I see all four options when I boot.


Yes, that was installed along with the Recovery Console by ComboFix. It's good to leave it installed as it can be instrumental in recovering your system if it crashes.

Did you do the Windows updates?

Here are some final instructions for you.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there (the screenshot is just for illustration purposes but the actual command uses the entire word "uninstall" and not just the "u" as shown in the picture).










Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.


----------



## Nightmare (Sep 23, 2004)

ComboFix will not uninstall. Everytime I try to uninstall it, it extracts all the files and then want me to unload CA before it can run. And if I try to uninstall Puppy.exe the system tells me that it can't find "puppy". Also, what about the other programs?


----------



## Nightmare (Sep 23, 2004)

Yes I did install the windows updates.

I also deleted the bogus boot line in the boot.ini file.

What about the *UnsupportedDebug="do not select this" /debug* Should that still be a boot option?


----------



## Cookiegal (Aug 27, 2003)

Nightmare said:


> ComboFix will not uninstall. Everytime I try to uninstall it, it extracts all the files and then want me to unload CA before it can run. And if I try to uninstall Puppy.exe the system tells me that it can't find "puppy". Also, what about the other programs?


Sorry. I should have told you to uninstall ComboFix before reinstalling CA. You can drag the puppy.exe to the recycle bin. Do the same with the C:\Qoobox folder.

Drag these to the recycle bin as well:

TDSSQlook, TDSSKiller, GMER, DDS, aswmbr and HijackThis.


----------



## Cookiegal (Aug 27, 2003)

Nightmare said:


> Yes I did install the windows updates.
> 
> I also deleted the bogus boot line in the boot.ini file.
> 
> What about the *UnsupportedDebug="do not select this" /debug* Should that still be a boot option?


You can edit that out if you like or just leave it.


----------



## Nightmare (Sep 23, 2004)

Missed your priior response.


----------



## Cookiegal (Aug 27, 2003)

So are you good to go?


----------



## Nightmare (Sep 23, 2004)

Yes, it appears that everything is running smoothly.

Thank you for all your assistance in resolving this problem.

Merci beaucoup Cookiegal. Votre aide m'a été très précieuse. Bon chance.


----------



## Cookiegal (Aug 27, 2003)

Bienvenue Cauchemar.


----------



## Nightmare (Sep 23, 2004)

Sorry to dig up an old thread but the problem is back.

When I started my computer today, I had no problems. I then did a couple of house cleaning things (deleted the USB printer port and re-installed the printer through LPT Printing Port) with no problems. One of the HC things that I did required me to shut down and restart. When I restarted, I get a window that states that my Microsoft XP windows installation has not been validated and need to be validated. So I validate it. Then when I am online, I get a notice from CA Anti Virus that there is a program that wants to have access to the net located in the C:\Documents & Settings\Steven\LocalSetings\temp with a just a bunch of numbers, so I deny the programm access. Next I get a BSOD for atapi.sys. Restart the computer and while trying to run the Segate Disk Tools, get another BSOD for atapi.sys. Restart and uninstall Segate Disk Tools and notice that svchost.exe is back at it again eating up 40% of my resources. Delete it and finish uninstalling Seagate, restart. Looks good except that scvhost.exe is starting again and again and again everytime I delete it through the Windows Task Manager. So I Restore my system to an earlier date. Seagate Tools is back again so I uninstall it again and restart. Startup and svchost.exe it at it again.

Ran SuperAntiSpyware.

Ran Malwarebytes.

Had to stop svchost throught he Task Manager another dozen times.

What am I to do?????? It's like this thing just shows up today and wants to run, I say no, but it puts a whole lot of files in the \LocalSettings\temp folder and svchost.exe is going nuts.

My system worked fine after Cookiegal help me clean it last Wednesday. Have not been to any weird sites and my CA states that the safety level of the sites that I visited are safe.


----------



## Cookiegal (Aug 27, 2003)

Please go to the following link and download and run TDSSKiller:

http://support.kaspersky.com/viruses/solutions?qid=208280684

Allow it cure anything if prompted.

Please post the log back here.


----------



## Nightmare (Sep 23, 2004)

Super Anti Spyware Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/13/2012 at 04:36 PM

Application Version : 5.0.1144

Core Rules Database Version : 8232
Trace Rules Database Version: 6044

Scan type : Complete Scan
Total Scan Time : 01:05:10

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 472
Memory threats detected : 0
Registry items scanned : 26970
Registry threats detected : 0
File items scanned : 21251
File threats detected : 77

Adware.Tracking Cookie
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\1WAC0T90.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\K8P9CYJU.txt [ Cookie:[email protected]/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\UIENN0J4.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\OSVOVXL7.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\E24HMN25.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\XD1CIE5N.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\YAM2PLW4.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\HDE603C3.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\SH197W91.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\SSXF5RIY.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\4Q52BGMS.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\QFNI4ARJ.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\QYX23EMS.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\CGRE7DZD.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\VZCXY18C.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\BG94DNDY.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\FP3RG5Z8.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\C5NX2XMR.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\FBEX26RI.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\XP6WO9VI.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\THV2XBYM.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\E465D489.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\0S516ED4.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\RJWWI3JO.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\HP01ES6E.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\FDWQNO83.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\2T0TRS8Q.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\6ZWFXPO0.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\BNQVD6QN.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\GGC9NFFX.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\ACFZ2GO6.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\UHWKLR51.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\7UCZ13JH.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\44B02TG1.txt [ Cookie:[email protected]/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\V1BI3ZGP.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\CEJ003NW.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\L6EC1YGP.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\3H5XVW65.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\30GJSAQY.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\4TJTVGH3.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\M9YMGG24.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\3GLGXQ7N.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\8YKPJP9R.txt [ Cookie:[email protected]/adserving ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\PHCCW8PC.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\IHN2D2W3.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\L102N8EN.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\S69L6MBG.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2AB5KJGQ.txt [ Cookie:[email protected]prostreammedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\PUFLSVRD.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\VWJZF5DA.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2UR1GH9M.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\LYB0SBMT.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\5R3ZV2QY.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\8GDIIADA.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\TIWNWRF3.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\GLZUAQMG.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\S9YMXR9J.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\V284Y0BU.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\TR0I1L73.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\CKZ7OW1G.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1JGDUZ3O.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\24TNPHPA.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\A4ZX69Z5.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\UMVPE79L.txt [ Cookie:[email protected]/pagead/conversion/1060110966/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\B0J5G0VB.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\74LYQ4SE.txt [ Cookie:[email protected]/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\AB8DO7H5.txt [ Cookie:[email protected]/ ]
i.adultswim.com [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\56QEVJU3 ]
tag.2bluemedia.hiro.tv [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\56QEVJU3 ]
video.adultswim.com [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\56QEVJU3 ]
core.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YUQCALVL ]
crackle.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YUQCALVL ]
objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YUQCALVL ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YUQCALVL ]
tag.2bluemedia.hiro.tv [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YUQCALVL ]

Heur.Agent/Gen-FakeIE
C:\WINDOWS\IE8\IEXPLORE.EXE.MUI
C:\WINDOWS\IE8\MSHTML.DLL.MUI


----------



## Nightmare (Sep 23, 2004)

PROBLEMS.....

I ran the tdsskiller as instructed. But it will not clean. I keep getting a "Windows - No Disk" error window with the following:

"Exception Processing Message c0000013 Parameters 75b6bf7c 75b6bf7c 75b6bf7c"

I am in a holding pattern for more instructions....

Here is the log:

16:52:57.0906 1980	TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
16:52:58.0328 1980	============================================================
16:52:58.0328 1980	Current date / time: 2012/02/13 16:52:58.0328
16:52:58.0328 1980	SystemInfo:
16:52:58.0328 1980	
16:52:58.0328 1980	OS Version: 5.1.2600 ServicePack: 3.0
16:52:58.0328 1980	Product type: Workstation
16:52:58.0328 1980	ComputerName: MACHINEMASTER
16:52:58.0328 1980	UserName: Steven
16:52:58.0328 1980	Windows directory: C:\WINDOWS
16:52:58.0328 1980	System windows directory: C:\WINDOWS
16:52:58.0328 1980	Processor architecture: Intel x86
16:52:58.0328 1980	Number of processors: 2
16:52:58.0328 1980	Page size: 0x1000
16:52:58.0328 1980	Boot type: Normal boot
16:52:58.0328 1980	============================================================
16:53:01.0187 1980	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:53:01.0203 1980	Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x97695, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000054
16:53:01.0203 1980	\Device\Harddisk0\DR0:
16:53:01.0203 1980	MBR used
16:53:01.0203 1980	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
16:53:01.0203 1980	\Device\Harddisk1\DR1:
16:53:01.0203 1980	MBR used
16:53:01.0203 1980	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542DEA1
16:53:01.0296 1980	Initialize success
16:53:01.0296 1980	============================================================
16:53:17.0562 3112	============================================================
16:53:17.0562 3112	Scan started
16:53:17.0562 3112	Mode: Manual; 
16:53:17.0562 3112	============================================================
16:53:20.0218 3112	Abiosdsk - ok
16:53:20.0296 3112	abp480n5 - ok
16:53:20.0421 3112	ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:53:20.0421 3112	ACPI - ok
16:53:20.0468 3112	ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:53:20.0484 3112	ACPIEC - ok
16:53:20.0500 3112	adpu160m - ok
16:53:20.0531 3112	aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:53:20.0546 3112	aec - ok
16:53:20.0625 3112	AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:53:20.0625 3112	AFD - ok
16:53:20.0656 3112	Aha154x - ok
16:53:20.0765 3112	aic78u2 - ok
16:53:21.0187 3112	aic78xx - ok
16:53:21.0984 3112	AliIde - ok
16:53:22.0281 3112	Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
16:53:22.0437 3112	Ambfilt - ok
16:53:22.0484 3112	amdide (6e58654cb25730b2579e45e1fd116a47) C:\WINDOWS\system32\DRIVERS\amdide.sys
16:53:22.0500 3112	amdide - ok
16:53:22.0546 3112	AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
16:53:22.0546 3112	AmdPPM - ok
16:53:22.0562 3112	amsint - ok
16:53:22.0578 3112	APL531 - ok
16:53:22.0625 3112	Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:53:22.0656 3112	Arp1394 - ok
16:53:22.0671 3112	asc - ok
16:53:22.0687 3112	asc3350p - ok
16:53:22.0703 3112	asc3550 - ok
16:53:22.0750 3112	AsIO (19a1dac5bc607c212e8a94c05886ed52) C:\WINDOWS\system32\drivers\AsIO.sys
16:53:22.0750 3112	AsIO - ok
16:53:22.0812 3112	AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:53:22.0828 3112	AsyncMac - ok
16:53:22.0984 3112	atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:53:23.0000 3112	atapi - ok
16:53:23.0046 3112	Atdisk - ok
16:53:23.0171 3112	ati2mtag (6cee7e709a82b0ae2afd28a52c22cadc) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:53:23.0656 3112	ati2mtag - ok
16:53:23.0750 3112	Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:53:23.0765 3112	Atmarpc - ok
16:53:23.0812 3112	audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:53:23.0828 3112	audstub - ok
16:53:23.0906 3112	Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:53:23.0921 3112	Beep - ok
16:53:23.0968 3112	BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\system32\drivers\BIOS.sys
16:53:23.0984 3112	BIOS - ok
16:53:23.0984 3112	catchme - ok
16:53:24.0062 3112	cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:53:24.0093 3112	cbidf2k - ok
16:53:24.0187 3112	CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:53:24.0203 3112	CCDECODE - ok
16:53:24.0218 3112	cd20xrnt - ok
16:53:24.0312 3112	Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:53:24.0328 3112	Cdaudio - ok
16:53:24.0500 3112	Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:53:24.0515 3112	Cdfs - ok
16:53:24.0562 3112	Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:53:24.0593 3112	Cdrom - ok
16:53:24.0640 3112	Changer - ok
16:53:24.0703 3112	CmdIde - ok
16:53:24.0718 3112	Cpqarray - ok
16:53:24.0765 3112	cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
16:53:24.0765 3112	cpuz135 - ok
16:53:24.0921 3112	ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
16:53:24.0984 3112	ctsfm2k - ok
16:53:25.0015 3112	dac2w2k - ok
16:53:25.0062 3112	dac960nt - ok
16:53:25.0140 3112	DefragFS (d38c27df7b3e8840b4b92ed5c5c06c2c) C:\WINDOWS\system32\drivers\DefragFS.sys
16:53:25.0156 3112	DefragFS - ok
16:53:25.0171 3112	DELTA - ok
16:53:25.0250 3112	DELTAII (c5b7ac8d8a9237a2510a1092d19a5fa9) C:\WINDOWS\system32\DRIVERS\MAudioDelta.sys
16:53:25.0281 3112	DELTAII - ok
16:53:25.0312 3112	Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:53:25.0343 3112	Disk - ok
16:53:25.0468 3112	DLABMFSM (7a1e8f722479ef934d71798ac3617ed7) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
16:53:25.0468 3112	DLABMFSM - ok
16:53:25.0593 3112	DLABOIOM (2281b5c596c04645426b3771a3bd5657) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
16:53:25.0593 3112	DLABOIOM - ok
16:53:25.0734 3112	DLACDBHM (43749294a1d9f22fe164a62c1a42919d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
16:53:25.0750 3112	DLACDBHM - ok
16:53:25.0796 3112	DLADResM (54a3f9ebd1ddc975736f8e18a9b8fce9) C:\WINDOWS\system32\DLA\DLADResM.SYS
16:53:25.0843 3112	DLADResM - ok
16:53:25.0875 3112	DLAIFS_M (e0fbaf0146bfceec29f31f07452db4ad) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
16:53:25.0890 3112	DLAIFS_M - ok
16:53:25.0953 3112	DLAOPIOM (d3ce0c76496a5332032399639485774f) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
16:53:25.0953 3112	DLAOPIOM - ok
16:53:25.0984 3112	DLAPoolM (fce1882364d4c324b937a841ef9c58ac) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
16:53:26.0000 3112	DLAPoolM - ok
16:53:26.0015 3112	DLARTL_M (14183a8eff683eb0c1774802578ed0f4) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
16:53:26.0031 3112	DLARTL_M - ok
16:53:26.0078 3112	DLAUDFAM (2ef8c92ab8411589387845f58534c7d9) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
16:53:26.0078 3112	DLAUDFAM - ok
16:53:26.0140 3112	DLAUDF_M (a2096fd7b5037085a3dc580e2891d2c4) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
16:53:26.0156 3112	DLAUDF_M - ok
16:53:26.0281 3112	dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:53:26.0437 3112	dmboot - ok
16:53:26.0531 3112	dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
16:53:26.0562 3112	dmio - ok
16:53:26.0609 3112	dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:53:26.0640 3112	dmload - ok
16:53:26.0718 3112	DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:53:26.0718 3112	DMusic - ok
16:53:28.0015 3112	dpti2o - ok
16:53:28.0203 3112	drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:53:28.0203 3112	drmkaud - ok
16:53:28.0281 3112	drvmcdb (1fb11e1eac27668754fd18a079cccfb3) C:\WINDOWS\system32\drivers\drvmcdb.sys
16:53:28.0312 3112	drvmcdb - ok
16:53:28.0390 3112	DRVNDDM (9628dfa16b1a47615c65318f8776f233) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
16:53:28.0390 3112	DRVNDDM - ok
16:53:28.0453 3112	dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
16:53:28.0468 3112	dvd43llh - ok
16:53:28.0531 3112	E100B (443157a61ee37bca4dc2866d44e2c697) C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:53:28.0546 3112	E100B - ok
16:53:28.0656 3112	ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
16:53:28.0656 3112	ENTECH - ok
16:53:28.0765 3112	Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:53:28.0796 3112	Fastfat - ok
16:53:28.0859 3112	Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:53:28.0890 3112	Fdc - ok
16:53:28.0984 3112	Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:53:28.0984 3112	Fips - ok
16:53:29.0015 3112	Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:53:29.0031 3112	Flpydisk - ok
16:53:29.0140 3112	FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:53:29.0156 3112	FltMgr - ok
16:53:29.0375 3112	Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:53:29.0375 3112	Fs_Rec - ok
16:53:29.0468 3112	Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:53:29.0484 3112	Ftdisk - ok
16:53:29.0500 3112	FXDrv32 - ok
16:53:29.0578 3112	Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:53:29.0625 3112	Gpc - ok
16:53:29.0703 3112	HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:53:29.0718 3112	HDAudBus - ok
16:53:29.0781 3112	hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:53:29.0812 3112	hidusb - ok
16:53:29.0828 3112	hpn - ok
16:53:29.0890 3112	HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:53:29.0921 3112	HPZid412 - ok
16:53:30.0031 3112	HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:53:30.0062 3112	HPZipr12 - ok
16:53:30.0171 3112	HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:53:30.0218 3112	HPZius12 - ok
16:53:30.0343 3112	HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:53:30.0375 3112	HTTP - ok
16:53:30.0406 3112	i2omgmt - ok
16:53:30.0500 3112	i2omp - ok
16:53:30.0578 3112	i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:53:30.0593 3112	i8042prt - ok
16:53:30.0656 3112	Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:53:30.0687 3112	Imapi - ok
16:53:30.0718 3112	ini910u - ok
16:53:31.0046 3112	IntcAzAudAddService (27fea349f8043666f62b09729feb81ac) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:53:31.0093 3112	IntcAzAudAddService - ok
16:53:31.0171 3112	ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:53:31.0203 3112	ip6fw - ok
16:53:31.0281 3112	IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:53:31.0312 3112	IpFilterDriver - ok
16:53:31.0406 3112	IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:53:31.0421 3112	IpInIp - ok
16:53:31.0609 3112	IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:53:31.0640 3112	IpNat - ok
16:53:31.0703 3112	IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:53:31.0718 3112	IPSec - ok
16:53:31.0781 3112	IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:53:31.0796 3112	IRENUM - ok
16:53:31.0890 3112	isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:53:31.0890 3112	isapnp - ok
16:53:31.0968 3112	JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
16:53:31.0984 3112	JGOGO - ok
16:53:32.0062 3112	JRAID (7d5053a827ff5be3a7d0ae5dd5dba308) C:\WINDOWS\system32\DRIVERS\jraid.sys
16:53:32.0078 3112	JRAID - ok
16:53:32.0109 3112	Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:53:32.0140 3112	Kbdclass - ok
16:53:32.0171 3112	kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:53:32.0187 3112	kbdhid - ok
16:53:32.0281 3112	kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:53:32.0296 3112	kmixer - ok
16:53:32.0359 3112	KmxAgent (3fdcb245744b046e7f5bd4b15c71025d) C:\WINDOWS\system32\DRIVERS\kmxagent.sys
16:53:32.0375 3112	KmxAgent - ok
16:53:32.0453 3112	KmxAMRT (eadf1e9d9b766a8d18ddf5896fbc7541) C:\WINDOWS\system32\DRIVERS\KmxAMRT.sys
16:53:32.0484 3112	KmxAMRT - ok
16:53:32.0562 3112	KmxCF (eca0d72d15841a7ac721189fb2bbb6c8) C:\WINDOWS\system32\DRIVERS\KmxCF.sys
16:53:32.0578 3112	KmxCF - ok
16:53:32.0796 3112	KmxCfg (06ae46da804a9986c7bcb4c172d6f5fb) C:\WINDOWS\system32\DRIVERS\kmxcfg.sys
16:53:32.0812 3112	KmxCfg - ok
16:53:32.0875 3112	KmxFile (0df04c9968510eeef3b3cf0df31c3b64) C:\WINDOWS\system32\DRIVERS\KmxFile.sys
16:53:32.0875 3112	KmxFile - ok
16:53:32.0937 3112	KmxFw (251a2f47e13a48aa95d8514a71b46306) C:\WINDOWS\system32\DRIVERS\kmxfw.sys
16:53:32.0968 3112	KmxFw - ok
16:53:33.0031 3112	KmxSbx (4717df0f6bcab33009d4034be2245642) C:\WINDOWS\system32\DRIVERS\KmxSbx.sys
16:53:33.0031 3112	KmxSbx - ok
16:53:33.0156 3112	KmxStart (3b4cf5b51d3f3e594aa96d6931e0b372) C:\WINDOWS\system32\DRIVERS\kmxstart.sys
16:53:33.0218 3112	KmxStart - ok
16:53:33.0296 3112	KSecDD  (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:53:33.0312 3112	KSecDD - ok
16:53:33.0484 3112	L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
16:53:33.0500 3112	L8042Kbd - ok
16:53:33.0578 3112	L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
16:53:33.0593 3112	L8042mou - ok
16:53:33.0734 3112	lbrtfdc - ok
16:53:33.0843 3112	lgatbus (ed8854a04430f17a4a237d14ca707cc0) C:\WINDOWS\system32\DRIVERS\lgatbus.sys
16:53:33.0875 3112	lgatbus - ok
16:53:33.0921 3112	lgatmdm (0e869725086064ff6695a9cb71f27869) C:\WINDOWS\system32\DRIVERS\lgatmdm.sys
16:53:33.0953 3112	lgatmdm - ok
16:53:34.0046 3112	lgatserd (ddfa2e84af1a804aaa24d3d5b6291778) C:\WINDOWS\system32\DRIVERS\lgatserd.sys
16:53:34.0062 3112	lgatserd - ok
16:53:34.0203 3112	LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
16:53:34.0218 3112	LMouKE - ok
16:53:34.0250 3112	MBAMSwissArmy - ok
16:53:34.0328 3112	mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:53:34.0343 3112	mnmdd - ok
16:53:34.0421 3112	Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:53:34.0437 3112	Modem - ok
16:53:34.0859 3112	Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
16:53:35.0015 3112	Monfilt - ok
16:53:35.0156 3112	Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:53:35.0187 3112	Mouclass - ok
16:53:35.0312 3112	mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:53:35.0343 3112	mouhid - ok
16:53:35.0515 3112	MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:53:35.0578 3112	MountMgr - ok
16:53:35.0593 3112	mraid35x - ok
16:53:35.0656 3112	MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:53:35.0687 3112	MRxDAV - ok
16:53:35.0859 3112	MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:53:35.0906 3112	MRxSmb - ok
16:53:36.0078 3112	Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:53:36.0078 3112	Msfs - ok
16:53:36.0281 3112	MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:53:36.0312 3112	MSKSSRV - ok
16:53:36.0437 3112	MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:53:36.0468 3112	MSPCLOCK - ok
16:53:36.0562 3112	MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:53:36.0593 3112	MSPQM - ok
16:53:36.0781 3112	mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:53:36.0796 3112	mssmbios - ok
16:53:36.0968 3112	MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
16:53:37.0000 3112	MSTEE - ok
16:53:37.0093 3112	MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
16:53:37.0125 3112	MTsensor - ok
16:53:37.0234 3112	Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:53:37.0250 3112	Mup - ok
16:53:37.0328 3112	NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:53:37.0375 3112	NABTSFEC - ok
16:53:37.0500 3112	NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:53:37.0625 3112	NDIS - ok
16:53:37.0859 3112	NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:53:37.0906 3112	NdisIP - ok
16:53:38.0109 3112	NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:53:38.0140 3112	NdisTapi - ok
16:53:38.0171 3112	Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:53:38.0187 3112	Ndisuio - ok
16:53:38.0218 3112	NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:53:38.0281 3112	NdisWan - ok
16:53:38.0359 3112	NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:53:38.0375 3112	NDProxy - ok
16:53:38.0468 3112	NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:53:38.0468 3112	NetBIOS - ok
16:53:38.0625 3112	NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:53:38.0640 3112	NetBT - ok
16:53:38.0671 3112	NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:53:38.0687 3112	NIC1394 - ok
16:53:38.0703 3112	Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:53:38.0718 3112	Npfs - ok
16:53:38.0750 3112	NPUSB (af44951fa179a062c8796d23dfb24be1) C:\WINDOWS\system32\DRIVERS\npusb.sys
16:53:38.0781 3112	NPUSB - ok
16:53:38.0859 3112	Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:53:38.0953 3112	Ntfs - ok
16:53:39.0015 3112	NuidFltr (20623a75f3c6c1076ebba64dd8c4bc02) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
16:53:39.0031 3112	NuidFltr - ok
16:53:39.0078 3112	Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:53:39.0093 3112	Null - ok
16:53:39.0359 3112	nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:53:39.0593 3112	nv - ok
16:53:39.0656 3112	nvata (ef9941593b2e9b436f64a87ddb570d1a) C:\WINDOWS\system32\DRIVERS\nvata.sys
16:53:39.0687 3112	nvata - ok
16:53:39.0718 3112	NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:53:39.0734 3112	NwlnkFlt - ok
16:53:39.0781 3112	NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:53:39.0796 3112	NwlnkFwd - ok
16:53:40.0109 3112	ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:53:40.0140 3112	ohci1394 - ok
16:53:40.0218 3112	ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
16:53:40.0218 3112	ossrv - ok
16:53:40.0296 3112	P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
16:53:40.0359 3112	P17 - ok
16:53:40.0453 3112	p17filt (71ddb3a663ddce1651cfe35993fb1c31) C:\WINDOWS\system32\drivers\p17filt.sys
16:53:40.0531 3112	p17filt - ok
16:53:40.0593 3112	Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:53:40.0609 3112	Parport - ok
16:53:40.0625 3112	PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:53:40.0640 3112	PartMgr - ok
16:53:40.0687 3112	ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:53:40.0687 3112	ParVdm - ok
16:53:40.0703 3112	PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:53:40.0718 3112	PCI - ok
16:53:40.0718 3112	PciCon - ok
16:53:40.0734 3112	PCIDump - ok
16:53:40.0781 3112	PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:53:40.0796 3112	PCIIde - ok
16:53:40.0859 3112	Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:53:40.0875 3112	Pcmcia - ok
16:53:40.0906 3112	pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
16:53:40.0937 3112	pcouffin - ok
16:53:40.0937 3112	PDCOMP - ok
16:53:40.0953 3112	PDFRAME - ok
16:53:40.0953 3112	PDRELI - ok
16:53:40.0968 3112	PDRFRAME - ok
16:53:40.0968 3112	perc2 - ok
16:53:40.0984 3112	perc2hib - ok
16:53:41.0015 3112	pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
16:53:41.0031 3112	pfc - ok
16:53:41.0078 3112	ppsio2 (de4dfb09bf96fd5f810750140e2aa236) C:\WINDOWS\system32\drivers\ppsio2.sys
16:53:41.0093 3112	ppsio2 - ok
16:53:41.0140 3112	PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:53:41.0156 3112	PptpMiniport - ok
16:53:41.0203 3112	Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
16:53:41.0218 3112	Processor - ok
16:53:41.0250 3112	PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:53:41.0265 3112	PSched - ok
16:53:41.0296 3112	Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:53:41.0312 3112	Ptilink - ok
16:53:41.0359 3112	PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:53:41.0375 3112	PxHelp20 - ok
16:53:41.0375 3112	ql1080 - ok
16:53:41.0390 3112	Ql10wnt - ok
16:53:41.0390 3112	ql12160 - ok
16:53:41.0406 3112	ql1240 - ok
16:53:41.0406 3112	ql1280 - ok
16:53:41.0468 3112	RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:53:41.0484 3112	RasAcd - ok
16:53:41.0531 3112	Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:53:41.0562 3112	Rasl2tp - ok
16:53:41.0578 3112	RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:53:41.0593 3112	RasPppoe - ok
16:53:41.0609 3112	Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:53:41.0625 3112	Raspti - ok
16:53:41.0656 3112	Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:53:41.0671 3112	Rdbss - ok
16:53:41.0687 3112	RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:53:41.0703 3112	RDPCDD - ok
16:53:41.0718 3112	rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:53:41.0734 3112	rdpdr - ok
16:53:41.0781 3112	RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:53:41.0781 3112	RDPWD - ok
16:53:41.0796 3112	redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:53:41.0812 3112	redbook - ok
16:53:41.0875 3112	RioDrv (0a854df84c77a0be205bfeab2ae4f0ec) C:\WINDOWS\system32\Drivers\RioDrv.sys
16:53:41.0890 3112	RioDrv - ok
16:53:41.0921 3112	RIOUNIV (9eca9d94207317bf8c34c8b6856737bd) C:\WINDOWS\system32\Drivers\RIOUNIV.sys
16:53:41.0937 3112	RIOUNIV - ok
16:53:42.0062 3112	RTHDMIAzAudService (3cf6631543c743c29a369287ea67ffe6) C:\WINDOWS\system32\drivers\RtKHDMI.sys
16:53:42.0187 3112	RTHDMIAzAudService - ok
16:53:42.0296 3112	RTLE8023xp (79b4fe884c18dd82d5449f6b6026d092) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
16:53:42.0328 3112	RTLE8023xp - ok
16:53:42.0359 3112	RxFilter (78f204f3a885de987d41b12f9bb8dffb) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
16:53:42.0375 3112	RxFilter - ok
16:53:42.0421 3112	s115bus (e1ab463b36a7ef31d8a73a97a9b57afa) C:\WINDOWS\system32\DRIVERS\s115bus.sys
16:53:42.0437 3112	s115bus - ok
16:53:42.0453 3112	s115mdfl (e24113fc13b8737c94cf4e3415488c76) C:\WINDOWS\system32\DRIVERS\s115mdfl.sys
16:53:42.0484 3112	s115mdfl - ok
16:53:42.0500 3112	s115mdm (4029e49e7c673aa0670bd206b0af1b5b) C:\WINDOWS\system32\DRIVERS\s115mdm.sys
16:53:42.0515 3112	s115mdm - ok
16:53:42.0531 3112	s115mgmt (eb02ab4ca8bccecfde236cad8fc6e135) C:\WINDOWS\system32\DRIVERS\s115mgmt.sys
16:53:42.0546 3112	s115mgmt - ok
16:53:42.0562 3112	s115obex (089869db9ffd2ac807fa87fe82ac7761) C:\WINDOWS\system32\DRIVERS\s115obex.sys
16:53:42.0593 3112	s115obex - ok
16:53:42.0640 3112	SABProcEnum - ok
16:53:42.0687 3112	SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:53:42.0687 3112	SASDIFSV - ok
16:53:42.0718 3112	SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
16:53:42.0734 3112	SASENUM - ok
16:53:42.0765 3112	SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
16:53:42.0765 3112	SASKUTIL - ok
16:53:42.0796 3112	Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:53:42.0812 3112	Secdrv - ok
16:53:42.0875 3112	seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
16:53:42.0890 3112	seehcri - ok
16:53:42.0906 3112	serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:53:42.0921 3112	serenum - ok
16:53:42.0953 3112	Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:53:42.0968 3112	Serial - ok
16:53:42.0984 3112	Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:53:43.0000 3112	Sfloppy - ok
16:53:43.0015 3112	Simbad - ok
16:53:43.0046 3112	SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:53:43.0062 3112	SLIP - ok
16:53:43.0078 3112	Sparrow - ok
16:53:43.0093 3112	splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:53:43.0109 3112	splitter - ok
16:53:43.0125 3112	sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:53:43.0156 3112	sr - ok
16:53:43.0203 3112	Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:53:43.0218 3112	Srv - ok
16:53:43.0250 3112	streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:53:43.0281 3112	streamip - ok
16:53:43.0281 3112	STTub203 - ok
16:53:43.0296 3112	swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:53:43.0312 3112	swenum - ok
16:53:43.0328 3112	swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:53:43.0343 3112	swmidi - ok
16:53:43.0359 3112	symc810 - ok
16:53:43.0359 3112	symc8xx - ok
16:53:43.0375 3112	sym_hi - ok
16:53:43.0375 3112	sym_u3 - ok
16:53:43.0421 3112	sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:53:43.0437 3112	sysaudio - ok
16:53:43.0484 3112	Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:53:43.0500 3112	Tcpip - ok
16:53:43.0546 3112	TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:53:43.0562 3112	TDPIPE - ok
16:53:43.0656 3112	TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:53:43.0718 3112	TDTCP - ok
16:53:43.0984 3112	TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:53:44.0000 3112	TermDD - ok
16:53:44.0031 3112	tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
16:53:44.0046 3112	tifsfilter - ok
16:53:44.0093 3112	timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
16:53:44.0171 3112	timounter - ok
16:53:44.0171 3112	TosIde - ok
16:53:44.0218 3112	TVICPORT (97dd70feca64fb4f63de7bb7e66a80b1) C:\WINDOWS\system32\DRIVERS\TVICPORT.SYS
16:53:44.0234 3112	TVICPORT - ok
16:53:44.0281 3112	Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:53:44.0312 3112	Udfs - ok
16:53:44.0312 3112	ultra - ok
16:53:44.0359 3112	Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:53:44.0390 3112	Update - ok
16:53:44.0437 3112	usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:53:44.0453 3112	usbaudio - ok
16:53:44.0484 3112	usbbus (0678c457f49f20666ab16edda4d1391d) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
16:53:44.0500 3112	usbbus - ok
16:53:44.0531 3112	usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:53:44.0562 3112	usbccgp - ok
16:53:44.0593 3112	UsbDiag (bc8b39fc8782a954af119bfbe8a77414) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
16:53:44.0609 3112	UsbDiag - ok
16:53:44.0625 3112	usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:53:44.0656 3112	usbehci - ok
16:53:44.0687 3112	usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:53:44.0718 3112	usbhub - ok
16:53:44.0734 3112	USBModem (290914c187c25b42e1c64d7cfad8b2fc) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
16:53:44.0750 3112	USBModem - ok
16:53:44.0781 3112	usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:53:44.0796 3112	usbohci - ok
16:53:44.0906 3112	usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:53:44.0921 3112	usbprint - ok
16:53:44.0953 3112	usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:53:44.0968 3112	usbscan - ok
16:53:44.0984 3112	USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:53:45.0015 3112	USBSTOR - ok
16:53:45.0046 3112	USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
16:53:45.0078 3112	USB_RNDIS - ok
16:53:45.0093 3112	VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:53:45.0109 3112	VgaSave - ok
16:53:45.0109 3112	ViaIde - ok
16:53:45.0125 3112	VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:53:45.0140 3112	VolSnap - ok
16:53:45.0156 3112	Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:53:45.0171 3112	Wanarp - ok
16:53:45.0218 3112	Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:53:45.0265 3112	Wdf01000 - ok
16:53:45.0281 3112	WDICA - ok
16:53:45.0328 3112	wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:53:45.0343 3112	wdmaud - ok
16:53:45.0390 3112	WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:53:45.0406 3112	WmiAcpi - ok
16:53:45.0437 3112	WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:53:45.0468 3112	WpdUsb - ok
16:53:45.0500 3112	WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:53:45.0515 3112	WS2IFSL - ok
16:53:45.0531 3112	WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:53:45.0546 3112	WSTCODEC - ok
16:53:45.0578 3112	WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:53:45.0609 3112	WudfPf - ok
16:53:45.0625 3112	WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:53:45.0656 3112	WudfRd - ok
16:53:45.0687 3112	ZDCNDIS5 (1e206ae7b474b393e97a14c7769ba9a4) C:\WINDOWS\system32\ZDCNDIS5.SYS
16:53:45.0937 3112	ZDCNDIS5 - ok
16:53:45.0968 3112	MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0
16:53:45.0984 3112	\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
16:53:45.0984 3112	\Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
16:53:46.0015 3112	MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
16:53:46.0015 3112	\Device\Harddisk1\DR1 - ok
16:53:46.0015 3112	Boot (0x1200) (6faf90800eb33bb00db63fca6339b9a4) \Device\Harddisk0\DR0\Partition0
16:53:46.0015 3112	\Device\Harddisk0\DR0\Partition0 - ok
16:53:46.0015 3112	Boot (0x1200) (ef71a5de8084bfc3a821c8b37a7b5c64) \Device\Harddisk1\DR1\Partition0
16:53:46.0031 3112	\Device\Harddisk1\DR1\Partition0 - ok
16:53:46.0031 3112	============================================================
16:53:46.0031 3112	Scan finished
16:53:46.0031 3112	============================================================
16:53:46.0031 3116	Detected object count: 1
16:53:46.0031 3116	Actual detected object count: 1
16:53:54.0343 3116	\Device\Harddisk0\DR0\# - copied to quarantine
16:53:54.0343 3116	\Device\Harddisk0\DR0 - copied to quarantine
16:53:54.0375 3116	\Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
16:53:54.0375 3116	\Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
16:53:54.0390 3116	\Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
16:53:54.0390 3116	\Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
16:53:54.0406 3116	\Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
16:53:54.0421 3116	\Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
16:53:54.0437 3116	\Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
16:53:54.0484 3116	\Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
16:53:54.0484 3116	\Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
16:53:54.0500 3116	\Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
16:53:54.0515 3116	\Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
16:53:54.0531 3116	\Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
16:53:54.0531 3116	\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
16:53:54.0531 3116	\Device\Harddisk0\DR0 - ok


----------



## Cookiegal (Aug 27, 2003)

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool (Vista/Windows 7 users - right click to run as administrator) and allow it to download the Avast database.

Click *Scan*.

Upon completion of the scan, click *Save log* then save it to your desktop and post that log in your next reply for review. 
*Note - do NOT attempt any Fix yet. *


----------



## Nightmare (Sep 23, 2004)

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-13 19:10:59
-----------------------------
19:10:59.531 OS Version: Windows 5.1.2600 Service Pack 3
19:10:59.531 Number of processors: 2 586 0x402
19:10:59.531 ComputerName: MACHINEMASTER UserName: Steven
19:11:09.390 Initialize success
19:13:52.906 AVAST engine defs: 12021302
19:15:02.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:15:02.546 Disk 0 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238475MB BusType: 3
19:15:02.546 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-e
19:15:02.562 Disk 1 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 3
19:15:02.593 Disk 0 MBR read successfully
19:15:02.593 Disk 0 MBR scan
19:15:02.656 Disk 0 Windows XP default MBR code
19:15:02.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
19:15:02.734 Disk 0 scanning sectors +488376000
19:15:02.812 Disk 0 scanning C:\WINDOWS\system32\drivers
19:15:37.953 Service scanning
19:15:43.281 Modules scanning
19:15:58.734 Disk 0 trace - called modules:
19:15:58.796 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys amdide.sys PCIIDEX.SYS 
19:15:58.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b00fab8]
19:15:58.812 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000007e[0x8b017f18]
19:15:58.828 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8afb8940]
19:16:00.640 AVAST engine scan C:\
21:13:57.515 File: C:\TDSSKiller_Quarantine\13.02.2012_16.52.58\mbr0000\tdlfs0000\tsk0003.dta **INFECTED** Win32:[email protected] [Rtk]
21:13:58.171 File: C:\TDSSKiller_Quarantine\13.02.2012_16.52.58\mbr0000\tdlfs0000\tsk0005.dta **INFECTED** Win32:Alureon-AQL [Rtk]
22:28:27.046 Scan finished successfully
08:46:36.812 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Steven\Desktop\MBR.dat"
08:46:36.843 The log file has been saved successfully to "C:\Documents and Settings\Steven\Desktop\aswMBR.txt"


----------



## Cookiegal (Aug 27, 2003)

Please run TDSSKiller again and post the new log.


----------



## Nightmare (Sep 23, 2004)

15:48:22.0465 13056	TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
15:48:22.0949 13056	============================================================
15:48:22.0949 13056	Current date / time: 2012/02/14 15:48:22.0949
15:48:22.0949 13056	SystemInfo:
15:48:22.0949 13056	
15:48:22.0949 13056	OS Version: 5.1.2600 ServicePack: 3.0
15:48:22.0949 13056	Product type: Workstation
15:48:22.0949 13056	ComputerName: MACHINEMASTER
15:48:22.0949 13056	UserName: Steven
15:48:22.0949 13056	Windows directory: C:\WINDOWS
15:48:22.0949 13056	System windows directory: C:\WINDOWS
15:48:22.0949 13056	Processor architecture: Intel x86
15:48:22.0949 13056	Number of processors: 2
15:48:22.0949 13056	Page size: 0x1000
15:48:22.0949 13056	Boot type: Normal boot
15:48:22.0949 13056	============================================================
15:48:25.0137 13056	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:48:25.0153 13056	Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x97695, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000054
15:48:25.0168 13056	\Device\Harddisk0\DR0:
15:48:25.0168 13056	MBR used
15:48:25.0168 13056	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
15:48:25.0168 13056	\Device\Harddisk1\DR1:
15:48:25.0168 13056	MBR used
15:48:25.0168 13056	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542DEA1
15:48:25.0231 13056	Initialize success
15:48:25.0231 13056	============================================================
15:48:29.0668 12728	============================================================
15:48:29.0668 12728	Scan started
15:48:29.0668 12728	Mode: Manual; 
15:48:29.0668 12728	============================================================
15:48:30.0949 12728	Abiosdsk - ok
15:48:30.0965 12728	abp480n5 - ok
15:48:31.0012 12728	ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:48:31.0012 12728	ACPI - ok
15:48:31.0043 12728	ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:48:31.0059 12728	ACPIEC - ok
15:48:31.0059 12728	adpu160m - ok
15:48:31.0074 12728	aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:48:31.0090 12728	aec - ok
15:48:31.0137 12728	AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:48:31.0153 12728	AFD - ok
15:48:31.0153 12728	Aha154x - ok
15:48:31.0153 12728	aic78u2 - ok
15:48:31.0168 12728	aic78xx - ok
15:48:31.0184 12728	AliIde - ok
15:48:31.0246 12728	Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
15:48:31.0324 12728	Ambfilt - ok
15:48:31.0356 12728	amdide (6e58654cb25730b2579e45e1fd116a47) C:\WINDOWS\system32\DRIVERS\amdide.sys
15:48:31.0371 12728	amdide - ok
15:48:31.0403 12728	AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
15:48:31.0403 12728	AmdPPM - ok
15:48:31.0418 12728	amsint - ok
15:48:31.0418 12728	APL531 - ok
15:48:31.0449 12728	Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:48:31.0465 12728	Arp1394 - ok
15:48:31.0465 12728	asc - ok
15:48:31.0481 12728	asc3350p - ok
15:48:31.0481 12728	asc3550 - ok
15:48:31.0528 12728	AsIO (19a1dac5bc607c212e8a94c05886ed52) C:\WINDOWS\system32\drivers\AsIO.sys
15:48:31.0528 12728	AsIO - ok
15:48:31.0559 12728	AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:48:31.0559 12728	AsyncMac - ok
15:48:31.0574 12728	atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:48:31.0574 12728	atapi - ok
15:48:31.0574 12728	Atdisk - ok
15:48:31.0699 12728	ati2mtag (6cee7e709a82b0ae2afd28a52c22cadc) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:48:31.0840 12728	ati2mtag - ok
15:48:31.0903 12728	Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:48:31.0918 12728	Atmarpc - ok
15:48:31.0934 12728	audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:48:31.0949 12728	audstub - ok
15:48:31.0965 12728	Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:48:31.0965 12728	Beep - ok
15:48:31.0996 12728	BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\system32\drivers\BIOS.sys
15:48:31.0996 12728	BIOS - ok
15:48:32.0012 12728	catchme - ok
15:48:32.0043 12728	cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:48:32.0059 12728	cbidf2k - ok
15:48:32.0090 12728	CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:48:32.0106 12728	CCDECODE - ok
15:48:32.0106 12728	cd20xrnt - ok
15:48:32.0121 12728	Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:48:32.0137 12728	Cdaudio - ok
15:48:32.0137 12728	Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:48:32.0137 12728	Cdfs - ok
15:48:32.0153 12728	Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:48:32.0168 12728	Cdrom - ok
15:48:32.0168 12728	Changer - ok
15:48:32.0184 12728	CmdIde - ok
15:48:32.0199 12728	Cpqarray - ok
15:48:32.0231 12728	cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
15:48:32.0246 12728	cpuz135 - ok
15:48:32.0293 12728	ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
15:48:32.0309 12728	ctsfm2k - ok
15:48:32.0309 12728	dac2w2k - ok
15:48:32.0324 12728	dac960nt - ok
15:48:32.0340 12728	DefragFS (d38c27df7b3e8840b4b92ed5c5c06c2c) C:\WINDOWS\system32\drivers\DefragFS.sys
15:48:32.0356 12728	DefragFS - ok
15:48:32.0356 12728	DELTA - ok
15:48:32.0418 12728	DELTAII (c5b7ac8d8a9237a2510a1092d19a5fa9) C:\WINDOWS\system32\DRIVERS\MAudioDelta.sys
15:48:32.0434 12728	DELTAII - ok
15:48:32.0434 12728	Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:48:32.0449 12728	Disk - ok
15:48:32.0512 12728	DLABMFSM (7a1e8f722479ef934d71798ac3617ed7) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
15:48:32.0512 12728	DLABMFSM - ok
15:48:32.0559 12728	DLABOIOM (2281b5c596c04645426b3771a3bd5657) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
15:48:32.0559 12728	DLABOIOM - ok
15:48:32.0574 12728	DLACDBHM (43749294a1d9f22fe164a62c1a42919d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
15:48:32.0590 12728	DLACDBHM - ok
15:48:32.0606 12728	DLADResM (54a3f9ebd1ddc975736f8e18a9b8fce9) C:\WINDOWS\system32\DLA\DLADResM.SYS
15:48:32.0606 12728	DLADResM - ok
15:48:32.0621 12728	DLAIFS_M (e0fbaf0146bfceec29f31f07452db4ad) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
15:48:32.0621 12728	DLAIFS_M - ok
15:48:32.0621 12728	DLAOPIOM (d3ce0c76496a5332032399639485774f) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
15:48:32.0637 12728	DLAOPIOM - ok
15:48:32.0637 12728	DLAPoolM (fce1882364d4c324b937a841ef9c58ac) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
15:48:32.0637 12728	DLAPoolM - ok
15:48:32.0653 12728	DLARTL_M (14183a8eff683eb0c1774802578ed0f4) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
15:48:32.0653 12728	DLARTL_M - ok
15:48:32.0668 12728	DLAUDFAM (2ef8c92ab8411589387845f58534c7d9) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
15:48:32.0668 12728	DLAUDFAM - ok
15:48:32.0699 12728	DLAUDF_M (a2096fd7b5037085a3dc580e2891d2c4) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
15:48:32.0699 12728	DLAUDF_M - ok
15:48:32.0762 12728	dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:48:32.0809 12728	dmboot - ok
15:48:32.0887 12728	dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
15:48:32.0887 12728	dmio - ok
15:48:32.0918 12728	dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:48:32.0918 12728	dmload - ok
15:48:32.0949 12728	DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:48:32.0949 12728	DMusic - ok
15:48:32.0965 12728	dpti2o - ok
15:48:32.0965 12728	drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:48:32.0981 12728	drmkaud - ok
15:48:32.0996 12728	drvmcdb (1fb11e1eac27668754fd18a079cccfb3) C:\WINDOWS\system32\drivers\drvmcdb.sys
15:48:33.0012 12728	drvmcdb - ok
15:48:33.0028 12728	DRVNDDM (9628dfa16b1a47615c65318f8776f233) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
15:48:33.0043 12728	DRVNDDM - ok
15:48:33.0074 12728	dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
15:48:33.0090 12728	dvd43llh - ok
15:48:33.0137 12728	E100B (443157a61ee37bca4dc2866d44e2c697) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:48:33.0153 12728	E100B - ok
15:48:33.0184 12728	ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
15:48:33.0199 12728	ENTECH - ok
15:48:33.0215 12728	Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:48:33.0231 12728	Fastfat - ok
15:48:33.0278 12728	Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:48:33.0293 12728	Fdc - ok
15:48:33.0324 12728	Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:48:33.0340 12728	Fips - ok
15:48:33.0340 12728	Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:48:33.0356 12728	Flpydisk - ok
15:48:33.0371 12728	FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:48:33.0387 12728	FltMgr - ok
15:48:33.0403 12728	Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:48:33.0418 12728	Fs_Rec - ok
15:48:33.0434 12728	Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:48:33.0434 12728	Ftdisk - ok
15:48:33.0434 12728	FXDrv32 - ok
15:48:33.0465 12728	Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:48:33.0481 12728	Gpc - ok
15:48:33.0512 12728	HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:48:33.0528 12728	HDAudBus - ok
15:48:33.0543 12728	hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:48:33.0543 12728	hidusb - ok
15:48:33.0559 12728	hpn - ok
15:48:33.0606 12728	HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:48:33.0606 12728	HPZid412 - ok
15:48:33.0653 12728	HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:48:33.0668 12728	HPZipr12 - ok
15:48:33.0699 12728	HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:48:33.0715 12728	HPZius12 - ok
15:48:33.0762 12728	HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:48:33.0778 12728	HTTP - ok
15:48:33.0778 12728	i2omgmt - ok
15:48:33.0793 12728	i2omp - ok
15:48:33.0809 12728	i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:48:33.0824 12728	i8042prt - ok
15:48:33.0840 12728	Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:48:33.0856 12728	Imapi - ok
15:48:33.0871 12728	ini910u - ok
15:48:34.0028 12728	IntcAzAudAddService (27fea349f8043666f62b09729feb81ac) C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:48:34.0074 12728	IntcAzAudAddService - ok
15:48:34.0090 12728	ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:48:34.0106 12728	ip6fw - ok
15:48:34.0153 12728	IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:48:34.0153 12728	IpFilterDriver - ok
15:48:34.0184 12728	IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:48:34.0184 12728	IpInIp - ok
15:48:34.0231 12728	IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:48:34.0246 12728	IpNat - ok
15:48:34.0293 12728	IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:48:34.0309 12728	IPSec - ok
15:48:34.0324 12728	IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:48:34.0340 12728	IRENUM - ok
15:48:34.0340 12728	isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:48:34.0356 12728	isapnp - ok
15:48:34.0371 12728	JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
15:48:34.0371 12728	JGOGO - ok
15:48:34.0403 12728	JRAID (7d5053a827ff5be3a7d0ae5dd5dba308) C:\WINDOWS\system32\DRIVERS\jraid.sys
15:48:34.0403 12728	JRAID - ok
15:48:34.0418 12728	Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:48:34.0434 12728	Kbdclass - ok
15:48:34.0449 12728	kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:48:34.0449 12728	kbdhid - ok
15:48:34.0481 12728	kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:48:34.0481 12728	kmixer - ok
15:48:34.0528 12728	KmxAgent (3fdcb245744b046e7f5bd4b15c71025d) C:\WINDOWS\system32\DRIVERS\kmxagent.sys
15:48:34.0543 12728	KmxAgent - ok
15:48:34.0574 12728	KmxAMRT (eadf1e9d9b766a8d18ddf5896fbc7541) C:\WINDOWS\system32\DRIVERS\KmxAMRT.sys
15:48:34.0590 12728	KmxAMRT - ok
15:48:34.0621 12728	KmxCF (eca0d72d15841a7ac721189fb2bbb6c8) C:\WINDOWS\system32\DRIVERS\KmxCF.sys
15:48:34.0621 12728	KmxCF - ok
15:48:34.0653 12728	KmxCfg (06ae46da804a9986c7bcb4c172d6f5fb) C:\WINDOWS\system32\DRIVERS\kmxcfg.sys
15:48:34.0668 12728	KmxCfg - ok
15:48:34.0762 12728	KmxFile (0df04c9968510eeef3b3cf0df31c3b64) C:\WINDOWS\system32\DRIVERS\KmxFile.sys
15:48:34.0778 12728	KmxFile - ok
15:48:34.0918 12728	KmxFw (251a2f47e13a48aa95d8514a71b46306) C:\WINDOWS\system32\DRIVERS\kmxfw.sys
15:48:34.0918 12728	KmxFw - ok
15:48:34.0965 12728	KmxSbx (4717df0f6bcab33009d4034be2245642) C:\WINDOWS\system32\DRIVERS\KmxSbx.sys
15:48:34.0965 12728	KmxSbx - ok
15:48:34.0981 12728	KmxStart (3b4cf5b51d3f3e594aa96d6931e0b372) C:\WINDOWS\system32\DRIVERS\kmxstart.sys
15:48:34.0996 12728	KmxStart - ok
15:48:35.0012 12728	KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:48:35.0028 12728	KSecDD - ok
15:48:35.0043 12728	L8042Kbd (d1968dea7baff4a917858c384339cec8) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
15:48:35.0059 12728	L8042Kbd - ok
15:48:35.0059 12728	L8042mou (d6fc755ff505d99e6cc73e83492310df) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
15:48:35.0074 12728	L8042mou - ok
15:48:35.0090 12728	lbrtfdc - ok
15:48:35.0121 12728	lgatbus (ed8854a04430f17a4a237d14ca707cc0) C:\WINDOWS\system32\DRIVERS\lgatbus.sys
15:48:35.0137 12728	lgatbus - ok
15:48:35.0168 12728	lgatmdm (0e869725086064ff6695a9cb71f27869) C:\WINDOWS\system32\DRIVERS\lgatmdm.sys
15:48:35.0184 12728	lgatmdm - ok
15:48:35.0231 12728	lgatserd (ddfa2e84af1a804aaa24d3d5b6291778) C:\WINDOWS\system32\DRIVERS\lgatserd.sys
15:48:35.0246 12728	lgatserd - ok
15:48:35.0278 12728	LMouKE (c149bdad13194df16ea33f9f601ed7bf) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
15:48:35.0293 12728	LMouKE - ok
15:48:35.0324 12728	mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:48:35.0340 12728	mnmdd - ok
15:48:35.0387 12728	Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:48:35.0403 12728	Modem - ok
15:48:35.0465 12728	Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
15:48:35.0512 12728	Monfilt - ok
15:48:35.0543 12728	Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:48:35.0559 12728	Mouclass - ok
15:48:35.0590 12728	mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:48:35.0606 12728	mouhid - ok
15:48:35.0621 12728	MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:48:35.0637 12728	MountMgr - ok
15:48:35.0637 12728	mraid35x - ok
15:48:35.0653 12728	MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:48:35.0668 12728	MRxDAV - ok
15:48:35.0715 12728	MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:48:35.0746 12728	MRxSmb - ok
15:48:35.0778 12728	Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:48:35.0793 12728	Msfs - ok
15:48:35.0809 12728	MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:48:35.0824 12728	MSKSSRV - ok
15:48:35.0871 12728	MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:48:35.0887 12728	MSPCLOCK - ok
15:48:35.0887 12728	MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:48:35.0903 12728	MSPQM - ok
15:48:35.0949 12728	mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:48:35.0965 12728	mssmbios - ok
15:48:35.0996 12728	MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:48:36.0012 12728	MSTEE - ok
15:48:36.0043 12728	MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
15:48:36.0043 12728	MTsensor - ok
15:48:36.0090 12728	Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:48:36.0106 12728	Mup - ok
15:48:36.0137 12728	NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:48:36.0153 12728	NABTSFEC - ok
15:48:36.0215 12728	NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:48:36.0215 12728	NDIS - ok
15:48:36.0278 12728	NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:48:36.0293 12728	NdisIP - ok
15:48:36.0309 12728	NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:48:36.0324 12728	NdisTapi - ok
15:48:36.0356 12728	Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:48:36.0371 12728	Ndisuio - ok
15:48:36.0418 12728	NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:48:36.0434 12728	NdisWan - ok
15:48:36.0481 12728	NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:48:36.0496 12728	NDProxy - ok
15:48:36.0496 12728	NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:48:36.0512 12728	NetBIOS - ok
15:48:36.0543 12728	NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:48:36.0559 12728	NetBT - ok
15:48:36.0590 12728	NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:48:36.0606 12728	NIC1394 - ok
15:48:36.0621 12728	Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:48:36.0637 12728	Npfs - ok
15:48:36.0668 12728	NPUSB (af44951fa179a062c8796d23dfb24be1) C:\WINDOWS\system32\DRIVERS\npusb.sys
15:48:36.0684 12728	NPUSB - ok
15:48:36.0746 12728	Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:48:36.0778 12728	Ntfs - ok
15:48:36.0809 12728	NuidFltr (20623a75f3c6c1076ebba64dd8c4bc02) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
15:48:36.0824 12728	NuidFltr - ok
15:48:36.0840 12728	Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:48:36.0840 12728	Null - ok
15:48:37.0074 12728	nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:48:37.0309 12728	nv - ok
15:48:37.0387 12728	nvata (ef9941593b2e9b436f64a87ddb570d1a) C:\WINDOWS\system32\DRIVERS\nvata.sys
15:48:37.0403 12728	nvata - ok
15:48:37.0465 12728	NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:48:37.0481 12728	NwlnkFlt - ok
15:48:37.0512 12728	NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:48:37.0528 12728	NwlnkFwd - ok
15:48:37.0528 12728	ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:48:37.0543 12728	ohci1394 - ok
15:48:37.0574 12728	ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
15:48:37.0590 12728	ossrv - ok
15:48:37.0637 12728	P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
15:48:37.0715 12728	P17 - ok
15:48:37.0778 12728	p17filt (71ddb3a663ddce1651cfe35993fb1c31) C:\WINDOWS\system32\drivers\p17filt.sys
15:48:37.0856 12728	p17filt - ok
15:48:37.0871 12728	Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:48:37.0887 12728	Parport - ok
15:48:37.0934 12728	PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:48:37.0934 12728	PartMgr - ok
15:48:37.0965 12728	ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:48:37.0981 12728	ParVdm - ok
15:48:37.0996 12728	PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:48:37.0996 12728	PCI - ok
15:48:37.0996 12728	PciCon - ok
15:48:38.0012 12728	PCIDump - ok
15:48:38.0043 12728	PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:48:38.0059 12728	PCIIde - ok
15:48:38.0090 12728	Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:48:38.0106 12728	Pcmcia - ok
15:48:38.0153 12728	pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
15:48:38.0168 12728	pcouffin - ok
15:48:38.0199 12728	PDCOMP - ok
15:48:38.0231 12728	PDFRAME - ok
15:48:38.0246 12728	PDRELI - ok
15:48:38.0246 12728	PDRFRAME - ok
15:48:38.0262 12728	perc2 - ok
15:48:38.0262 12728	perc2hib - ok
15:48:38.0293 12728	pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
15:48:38.0309 12728	pfc - ok
15:48:38.0340 12728	ppsio2 (de4dfb09bf96fd5f810750140e2aa236) C:\WINDOWS\system32\drivers\ppsio2.sys
15:48:38.0356 12728	ppsio2 - ok
15:48:38.0418 12728	PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:48:38.0434 12728	PptpMiniport - ok
15:48:38.0449 12728	Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:48:38.0465 12728	Processor - ok
15:48:38.0481 12728	PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:48:38.0496 12728	PSched - ok
15:48:38.0543 12728	Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:48:38.0559 12728	Ptilink - ok
15:48:38.0574 12728	PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:48:38.0590 12728	PxHelp20 - ok
15:48:38.0590 12728	ql1080 - ok
15:48:38.0606 12728	Ql10wnt - ok
15:48:38.0606 12728	ql12160 - ok
15:48:38.0621 12728	ql1240 - ok
15:48:38.0621 12728	ql1280 - ok
15:48:38.0653 12728	RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:48:38.0668 12728	RasAcd - ok
15:48:38.0684 12728	Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:48:38.0699 12728	Rasl2tp - ok
15:48:38.0715 12728	RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:48:38.0731 12728	RasPppoe - ok
15:48:38.0746 12728	Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:48:38.0762 12728	Raspti - ok
15:48:38.0793 12728	Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:48:38.0809 12728	Rdbss - ok
15:48:38.0824 12728	RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:48:38.0840 12728	RDPCDD - ok
15:48:38.0840 12728	rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:48:38.0856 12728	rdpdr - ok
15:48:38.0903 12728	RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:48:38.0918 12728	RDPWD - ok
15:48:38.0949 12728	redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:48:38.0965 12728	redbook - ok
15:48:39.0012 12728	RioDrv (0a854df84c77a0be205bfeab2ae4f0ec) C:\WINDOWS\system32\Drivers\RioDrv.sys
15:48:39.0028 12728	RioDrv - ok
15:48:39.0059 12728	RIOUNIV (9eca9d94207317bf8c34c8b6856737bd) C:\WINDOWS\system32\Drivers\RIOUNIV.sys
15:48:39.0074 12728	RIOUNIV - ok
15:48:39.0199 12728	RTHDMIAzAudService (3cf6631543c743c29a369287ea67ffe6) C:\WINDOWS\system32\drivers\RtKHDMI.sys
15:48:39.0356 12728	RTHDMIAzAudService - ok
15:48:39.0418 12728	RTLE8023xp (79b4fe884c18dd82d5449f6b6026d092) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
15:48:39.0449 12728	RTLE8023xp - ok
15:48:39.0481 12728	RxFilter (78f204f3a885de987d41b12f9bb8dffb) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
15:48:39.0496 12728	RxFilter - ok
15:48:39.0543 12728	s115bus (e1ab463b36a7ef31d8a73a97a9b57afa) C:\WINDOWS\system32\DRIVERS\s115bus.sys
15:48:39.0574 12728	s115bus - ok
15:48:39.0590 12728	s115mdfl (e24113fc13b8737c94cf4e3415488c76) C:\WINDOWS\system32\DRIVERS\s115mdfl.sys
15:48:39.0621 12728	s115mdfl - ok
15:48:39.0653 12728	s115mdm (4029e49e7c673aa0670bd206b0af1b5b) C:\WINDOWS\system32\DRIVERS\s115mdm.sys
15:48:39.0668 12728	s115mdm - ok
15:48:39.0715 12728	s115mgmt (eb02ab4ca8bccecfde236cad8fc6e135) C:\WINDOWS\system32\DRIVERS\s115mgmt.sys
15:48:39.0731 12728	s115mgmt - ok
15:48:39.0746 12728	s115obex (089869db9ffd2ac807fa87fe82ac7761) C:\WINDOWS\system32\DRIVERS\s115obex.sys
15:48:39.0778 12728	s115obex - ok
15:48:39.0824 12728	SABProcEnum - ok
15:48:39.0871 12728	SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:48:39.0871 12728	SASDIFSV - ok
15:48:39.0903 12728	SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
15:48:39.0903 12728	SASENUM - ok
15:48:39.0949 12728	SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
15:48:39.0949 12728	SASKUTIL - ok
15:48:39.0981 12728	Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:48:40.0012 12728	Secdrv - ok
15:48:40.0028 12728	seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
15:48:40.0043 12728	seehcri - ok
15:48:40.0059 12728	serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:48:40.0074 12728	serenum - ok
15:48:40.0090 12728	Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:48:40.0106 12728	Serial - ok
15:48:40.0121 12728	Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:48:40.0137 12728	Sfloppy - ok
15:48:40.0153 12728	Simbad - ok
15:48:40.0184 12728	SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:48:40.0199 12728	SLIP - ok
15:48:40.0199 12728	Sparrow - ok
15:48:40.0262 12728	splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:48:40.0278 12728	splitter - ok
15:48:40.0309 12728	sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:48:40.0324 12728	sr - ok
15:48:40.0371 12728	Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:48:40.0387 12728	Srv - ok
15:48:40.0434 12728	streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:48:40.0449 12728	streamip - ok
15:48:40.0449 12728	STTub203 - ok
15:48:40.0465 12728	swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:48:40.0481 12728	swenum - ok
15:48:40.0528 12728	swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:48:40.0543 12728	swmidi - ok
15:48:40.0559 12728	symc810 - ok
15:48:40.0559 12728	symc8xx - ok
15:48:40.0574 12728	sym_hi - ok
15:48:40.0574 12728	sym_u3 - ok
15:48:40.0606 12728	sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:48:40.0637 12728	sysaudio - ok
15:48:40.0699 12728	Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:48:40.0715 12728	Tcpip - ok
15:48:40.0746 12728	TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:48:40.0778 12728	TDPIPE - ok
15:48:40.0809 12728	TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:48:40.0824 12728	TDTCP - ok
15:48:40.0856 12728	TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:48:40.0871 12728	TermDD - ok
15:48:40.0918 12728	tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
15:48:40.0934 12728	tifsfilter - ok
15:48:40.0981 12728	timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
15:48:40.0996 12728	timounter - ok
15:48:41.0012 12728	TosIde - ok
15:48:41.0043 12728	TVICPORT (97dd70feca64fb4f63de7bb7e66a80b1) C:\WINDOWS\system32\DRIVERS\TVICPORT.SYS
15:48:41.0059 12728	TVICPORT - ok
15:48:41.0106 12728	Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:48:41.0121 12728	Udfs - ok
15:48:41.0137 12728	ultra - ok
15:48:41.0184 12728	Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:48:41.0199 12728	Update - ok
15:48:41.0246 12728	usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
15:48:41.0262 12728	usbaudio - ok
15:48:41.0293 12728	usbbus (0678c457f49f20666ab16edda4d1391d) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
15:48:41.0309 12728	usbbus - ok
15:48:41.0340 12728	usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:48:41.0371 12728	usbccgp - ok
15:48:41.0403 12728	UsbDiag (bc8b39fc8782a954af119bfbe8a77414) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
15:48:41.0418 12728	UsbDiag - ok
15:48:41.0434 12728	usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:48:41.0449 12728	usbehci - ok
15:48:41.0496 12728	usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:48:41.0512 12728	usbhub - ok
15:48:41.0528 12728	USBModem (290914c187c25b42e1c64d7cfad8b2fc) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
15:48:41.0543 12728	USBModem - ok
15:48:41.0574 12728	usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:48:41.0606 12728	usbohci - ok
15:48:41.0637 12728	usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:48:41.0653 12728	usbprint - ok
15:48:41.0668 12728	usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:48:41.0684 12728	usbscan - ok
15:48:41.0715 12728	USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:48:41.0731 12728	USBSTOR - ok
15:48:41.0793 12728	USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
15:48:41.0809 12728	USB_RNDIS - ok
15:48:41.0824 12728	VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:48:41.0840 12728	VgaSave - ok
15:48:41.0856 12728	ViaIde - ok
15:48:41.0871 12728	VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:48:41.0887 12728	VolSnap - ok
15:48:41.0903 12728	Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:48:41.0918 12728	Wanarp - ok
15:48:41.0965 12728	Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:48:42.0012 12728	Wdf01000 - ok
15:48:42.0012 12728	WDICA - ok
15:48:42.0059 12728	wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:48:42.0074 12728	wdmaud - ok
15:48:42.0137 12728	WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:48:42.0153 12728	WmiAcpi - ok
15:48:42.0184 12728	WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:48:42.0199 12728	WpdUsb - ok
15:48:42.0246 12728	WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:48:42.0262 12728	WS2IFSL - ok
15:48:42.0293 12728	WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:48:42.0309 12728	WSTCODEC - ok
15:48:42.0340 12728	WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:48:42.0356 12728	WudfPf - ok
15:48:42.0387 12728	WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:48:42.0403 12728	WudfRd - ok
15:48:42.0434 12728	ZDCNDIS5 (1e206ae7b474b393e97a14c7769ba9a4) C:\WINDOWS\system32\ZDCNDIS5.SYS
15:48:42.0574 12728	ZDCNDIS5 - ok
15:48:42.0590 12728	MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:48:42.0731 12728	\Device\Harddisk0\DR0 - ok
15:48:42.0762 12728	MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
15:48:42.0762 12728	\Device\Harddisk1\DR1 - ok
15:48:42.0762 12728	Boot (0x1200) (6faf90800eb33bb00db63fca6339b9a4) \Device\Harddisk0\DR0\Partition0
15:48:42.0762 12728	\Device\Harddisk0\DR0\Partition0 - ok
15:48:42.0778 12728	Boot (0x1200) (ef71a5de8084bfc3a821c8b37a7b5c64) \Device\Harddisk1\DR1\Partition0
15:48:42.0778 12728	\Device\Harddisk1\DR1\Partition0 - ok
15:48:42.0778 12728	============================================================
15:48:42.0778 12728	Scan finished
15:48:42.0778 12728	============================================================
15:48:42.0778 12600	Detected object count: 0
15:48:42.0778 12600	Actual detected object count: 0


----------



## Cookiegal (Aug 27, 2003)

Please download ComboFix again, disable security programs, run the new scan and post the log.

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.


----------



## Nightmare (Sep 23, 2004)

I will have to uninstall CA Anti Virus. ComboFix will not run even when I manually end CA services using the Windows Task Manager. Do you want me to uninstall CA or can we use another program?

You mentioned OTS.exe., Can I try that instead?


----------



## Nightmare (Sep 23, 2004)

I went ahead and unloaded CA Security Suite. Here is the ComboFix log;

ComboFix 12-02-13.01 - Steven 02/15/2012 10:03:11.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2761 [GMT -5:00]
Running from: c:\documents and settings\Steven\Desktop\puppy.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DragToDiscUserNameE.txt
c:\windows\system32\GroupPolicy\Machine\Registry.pol
.
.
((((((((((((((((((((((((( Files Created from 2012-01-15 to 2012-02-15 )))))))))))))))))))))))))))))))
.
.
2012-02-13 22:08 . 2012-02-13 22:08	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-02-13 22:08 . 2011-12-10 20:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-13 21:53 . 2012-02-13 21:53	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-02-13 20:26 . 2012-02-13 20:26	--------	d-----w-	c:\program files\CCleaner
2012-02-13 19:32 . 2012-02-13 19:32	--------	d-----w-	c:\windows\system32\wbem\Repository
2012-02-08 23:48 . 2012-02-08 23:49	--------	d-----w-	c:\windows\system32\Adobe
2012-02-08 23:48 . 2012-02-08 23:48	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-08 18:16 . 2012-02-08 18:16	--------	d-----w-	c:\program files\Common Files\Scanner
2012-02-08 18:11 . 2012-02-15 14:54	--------	d-----w-	c:\documents and settings\All Users\Application Data\CA
2012-02-07 17:20 . 2012-02-07 17:20	--------	d-----w-	c:\documents and settings\Steven\Local Settings\Application Data\WinZip
2012-02-07 17:18 . 2012-02-07 17:20	--------	d-----w-	c:\documents and settings\All Users\Application Data\WinZip
2012-02-06 02:03 . 2012-02-06 02:03	--------	d-----w-	c:\program files\Microsoft.NET
2012-02-06 01:06 . 2012-02-06 01:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\Seagate
2012-02-06 01:06 . 2012-02-06 01:06	44384	----a-w-	c:\windows\system32\drivers\tifsfilt.sys
2012-02-06 01:06 . 2012-02-06 01:06	441760	----a-w-	c:\windows\system32\drivers\timntr.sys
2012-02-06 01:06 . 2012-02-06 01:06	132224	----a-w-	c:\windows\system32\drivers\snapman.sys
2012-02-06 01:06 . 2012-02-06 01:06	368480	----a-w-	c:\windows\system32\drivers\tdrpman.sys
2012-02-06 01:05 . 2012-02-13 19:44	--------	d-----w-	c:\program files\Seagate
2012-01-31 14:07 . 2012-01-31 14:07	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-01-21 17:39 . 2012-01-21 18:00	--------	d-----w-	c:\documents and settings\Steven\Application Data\SmartDraw
2012-01-18 17:46 . 2012-01-18 17:46	--------	d-----w-	c:\program files\Hewlett-Packard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2003-07-16 16:45	293376	----a-w-	c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2003-07-16 16:45	1859584	----a-w-	c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2003-07-16 16:34	60416	----a-w-	c:\windows\system32\packager.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-07-31 1116920]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-09-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-08 16:22	548352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42	72208	----a-w-	c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk
backup=c:\windows\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-07-31 13:00	1116920	----a-w-	c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-08-10 16:10	221184	----a-w-	c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\Sonic Shared\\RoxioUPnPRenderer9.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*isabledxpsp2res.dll,-22009
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management 
.
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1/24/2011 10:01 PM 13696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 11:43 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/31/2010 9:27 AM 116608]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [1/29/2011 10:31 AM 21992]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2/24/2007 12:48 AM 23200]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\MAudioDelta.sys [1/26/2011 7:44 PM 302472]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [1/29/2010 10:21 AM 27632]
S2 clr_optimization_v2.0.50727_32 Intelligent Application Manager (IAM);.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32 Intelligent Application Manager (IAM);c:\windows\system32\acodel.exe srv --> c:\windows\system32\acodel.exe srv [?]
S2 clr_optimization_v2.0.50727_32lanmanserver;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32lanmanserver;c:\windows\system32\ALSndMgre.exe srv --> c:\windows\system32\ALSndMgre.exe srv [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/30/2011 6:28 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/24/2011 10:20 PM 1684736]
S3 APL531;35mm Film Scanner;c:\windows\system32\Drivers\FILMSCAN.sys --> c:\windows\system32\Drivers\FILMSCAN.sys [?]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/30/2011 6:28 PM 136176]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [8/7/2008 11:48 AM 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [8/7/2008 11:48 AM 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [8/7/2008 11:50 AM 60816]
S3 NPUSB;NPUSB;c:\windows\system32\drivers\npusb.sys [2/24/2007 1:37 AM 15360]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [3/20/2006 5:34 PM 1452032]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/3/2008 12:39 AM 47360]
S3 RioDrv;Rio600 driver;c:\windows\system32\drivers\riodrv.sys [8/17/2001 8:24 AM 12032]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [12/16/2007 12:58 PM 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [12/16/2007 12:58 PM 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [12/16/2007 12:58 PM 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [12/16/2007 12:58 PM 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [12/16/2007 12:58 PM 98568]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 12872]
S3 STTub203;Thrustmaster HOTAS USB Bulk Out;c:\windows\system32\Drivers\STTub203.sys --> c:\windows\system32\Drivers\STTub203.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [7/16/2003 11:41 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM	REG_MULTI_SZ WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 21:53	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-30 23:27]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-30 23:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.baynews9.com/weather/klystron9?animate=hillsborough
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.gunbroker.com/WebResource.axd?d=Qydpf0KIwF1Fr6RRPI2vp09Qx7960W1PefrwdgTL1YWRWyUo6in6PN6VS7m59gst6zjhnPK4xtevtkkiPAeNbVdLz1lm1BKvO-eVx_B2d1Lb7EFrywmMr-EfCQUqniwFPL_qr5-6LT50B9lSJqZDgme2Vksu6ajL4Qvm6a-2VX8ROm8K0&t=634230999680000000
DPF: {DB31DA00-4F6F-4CC7-8627-C5A142E1FC7C} - hxxp://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab
.
- - - - ORPHANS REMOVED - - - -
.
Notify-PFW - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-15 10:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2012-02-15 10:11:35
ComboFix-quarantined-files.txt 2012-02-15 15:11
ComboFix2.txt 2012-02-08 03:37
.
Pre-Run: 18,626,015,232 bytes free
Post-Run: 19,536,379,904 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect/NoExecute=Optin
.
- - End Of File - - B351A968562F6C5624CFC52BEA0F8DF7


----------



## Cookiegal (Aug 27, 2003)

I'm sorry. I keep forgetting that you're running CA. I don't run into that problem very often.

Is this a business machine?

Were there some group policies in place?


----------



## Nightmare (Sep 23, 2004)

No, it's my personal computer that I do some hobbies on.

I am networked to three other computers, my laptop, my sons' laptop and the family computer all wireless.


----------



## Cookiegal (Aug 27, 2003)

Had you set some group policies (restrictions)?


----------



## Nightmare (Sep 23, 2004)

I'm not following you. I do not know about policies and restrictions.


----------



## Cookiegal (Aug 27, 2003)

ComboFix deleted this file:

c:\windows\system32\GroupPolicy\Machine\Registry.pol

Which generally only exists when group policies are put in place through the group policy editor. And this can only be done in XP Pro, which is the business edition. XP Home doesn't have this feature. You can put restrictions on the browser, log on scripts or other types on things in place using this feature.

How is the computer behaving now?


----------



## Nightmare (Sep 23, 2004)

There is a C:\windows\system32\GroupPolicy\Machine\Scripts\ShutDown and Startup but in no place can I find Registry.pol in any of these folders. As a matter of fact, the ShutDown and StartUp folders are empty (I have "show hidden files" showing)

The computer seems to behaving normaly ever since I ran the TDSS killer the second time.

I need to learn to read better. You said that the file was deleted so why would I find it? Duh......


----------



## Cookiegal (Aug 27, 2003)

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
Under the *Additional Scans *section put a check in the box next to Disabled MS Config Items, Drivers32, NetSvcs, SafeBoot Minimal and EventViewer logs (Last 10 errors)
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## Nightmare (Sep 23, 2004)

```
OTS logfile created on: 2/17/2012 12:21:55 PM - Run 1
OTS by OldTimer - Version 3.1.46.0     Folder = C:\Documents and Settings\Steven\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
8.00 Gb Paging File | 8.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 5373 5373 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 16.75 Gb Free Space | 7.19% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 287.27 Gb Free Space | 96.37% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MACHINEMASTER
Current User Name: Steven
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
caamsvc.exe -> C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -> [2012/02/16 14:33:57 | 000,206,152 | ---- | M] (CA)
ots.exe -> C:\Documents and Settings\Steven\Desktop\OTS.exe -> [2012/02/14 19:38:00 | 000,646,144 | ---- | M] (OldTimer Tools)
sascore.exe -> C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -> [2011/09/04 10:50:11 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com)
ccschedulersvc.exe -> C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -> [2011/07/01 23:34:22 | 000,206,160 | ---- | M] (Computer Associates International, Inc.)
ccprovsp.exe -> C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -> [2011/07/01 23:34:20 | 000,251,216 | ---- | M] (CA, Inc.)
ccevtmgr.exe -> C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe -> [2011/07/01 23:34:16 | 001,123,664 | ---- | M] (CA, Inc.)
casc.exe -> C:\Program Files\CA\CA Internet Security Suite\casc.exe -> [2011/07/01 23:34:14 | 001,570,128 | ---- | M] (CA, Inc.)
isafe.exe -> C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -> [2011/05/30 03:01:26 | 000,222,544 | ---- | M] (Computer Associates International, Inc.)
umxengine.exe -> C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -> [2011/04/04 12:42:28 | 000,662,096 | ---- | M] (CA)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
pdagent.exe -> C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -> [2007/11/06 08:37:48 | 000,414,984 | ---- | M] (Raxco Software, Inc.)
drgtodsc.exe -> C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe -> [2006/07/31 08:00:00 | 001,116,920 | ---- | M] (Sonic Solutions)
 
[Modules - No Company Name]
flipster.dll -> C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\Flipster.dll -> [2012/02/16 14:33:57 | 000,222,536 | ---- | M] ()
sqlite3.dll -> C:\Program Files\CA\CA Internet Security Suite\SQLite3.dll -> [2011/07/01 23:35:04 | 000,652,624 | ---- | M] ()
log4cplusu.dll -> C:\Program Files\CA\CA Internet Security Suite\log4cplusU.dll -> [2011/06/28 16:14:30 | 000,589,824 | ---- | M] ()
windowsuseridentity.dll -> C:\Program Files\CA\SharedComponents\TMEngine\WindowsUserIdentity.dll -> [2011/03/14 15:41:06 | 000,590,416 | ---- | M] ()
knownapps.dll -> C:\Program Files\CA\SharedComponents\TMEngine\KnownApps.dll -> [2011/02/24 14:33:28 | 000,706,640 | ---- | M] ()
nvshell.dll -> C:\Program Files\NVIDIA Corporation\nView\nvShell.dll -> [2010/11/04 08:51:44 | 000,555,624 | ---- | M] ()
sqlite3.dll -> C:\Program Files\Raxco\PerfectDisk\sqlite3.dll -> [2007/11/06 08:38:10 | 000,365,832 | ---- | M] ()
pddb.dll -> C:\Program Files\Raxco\PerfectDisk\PDDb.dll -> [2007/11/06 08:37:54 | 000,075,016 | ---- | M] ()
apm.dll -> C:\Program Files\Common Files\Roxio Shared\DLLShared\apm.dll -> [2006/08/09 03:27:36 | 000,037,376 | ---- | M] ()
dlaapi_w.dll -> C:\WINDOWS\system32\DLAAPI_W.DLL -> [2006/08/08 08:18:18 | 000,056,056 | ---- | M] ()
gl.dll -> C:\WINDOWS\system32\gl.dll -> [2001/08/22 13:13:30 | 000,061,440 | ---- | M] ()
 
[Win32 Services - Safe List]
(clr_optimization_v2.0.50727_32lanmanserver) .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32lanmanserver [Auto | Stopped] ->  -> File not found
(clr_optimization_v2.0.50727_32 Intelligent Application Manager (IAM)) .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32 Intelligent Application Manager (IAM) [Auto | Stopped] ->  -> File not found
(CAAMSvc) CAAMSvc [Auto | Running] -> C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -> [2012/02/16 14:33:57 | 000,206,152 | ---- | M] (CA)
(!SASCORE) SAS Core Service [Auto | Running] -> C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -> [2011/09/04 10:50:11 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com)
(ccSchedulerSVC) CA Common Scheduler Service [Auto | Running] -> C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -> [2011/07/01 23:34:22 | 000,206,160 | ---- | M] (Computer Associates International, Inc.)
(CaCCProvSP) CaCCProvSP [On_Demand | Running] -> C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -> [2011/07/01 23:34:20 | 000,251,216 | ---- | M] (CA, Inc.)
(CAISafe) CAISafe [Auto | Running] -> C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -> [2011/05/30 03:01:26 | 000,222,544 | ---- | M] (Computer Associates International, Inc.)
(UmxEngine) TM Engine [Auto | Running] -> C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -> [2011/04/04 12:42:28 | 000,662,096 | ---- | M] (CA)
(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009/03/05 16:39:08 | 000,655,624 | ---- | M] (Acresso Software Inc.)
(SupportSoft RemoteAssist) SupportSoft RemoteAssist [On_Demand | Stopped] -> C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -> [2008/07/15 16:38:32 | 000,394,608 | ---- | M] (SupportSoft, Inc.)
(LBTServ) Logitech Bluetooth Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -> [2008/05/02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.)
(PDEngine) PDEngine [Auto | Stopped] -> C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -> [2007/11/06 08:37:56 | 000,734,472 | ---- | M] (Raxco Software, Inc.)
(PDAgent) PDAgent [Auto | Running] -> C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -> [2007/11/06 08:37:48 | 000,414,984 | ---- | M] (Raxco Software, Inc.)
(Pml Driver HPZ12) Pml Driver HPZ12 [Auto | Stopped] -> C:\WINDOWS\system32\HPZipm12.exe -> [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP)
 
[Driver Services - Safe List]
(KmxCF) KmxCF [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\KmxCF.sys -> [2012/02/16 14:33:58 | 000,150,608 | ---- | M] (CA)
(KmxFw) KmxFw [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\KmxFw.sys -> [2012/02/16 14:33:58 | 000,116,304 | ---- | M] (CA)
(timounter) Seagate DiscWizard Image Backup Archive Explorer [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\timntr.sys -> [2012/02/05 20:06:30 | 000,441,760 | ---- | M] (Acronis)
(tifsfilter) Seagate DiscWizard FS Filter [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\tifsfilt.sys -> [2012/02/05 20:06:30 | 000,044,384 | ---- | M] (Acronis)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2011/09/04 10:50:09 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -> [2011/09/04 10:50:09 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(KmxCfg) KmxCfg [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\KmxCfg.sys -> [2011/05/12 17:22:18 | 000,331,344 | ---- | M] (CA)
(KmxAMRT) KmxAMRT [File_System | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\KmxAMRT.sys -> [2011/05/10 17:45:42 | 000,164,944 | ---- | M] (CA)
(KmxStart) KmxStart [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\kmxstart.sys -> [2011/05/02 10:40:18 | 000,123,984 | ---- | M] (CA)
(KmxAgent) KmxAgent [File_System | System | Running] -> C:\WINDOWS\system32\drivers\KmxAgent.sys -> [2011/03/23 16:29:02 | 000,083,536 | ---- | M] (CA)
(KmxFile) KmxFile [File_System | System | Running] -> C:\WINDOWS\system32\drivers\KmxFile.sys -> [2011/03/23 16:29:02 | 000,063,056 | ---- | M] (CA)
(KmxSbx) KmxSbx [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\KmxSbx.sys -> [2011/02/24 14:33:28 | 000,082,000 | ---- | M] (CA)
(cpuz135) cpuz135 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\cpuz135_x32.sys -> [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID)
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -> [2010/03/28 08:49:09 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(seehcri) Sony Ericsson seehcri Device Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\seehcri.sys -> [2010/01/29 10:21:27 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2009/10/28 11:35:10 | 005,937,152 | ---- | M] (Realtek Semiconductor Corp.)
(JGOGO) JMicron Hot-Plug Driver [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\JGOGO.sys -> [2009/09/08 13:11:00 | 000,006,912 | ---- | M] (JMicron )
(JRAID) JRAID [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\jraid.sys -> [2009/09/08 12:38:11 | 000,096,368 | ---- | M] (JMicron Technology Corp.)
(DELTAII) Service for M-Audio Delta Driver (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\MAudioDelta.sys -> [2009/07/27 13:44:46 | 000,302,472 | ---- | M] (Avid Technology, Inc.)
(RTLE8023xp) Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\Rtenicxp.sys -> [2009/06/29 19:59:14 | 000,142,592 | ---- | M] (Realtek Semiconductor Corporation                           )
(ati2mtag) ati2mtag [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2009/06/25 19:22:30 | 004,125,696 | ---- | M] (ATI Technologies Inc.)
(RTHDMIAzAudService) Service for HDMI [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\RtKHDMI.sys -> [2009/06/24 18:24:00 | 003,734,976 | ---- | M] (Realtek Semiconductor Corp.)
(BIOS) BIOS [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\BIOS.sys -> [2009/03/05 03:33:22 | 000,013,696 | R--- | M] (BIOSTAR Group)
(Ambfilt) Ambfilt [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Ambfilt.sys -> [2008/08/05 20:10:12 | 001,684,736 | ---- | M] (Creative)
(USB_RNDIS) USB Remote NDIS Network Device Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usb8023.sys -> [2008/04/13 13:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation)
(LMouKE) SetPoint Mouse Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\LMouKE.Sys -> [2008/02/29 02:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.)
(L8042mou) SetPoint PS/2 Mouse Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\L8042mou.Sys -> [2008/02/29 02:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.)
(L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\L8042Kbd.sys -> [2008/02/29 02:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.)
(ZDCNDIS5) ZDCNDIS5 NDIS5.1 Protocol Driver [Kernel | System | Running] -> C:\WINDOWS\system32\ZDCndis5.sys -> [2007/12/26 21:25:10 | 000,020,736 | R--- | M] (ZDC., Inc. (ZDC))
(DefragFS) DefragFS [File_System | Boot | Running] -> C:\WINDOWS\System32\drivers\DefragFs.sys -> [2007/10/22 05:33:40 | 000,068,624 | ---- | M] (Raxco Software, Inc.)
(amdide) amdide [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\amdide.sys -> [2007/10/11 21:40:00 | 000,009,096 | ---- | M] (Advanced Micro Devices)
(RIOUNIV) Rio universal USB driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\RIOUNIV.SYS -> [2007/08/30 13:10:58 | 000,016,128 | ---- | M] (Digital Networks North America, Inc.)
(P17) SB Live! 24-bit [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\P17.sys -> [2007/06/15 09:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.)
(s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\s115mgmt.sys -> [2007/04/23 15:54:50 | 000,100,488 | R--- | M] (MCCI Corporation)
(s115obex) Sony Ericsson Device 115 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\s115obex.sys -> [2007/04/23 15:54:50 | 000,098,568 | R--- | M] (MCCI Corporation)
(s115mdm) Sony Ericsson Device 115 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\s115mdm.sys -> [2007/04/23 15:54:48 | 000,108,680 | R--- | M] (MCCI Corporation)
(s115mdfl) Sony Ericsson Device 115 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\s115mdfl.sys -> [2007/04/23 15:54:48 | 000,015,112 | R--- | M] (MCCI Corporation)
(s115bus) Sony Ericsson Device 115 driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\s115bus.sys -> [2007/04/23 15:54:46 | 000,083,208 | R--- | M] (MCCI Corporation)
(AmdPPM) AMD HwPState Processor Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\AmdPPM.sys -> [2007/04/16 20:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices)
(TVICPORT) TVICPORT [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\TVicPort.sys -> [2007/01/01 00:47:04 | 000,014,544 | ---- | M] (EnTech Taiwan)
(NPUSB) NPUSB [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\npusb.sys -> [2006/12/06 17:20:08 | 000,015,360 | ---- | M] (NaturalPoint)
(nvata) nvata [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\nvata.sys -> [2006/10/18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation)
(RxFilter) RxFilter [File_System | Disabled | Stopped] -> C:\WINDOWS\system32\drivers\RxFilter.sys -> [2006/08/09 03:30:42 | 000,050,688 | ---- | M] (Sonic Solutions)
(DLADResM) DLADResM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLADResM.SYS -> [2006/08/08 08:18:50 | 000,009,432 | ---- | M] (Sonic Solutions)
(DLABMFSM) DLABMFSM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLABMFSM.SYS -> [2006/08/08 08:18:28 | 000,035,128 | ---- | M] (Sonic Solutions)
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -> [2006/08/08 08:18:26 | 000,097,880 | ---- | M] (Sonic Solutions)
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -> [2006/08/08 08:18:26 | 000,094,680 | ---- | M] (Sonic Solutions)
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -> [2006/08/08 08:18:24 | 000,026,136 | ---- | M] (Sonic Solutions)
(DLABOIOM) DLABOIOM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLABOIOM.SYS -> [2006/08/08 08:18:22 | 000,032,504 | ---- | M] (Sonic Solutions)
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -> [2006/08/08 08:18:20 | 000,104,504 | ---- | M] (Sonic Solutions)
(DLAPoolM) DLAPoolM [File_System | Auto | Running] -> C:\WINDOWS\system32\DLA\DLAPoolM.SYS -> [2006/08/08 08:18:20 | 000,014,552 | ---- | M] (Sonic Solutions)
(DLACDBHM) DLACDBHM [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLACDBHM.SYS -> [2006/08/01 19:06:20 | 000,012,952 | ---- | M] (Sonic Solutions)
(DLARTL_M) DLARTL_M [File_System | System | Running] -> C:\WINDOWS\system32\drivers\DLARTL_M.SYS -> [2006/08/01 19:06:18 | 000,028,216 | ---- | M] (Sonic Solutions)
(p17filt) p17filt [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\p17filt.sys -> [2006/03/20 17:34:56 | 001,452,032 | ---- | M] (Sensaura)
(Monfilt) Monfilt [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Monfilt.sys -> [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.)
(AsIO) AsIO [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\AsIO.sys -> [2005/12/21 22:22:20 | 000,005,685 | R--- | M] ()
(ossrv) Creative OS Services Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ctoss2k.sys -> [2005/01/10 17:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.)
(ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ctsfm2k.sys -> [2005/01/10 17:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd)
(USBModem) LGE CDMA USB Modem [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\lgusbmodem.sys -> [2004/12/23 10:05:58 | 000,039,672 | ---- | M] (LG Electronics Inc.)
(UsbDiag) LGE CDMA USB Serial Port [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\lgusbdiag.sys -> [2004/12/23 09:40:40 | 000,039,328 | ---- | M] (LG Electronics Inc.)
(usbbus) LGE CDMA Composite USB Device [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\lgusbbus.sys -> [2004/12/23 09:40:04 | 000,020,156 | ---- | M] (LG Electronics Inc.)
(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ASACPI.sys -> [2004/08/12 21:56:20 | 000,005,810 | R--- | M] ()
(pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\pfc.sys -> [2004/04/01 15:30:46 | 000,010,368 | ---- | M] (Padus, Inc.)
(RioDrv) Rio600 driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\riodrv.sys -> [2003/07/16 11:21:40 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems)
(lgatserd) LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\lgatserd.sys -> [2002/10/15 18:07:00 | 000,060,816 | R--- | M] (MCCI)
(lgatmdm) LG CDMA USB Modem Drivers [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\lgatmdm.sys -> [2002/10/15 18:05:00 | 000,077,104 | R--- | M] (MCCI)
(lgatbus) LG USB Composite Device driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\lgatbus.sys -> [2002/10/15 18:03:00 | 000,043,024 | R--- | M] (MCCI)
(ppsio2) PPDevice [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\ppsio2.sys -> [1999/06/30 02:49:10 | 000,023,200 | ---- | M] ()
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.baynews9.com/weather/klystron9?animate=hillsborough -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  -> 
HKLM\software\mozilla\Firefox\extensions\\[email protected] -> C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\Firefox [C:\PROGRAM FILES\CA\CA INTERNET SECURITY SUITE\CA ANTI-PHISHING\TOOLBAR\FIREFOX] -> [2012/02/16 14:20:58 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Thunderbird\Extensions ->  -> 
< FireFox Extensions [User Folders] > -> 
< HOSTS File > ([2012/02/15 10:09:42 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{45011CF5-E4A9-4F13-9093-F30A784EB9B2} [HKLM] -> C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll [CA Anti-Phishing Toolbar Helper] -> [2011/04/06 15:27:46 | 000,480,592 | ---- | M] (CA, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{0123B506-0AD9-43AA-B0CF-916C122AD4C5}" [HKLM] -> C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll [CA Anti-Phishing Toolbar] -> [2011/04/06 15:27:46 | 000,480,592 | ---- | M] (CA, Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{0123B506-0AD9-43AA-B0CF-916C122AD4C5}" [HKLM] -> C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll [CA Anti-Phishing Toolbar] -> [2011/04/06 15:27:46 | 000,480,592 | ---- | M] (CA, Inc.)
WebBrowser\\"{10134636-E7AF-4AC5-A1DC-C7C44BB97D81}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"cctray" -> C:\Program Files\CA\CA Internet Security Suite\casc.exe ["C:\Program Files\CA\CA Internet Security Suite\casc.exe"] -> [2011/07/01 23:34:14 | 001,570,128 | ---- | M] (CA, Inc.)
"Kernel and Hardware Abstraction Layer" -> C:\WINDOWS\KHALMNPR.Exe [KHALMNPR.EXE] -> [2008/02/29 02:12:38 | 000,076,304 | ---- | M] (Logitech, Inc.)
"Logitech Hardware Abstraction Layer" -> C:\WINDOWS\KHALMNPR.Exe [KHALMNPR.EXE] -> [2008/02/29 02:12:38 | 000,076,304 | ---- | M] (Logitech, Inc.)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2011/01/07 19:56:48 | 013,880,424 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" -> C:\WINDOWS\System32\NvMcTray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2011/01/07 19:56:48 | 000,111,208 | ---- | M] (NVIDIA Corporation)
"RoxioDragToDisc" -> C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe ["C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"] -> [2006/07/31 08:00:00 | 001,116,920 | ---- | M] (Sonic Solutions)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Steven Startup Folder > -> C:\Documents and Settings\Steven\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoCDBurning" ->  [0] -> File not found
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{00000055-9980-0010-8000-00AA00389B71} [HKLM] -> http://codecs.microsoft.com/codecs/i386/fhg.CAB [Reg Error: Key error.] -> 
{0067DBFC-A752-458C-AE6E-B9C7E63D4824} [HKLM] -> http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab [Device Detection] -> 
{01113300-3E00-11D2-8470-0060089874ED} [HKLM] -> http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab [Support.com Configuration Class] -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab [QuickTime Object] -> 
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab [Office Genuine Advantage Validation Tool] -> 
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab [Windows Genuine Advantage Validation Tool] -> 
{1E54D648-B804-468d-BC78-4AFFED8E262E} [HKLM] -> http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab [System Requirements Lab Class] -> 
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{4871A87A-BFDD-4106-8153-FFDE2BAC2967} [HKLM] -> http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab [DLM Control] -> 
{54BE6B6F-3056-470B-97E1-BB92E051B6C4} [HKLM] -> http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab [DeviceEnum Class] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266880529093 [WUWebControl Class] -> 
{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [HKLM] -> http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab [GMNRev Class] -> 
{74DBCB52-F298-4110-951D-AD2FF67BC8AB} [HKLM] -> http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab [NVIDIA Smart Scan] -> 
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [Reg Error: Key error.] -> 
{83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} [HKLM] -> http://www.gunbroker.com/WebResource.axd?d=Qydpf0KIwF1Fr6RRPI2vp09Qx7960W1PefrwdgTL1YWRWyUo6in6PN6VS7m59gst6zjhnPK4xtevtkkiPAeNbVdLz1lm1BKvO-eVx_B2d1Lb7EFrywmMr-EfCQUqniwFPL_qr5-6LT50B9lSJqZDgme2Vksu6ajL4Qvm6a-2VX8ROm8K0&t=634230999680000000 [Image Uploader Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key error.] -> 
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc4.cab [Office Update Installation Engine] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> 
{DB31DA00-4F6F-4CC7-8627-C5A142E1FC7C} [HKLM] -> http://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab [SyncXfer Class] -> 
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.0.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{709889B9-1732-4423-80DE-B9F188664A3D}\\DhcpNameServer -> 192.168.0.1   (Realtek PCIe GBE Family Controller) -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
UmxSbxExw.dll -> C:\WINDOWS\System32\UmxSbxExw.dll -> [2011/02/28 12:13:28 | 000,155,216 | ---- | M] (CA)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -> [2009/09/08 11:22:00 | 000,548,352 | ---- | M] (SUPERAntiSpyware.com)
AtiExtEvent -> C:\WINDOWS\System32\ati2evxx.dll -> [2009/06/25 18:46:34 | 000,155,648 | ---- | M] (ATI Technologies Inc.)
LBTWlgn -> c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll -> [2008/05/02 01:42:30 | 000,072,208 | ---- | M] (Logitech, Inc.)
PFW -> Reg Error: Value error. -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2011/09/04 10:50:08 | 000,113,024 | ---- | M] (SuperAdBlocker.com)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe" -> C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe [C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9] -> [2006/08/10 03:11:14 | 000,057,344 | ---- | M] (Sonic Solutions)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" -> C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe [C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7] -> [2009/04/22 16:39:14 | 000,194,072 | ---- | M] ()
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe" -> C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe [C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9] -> [2006/08/10 03:11:14 | 000,057,344 | ---- | M] (Sonic Solutions)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" -> C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe [C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7] -> [2009/04/22 16:39:14 | 000,194,072 | ---- | M] ()
"C:\Program Files\WS_FTP\WS_FTP95.exe" -> C:\Program Files\WS_FTP\WS_FTP95.exe [C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95] -> [2003/11/19 13:28:16 | 000,428,544 | ---- | M] (Ipswitch, Inc. 10 Maguire Road. Lexington, MA 02421)
"C:\WINDOWS\system32\dpvsetup.exe" -> C:\WINDOWS\System32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> [2008/04/13 19:12:18 | 000,083,456 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" -> C:\WINDOWS\System32\mmc.exe [C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console] -> [2008/04/13 19:12:25 | 001,414,656 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2007/01/12 16:12:22 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> 
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk -> C:\Program Files\Common Files\Sonic Shared\CineTray.exe -> [2006/07/25 01:01:00 | 000,114,688 | ---- | M] (Sonic Solutions)
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\QuickTime\qttask.exe -> [2010/11/29 16:38:18 | 000,421,888 | ---- | M] (Apple Inc.)
RoxioDragToDisc hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe -> [2006/07/31 08:00:00 | 001,116,920 | ---- | M] (Sonic Solutions)
RoxWatchTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe -> [2006/08/10 11:10:14 | 000,221,184 | ---- | M] (Sonic Solutions)
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 0 -> 
"startup" -> 2 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> 
"msacm.iac2" -> C:\WINDOWS\System32\iac25_32.ax [iac25_32.ax] -> [2008/04/13 19:12:42 | 000,199,680 | ---- | M] (Intel Corporation)
"msacm.l3acm" -> C:\WINDOWS\System32\l3codeca.acm [l3codeca.acm] -> [2010/01/29 09:43:39 | 000,307,260 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.l3codec" -> C:\WINDOWS\System32\l3codecp.acm [l3codecp.acm] -> [2006/10/18 19:05:16 | 000,232,448 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.lhacm" -> C:\WINDOWS\System32\lhacm.acm [lhacm.acm] -> [2007/03/03 20:27:48 | 000,034,064 | ---- | M] (Microsoft Corporation)
"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008/04/13 19:10:50 | 000,086,016 | ---- | M] (Sipro Lab Telecom Inc.)
"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2003/07/16 11:42:31 | 000,008,192 | ---- | M] (DSP GROUP, INC.)
"MSVideo8" -> C:\WINDOWS\System32\vfwwdm32.dll [VfWWDM32.dll] -> [2008/04/13 19:12:08 | 000,053,760 | ---- | M] (Microsoft Corporation)
"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2010/06/17 09:03:00 | 000,080,384 | ---- | M] (Radius Inc.)
"vidc.DIVX" -> C:\WINDOWS\System32\DivX.dll [DivX.dll] -> [2005/07/15 13:36:34 | 000,692,736 | ---- | M] (DivXNetworks)
"VIDC.FFDS" -> C:\WINDOWS\System32\ff_vfw.dll [ff_vfw.dll] -> [2010/03/31 17:43:50 | 000,085,504 | ---- | M] ()
"vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2003/07/16 11:25:17 | 000,199,168 | ---- | M] ()
"vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2003/07/16 11:25:17 | 000,199,168 | ---- | M] ()
"vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008/04/13 19:12:42 | 000,848,384 | ---- | M] (Intel Corporation)
"vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008/04/13 19:11:55 | 000,755,200 | ---- | M] (Intel Corporation)
"vidc.LEAD" -> C:\WINDOWS\System32\LCodcCMP.dll [LCODCCMP.DLL] -> [2002/04/24 12:42:18 | 000,364,544 | ---- | M] (LEAD Technologies, Inc.)
"vidc.yv12" -> C:\WINDOWS\System32\DivX.dll [DivX.dll] -> [2005/07/15 13:36:34 | 000,692,736 | ---- | M] (DivXNetworks)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 ->  -> File not found
Ias ->  -> File not found
Iprip ->  -> File not found
Irmon ->  -> File not found
NWCWorkstation ->  -> File not found
Nwsapagent ->  -> File not found
WmdmPmSp ->  -> File not found
*MultiFile Done* -> -> 
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> 
!SASCORE -> C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -> [2011/09/04 10:50:11 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com)
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
System Bus Extender -> Driver Group
vga.sys -> Driver
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 2/5/2012 10:19:40 AM Computer Name = MACHINEMASTER | Source = Application Hang | ID = 1002 -> Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 2/8/2012 6:43:11 PM Computer Name = MACHINEMASTER | Source = MsiInstaller | ID = 11722 -> Description = Product: Java(TM) 6 Update 12 -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.  Action FilesInUseDialog, location: C:\WINDOWS\Installer\MSI1E.tmp, command: C:\Program Files\Java\jre6\ 
Application [ Error ] 2/11/2012 6:18:33 PM Computer Name = MACHINEMASTER | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second
Application [ Error ] 2/11/2012 6:18:33 PM Computer Name = MACHINEMASTER | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 618078
Application [ Error ] 2/11/2012 6:18:33 PM Computer Name = MACHINEMASTER | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 618078
Application [ Error ] 2/13/2012 1:07:04 PM Computer Name = MACHINEMASTER | Source = Windows Product Activation | ID = 1012 -> Description = Due to hardware changes on this computer, you will need to reactivate your Windows product.
Application [ Error ] 2/13/2012 1:45:01 PM Computer Name = MACHINEMASTER | Source = Application Error | ID = 1000 -> Description = Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Application [ Error ] 2/13/2012 2:56:51 PM Computer Name = MACHINEMASTER | Source = Application Error | ID = 1004 -> Description = Faulting application svchost.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Application [ Error ] 2/13/2012 3:01:08 PM Computer Name = MACHINEMASTER | Source = Application Error | ID = 1001 -> Description = Fault bucket 00536409.
Application [ Error ] 2/16/2012 8:59:56 PM Computer Name = MACHINEMASTER | Source = .NET Runtime Optimization Service | ID = 1103 -> Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown 
System [ Error ] 2/13/2012 4:07:42 PM Computer Name = MACHINEMASTER | Source = DCOM | ID = 10010 -> Description = The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register with DCOM within the required timeout.
System [ Error ] 2/14/2012 1:26:33 PM Computer Name = MACHINEMASTER | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   nvata  PCIIde
System [ Error ] 2/14/2012 8:05:57 PM Computer Name = MACHINEMASTER | Source = Service Control Manager | ID = 7034 -> Description = The CaCCProvSP service terminated unexpectedly.  It has done this 1 time(s).
System [ Error ] 2/14/2012 8:06:03 PM Computer Name = MACHINEMASTER | Source = Service Control Manager | ID = 7034 -> Description = The CAAMSvc service terminated unexpectedly.  It has done this 1 time(s).
System [ Error ] 2/14/2012 8:06:08 PM Computer Name = MACHINEMASTER | Source = Service Control Manager | ID = 7034 -> Description = The CA Common Scheduler Service service terminated unexpectedly.  It has done this 1 time(s).
System [ Error ] 2/15/2012 10:58:03 AM Computer Name = MACHINEMASTER | Source = Service Control Manager | ID = 7031 -> Description = The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
System [ Error ] 2/15/2012 11:03:05 AM Computer Name = MACHINEMASTER | Source = Service Control Manager | ID = 7031 -> Description = The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
System [ Error ] 2/15/2012 11:05:05 AM Computer Name = MACHINEMASTER | Source = Service Control Manager | ID = 7031 -> Description = The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
System [ Error ] 2/15/2012 11:12:10 AM Computer Name = MACHINEMASTER | Source = DCOM | ID = 10010 -> Description = The server {222F1C6D-F430-4B76-B3F1-1FE92E214AD3} did not register with DCOM within the required timeout.
System [ Error ] 2/16/2012 9:12:59 AM Computer Name = MACHINEMASTER | Source = MRxSmb | ID = 8003 -> Description = The master browser has received a server announcement from the computer MACHINEFAMILY  that believes that it is the master browser for the domain on transport NetBT_Tcpip_{709889B9-1732-.  The master browser is stopping or an election is being forced.
 
[Files/Folders - Created Within 30 Days]
 RECYCLER -> C:\RECYCLER -> [2012/02/16 20:46:55 | 000,000,000 | -HSD | C]
 New Laser 2 -> C:\Documents and Settings\Steven\Desktop\New Laser 2 -> [2012/02/16 20:46:16 | 000,000,000 | ---D | C]
 ISSThirdParty -> C:\Program Files\ISSThirdParty -> [2012/02/16 14:20:45 | 000,000,000 | ---D | C]
 CA -> C:\Documents and Settings\All Users\Start Menu\Programs\CA -> [2012/02/16 14:20:37 | 000,000,000 | ---D | C]
 temp -> C:\WINDOWS\temp -> [2012/02/15 10:11:37 | 000,000,000 | ---D | C]
 cmdcons -> C:\cmdcons -> [2012/02/15 10:00:35 | 000,000,000 | RHSD | C]
 Recent -> C:\Documents and Settings\Steven\Recent -> [2012/02/15 09:45:30 | 000,000,000 | RH-D | C]
 New Laser -> C:\Documents and Settings\Steven\Desktop\New Laser -> [2012/02/14 20:15:17 | 000,000,000 | ---D | C]
 OTS.exe -> C:\Documents and Settings\Steven\Desktop\OTS.exe -> [2012/02/14 19:37:59 | 000,646,144 | ---- | C] (OldTimer Tools)
 Qoobox -> C:\Qoobox -> [2012/02/14 19:06:54 | 000,000,000 | ---D | C]
 puppy.exe -> C:\Documents and Settings\Steven\Desktop\puppy.exe -> [2012/02/14 19:02:23 | 004,403,246 | R--- | C] (Swearware)
 aswMBR.exe -> C:\Documents and Settings\Steven\Desktop\aswMBR.exe -> [2012/02/13 19:10:44 | 004,733,440 | ---- | C] (AVAST Software)
 TDSSKiller_Quarantine -> C:\TDSSKiller_Quarantine -> [2012/02/13 16:53:53 | 000,000,000 | ---D | C]
 tdsskiller.exe -> C:\Documents and Settings\Steven\Desktop\tdsskiller.exe -> [2012/02/13 16:52:28 | 002,061,360 | ---- | C] (Kaspersky Lab ZAO)
 mbam-setup-1.60.1.1000.exe -> C:\Documents and Settings\Steven\Desktop\mbam-setup-1.60.1.1000.exe -> [2012/02/13 16:00:41 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    )
 CCleaner -> C:\Program Files\CCleaner -> [2012/02/13 15:26:43 | 000,000,000 | ---D | C]
 ccsetup315.exe -> C:\Documents and Settings\Steven\Desktop\ccsetup315.exe -> [2012/02/13 15:05:56 | 003,587,688 | ---- | C] (Piriform Ltd)
 Adobe -> C:\WINDOWS\System32\Adobe -> [2012/02/08 18:48:55 | 000,000,000 | ---D | C]
 FlashPlayerCPLApp.cpl -> C:\WINDOWS\System32\FlashPlayerCPLApp.cpl -> [2012/02/08 18:48:16 | 000,414,368 | ---- | C] (Adobe Systems Incorporated)
 Scanner -> C:\Program Files\Common Files\Scanner -> [2012/02/08 13:16:04 | 000,000,000 | ---D | C]
 CA -> C:\Documents and Settings\All Users\Application Data\CA -> [2012/02/08 13:11:48 | 000,000,000 | ---D | C]
 WinZip -> C:\Documents and Settings\Steven\Local Settings\Application Data\WinZip -> [2012/02/07 12:20:02 | 000,000,000 | ---D | C]
 WinZip -> C:\Documents and Settings\All Users\Application Data\WinZip -> [2012/02/07 12:18:29 | 000,000,000 | ---D | C]
 WinZip -> C:\Program Files\WinZip -> [2012/02/07 12:18:25 | 000,000,000 | ---D | C]
 WinZip -> C:\Documents and Settings\All Users\Start Menu\Programs\WinZip -> [2012/02/07 12:18:25 | 000,000,000 | ---D | C]
 Microsoft.NET -> C:\Program Files\Microsoft.NET -> [2012/02/05 21:03:09 | 000,000,000 | ---D | C]
 Seagate -> C:\Documents and Settings\All Users\Application Data\Seagate -> [2012/02/05 20:06:33 | 000,000,000 | ---D | C]
 timntr.sys -> C:\WINDOWS\System32\drivers\timntr.sys -> [2012/02/05 20:06:30 | 000,441,760 | ---- | C] (Acronis)
 tifsfilt.sys -> C:\WINDOWS\System32\drivers\tifsfilt.sys -> [2012/02/05 20:06:30 | 000,044,384 | ---- | C] (Acronis)
 snapman.sys -> C:\WINDOWS\System32\drivers\snapman.sys -> [2012/02/05 20:06:23 | 000,132,224 | ---- | C] (Acronis)
 tdrpman.sys -> C:\WINDOWS\System32\drivers\tdrpman.sys -> [2012/02/05 20:06:14 | 000,368,480 | ---- | C] (Acronis)
 Seagate -> C:\Program Files\Seagate -> [2012/02/05 20:05:55 | 000,000,000 | ---D | C]
 Clean Up -> C:\Documents and Settings\Steven\Desktop\Clean Up -> [2012/02/02 23:43:38 | 000,000,000 | ---D | C]
 SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2012/02/02 12:48:35 | 000,518,144 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2012/02/02 12:48:35 | 000,060,416 | ---- | C] (NirSoft)
 SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2012/02/02 12:48:33 | 000,406,528 | ---- | C] (SteelWerX)
 SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2012/02/02 12:48:33 | 000,212,480 | ---- | C] (SteelWerX)
 hosts -> C:\Documents and Settings\Steven\My Documents\hosts -> [2012/02/01 14:56:33 | 000,000,000 | ---D | C]
 Identities -> C:\Documents and Settings\LocalService\Application Data\Identities -> [2012/01/31 17:16:09 | 000,000,000 | ---D | C]
 Adobe -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe -> [2012/01/31 09:07:46 | 000,000,000 | ---D | C]
 Sun -> C:\Documents and Settings\LocalService\Application Data\Sun -> [2012/01/30 22:46:44 | 000,000,000 | ---D | C]
 Macromedia -> C:\Documents and Settings\LocalService\Application Data\Macromedia -> [2012/01/30 22:24:45 | 000,000,000 | ---D | C]
 Macromedia -> C:\Documents and Settings\NetworkService\Application Data\Macromedia -> [2012/01/30 21:42:16 | 000,000,000 | ---D | C]
 Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2012/01/30 21:42:16 | 000,000,000 | ---D | C]
 SmartDraw -> C:\Documents and Settings\Steven\My Documents\SmartDraw -> [2012/01/21 12:39:25 | 000,000,000 | ---D | C]
 SmartDraw -> C:\Documents and Settings\Steven\Application Data\SmartDraw -> [2012/01/21 12:39:17 | 000,000,000 | ---D | C]
 Hewlett-Packard -> C:\Program Files\Hewlett-Packard -> [2012/01/18 12:46:51 | 000,000,000 | ---D | C]
 pcouffin.sys -> C:\Documents and Settings\Steven\Application Data\pcouffin.sys -> [2008/01/03 00:39:14 | 000,047,360 | ---- | C] (VSO Software)
 DivXGraphBuilderCallback.dll -> C:\WINDOWS\System32\DivXGraphBuilderCallback.dll -> [2006/07/11 13:29:00 | 000,028,672 | R--- | C] ( )
 A3d.dll -> C:\WINDOWS\System32\A3d.dll -> [2002/04/11 08:41:06 | 000,065,536 | ---- | C] ( )
 
[Files/Folders - Modified Within 30 Days]
 GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2012/02/17 11:38:00 | 000,000,886 | ---- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2012/02/16 20:38:00 | 000,000,882 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2012/02/16 20:03:45 | 000,533,584 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2012/02/16 20:03:45 | 000,101,044 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2012/02/16 20:00:16 | 000,012,598 | ---- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2012/02/16 19:59:03 | 000,002,048 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2012/02/16 19:59:00 | 3488,927,744 | -HS- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2012/02/16 19:59:00 | 000,373,672 | ---- | M] ()
 kmxcfg.u2k0 -> C:\WINDOWS\System32\drivers\kmxcfg.u2k0 -> [2012/02/16 19:57:49 | 002,150,873 | ---- | M] ()
 KmxAgent.asc -> C:\WINDOWS\System32\drivers\KmxAgent.asc -> [2012/02/16 19:57:49 | 000,969,676 | ---- | M] ()
 kmxzone.u2k0 -> C:\WINDOWS\System32\drivers\kmxzone.u2k0 -> [2012/02/16 19:57:49 | 000,000,315 | ---- | M] ()
 kmxcfg.u2k7 -> C:\WINDOWS\System32\drivers\kmxcfg.u2k7 -> [2012/02/16 19:57:49 | 000,000,085 | ---- | M] ()
 kmxcfg.u2k6 -> C:\WINDOWS\System32\drivers\kmxcfg.u2k6 -> [2012/02/16 19:57:49 | 000,000,085 | ---- | M] ()
 kmxcfg.u2k5 -> C:\WINDOWS\System32\drivers\kmxcfg.u2k5 -> [2012/02/16 19:57:49 | 000,000,085 | ---- | M] ()
 kmxcfg.u2k4 -> C:\WINDOWS\System32\drivers\kmxcfg.u2k4 -> [2012/02/16 19:57:49 | 000,000,085 | ---- | M] ()
 kmxcfg.u2k3 -> C:\WINDOWS\System32\drivers\kmxcfg.u2k3 -> [2012/02/16 19:57:49 | 000,000,085 | ---- | M] ()
 kmxcfg.u2k2 -> C:\WINDOWS\System32\drivers\kmxcfg.u2k2 -> [2012/02/16 19:57:49 | 000,000,085 | ---- | M] ()
 kmxcfg.u2k1 -> C:\WINDOWS\System32\drivers\kmxcfg.u2k1 -> [2012/02/16 19:57:49 | 000,000,085 | ---- | M] ()
 kmxzone.u2k7 -> C:\WINDOWS\System32\drivers\kmxzone.u2k7 -> [2012/02/16 19:57:49 | 000,000,049 | ---- | M] ()
 kmxzone.u2k6 -> C:\WINDOWS\System32\drivers\kmxzone.u2k6 -> [2012/02/16 19:57:49 | 000,000,049 | ---- | M] ()
 kmxzone.u2k5 -> C:\WINDOWS\System32\drivers\kmxzone.u2k5 -> [2012/02/16 19:57:49 | 000,000,049 | ---- | M] ()
 kmxzone.u2k4 -> C:\WINDOWS\System32\drivers\kmxzone.u2k4 -> [2012/02/16 19:57:49 | 000,000,049 | ---- | M] ()
 kmxzone.u2k3 -> C:\WINDOWS\System32\drivers\kmxzone.u2k3 -> [2012/02/16 19:57:49 | 000,000,049 | ---- | M] ()
 kmxzone.u2k2 -> C:\WINDOWS\System32\drivers\kmxzone.u2k2 -> [2012/02/16 19:57:49 | 000,000,049 | ---- | M] ()
 kmxzone.u2k1 -> C:\WINDOWS\System32\drivers\kmxzone.u2k1 -> [2012/02/16 19:57:49 | 000,000,049 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2012/02/16 19:37:03 | 000,001,374 | ---- | M] ()
 KmxCF.sys -> C:\WINDOWS\System32\drivers\KmxCF.sys -> [2012/02/16 14:33:58 | 000,150,608 | ---- | M] (CA)
 KmxFw.sys -> C:\WINDOWS\System32\drivers\KmxFw.sys -> [2012/02/16 14:33:58 | 000,116,304 | ---- | M] (CA)
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2012/02/15 10:09:42 | 000,000,027 | ---- | M] ()
 boot.ini -> C:\boot.ini -> [2012/02/15 10:00:40 | 000,000,326 | RHS- | M] ()
 OTS.exe -> C:\Documents and Settings\Steven\Desktop\OTS.exe -> [2012/02/14 19:38:00 | 000,646,144 | ---- | M] (OldTimer Tools)
 puppy.exe -> C:\Documents and Settings\Steven\Desktop\puppy.exe -> [2012/02/14 19:02:28 | 004,403,246 | R--- | M] (Swearware)
 MBR.dat -> C:\Documents and Settings\Steven\Desktop\MBR.dat -> [2012/02/14 08:46:36 | 000,000,512 | ---- | M] ()
 aswMBR.exe -> C:\Documents and Settings\Steven\Desktop\aswMBR.exe -> [2012/02/13 19:10:45 | 004,733,440 | ---- | M] (AVAST Software)
 tdsskiller.exe -> C:\Documents and Settings\Steven\Desktop\tdsskiller.exe -> [2012/02/13 16:52:37 | 002,061,360 | ---- | M] (Kaspersky Lab ZAO)
 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2012/02/13 16:38:30 | 000,000,664 | ---- | M] ()
 mbam-setup-1.60.1.1000.exe -> C:\Documents and Settings\Steven\Desktop\mbam-setup-1.60.1.1000.exe -> [2012/02/13 16:00:51 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    )
 CCleaner.lnk -> C:\Documents and Settings\Steven\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk -> [2012/02/13 15:26:44 | 000,000,692 | ---- | M] ()
 ccsetup315.exe -> C:\Documents and Settings\Steven\Desktop\ccsetup315.exe -> [2012/02/13 15:06:10 | 003,587,688 | ---- | M] (Piriform Ltd)
 wpa.bak -> C:\WINDOWS\System32\wpa.bak -> [2012/02/13 13:56:26 | 000,012,540 | ---- | M] ()
 micronta22-211multitestermanual.zip -> C:\Documents and Settings\Steven\Desktop\micronta22-211multitestermanual.zip -> [2012/02/12 11:51:55 | 000,734,671 | ---- | M] ()
 Dealextreme2.JPG -> C:\Documents and Settings\Steven\Desktop\Dealextreme2.JPG -> [2012/02/11 13:27:54 | 000,100,417 | ---- | M] ()
 Dealextreme1.JPG -> C:\Documents and Settings\Steven\Desktop\Dealextreme1.JPG -> [2012/02/11 13:26:08 | 000,112,622 | ---- | M] ()
 PerfectDisk 8.0.lnk -> C:\Documents and Settings\Steven\Application Data\Microsoft\Internet Explorer\Quick Launch\PerfectDisk 8.0.lnk -> [2012/02/08 19:42:42 | 000,002,423 | ---- | M] ()
 FlashPlayerCPLApp.cpl -> C:\WINDOWS\System32\FlashPlayerCPLApp.cpl -> [2012/02/08 18:48:16 | 000,414,368 | ---- | M] (Adobe Systems Incorporated)
 Boot.bak -> C:\Boot.bak -> [2012/02/08 16:36:43 | 000,000,326 | ---- | M] ()
 clipbrd.lnk -> C:\Documents and Settings\Steven\Application Data\Microsoft\Internet Explorer\Quick Launch\clipbrd.lnk -> [2012/02/06 20:50:47 | 000,001,407 | ---- | M] ()
 timntr.sys -> C:\WINDOWS\System32\drivers\timntr.sys -> [2012/02/05 20:06:30 | 000,441,760 | ---- | M] (Acronis)
 tifsfilt.sys -> C:\WINDOWS\System32\drivers\tifsfilt.sys -> [2012/02/05 20:06:30 | 000,044,384 | ---- | M] (Acronis)
 snapman.sys -> C:\WINDOWS\System32\drivers\snapman.sys -> [2012/02/05 20:06:23 | 000,132,224 | ---- | M] (Acronis)
 tdrpman.sys -> C:\WINDOWS\System32\drivers\tdrpman.sys -> [2012/02/05 20:06:14 | 000,368,480 | ---- | M] (Acronis)
 HOSTS.mvp1 -> C:\WINDOWS\System32\drivers\etc\HOSTS.mvp1 -> [2012/02/01 15:33:17 | 000,610,035 | ---- | M] ()
 hosts.zip -> C:\Documents and Settings\Steven\My Documents\hosts.zip -> [2012/02/01 14:52:23 | 000,149,614 | ---- | M] ()
 HOSTS.MVP -> C:\WINDOWS\System32\drivers\etc\HOSTS.MVP -> [2012/02/01 09:31:40 | 000,000,855 | ---- | M] ()
 Microsoft Word.lnk -> C:\Documents and Settings\Steven\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk -> [2012/01/24 19:14:08 | 000,002,501 | ---- | M] ()
 Key1.reg -> C:\Documents and Settings\Steven\My Documents\Key1.reg -> [2012/01/23 22:31:03 | 000,002,472 | ---- | M] ()
 Jan23.reg -> C:\Documents and Settings\Steven\My Documents\Jan23.reg -> [2012/01/23 22:30:36 | 000,002,324 | ---- | M] ()
 HPHins08.dat -> C:\WINDOWS\HPHins08.dat -> [2012/01/20 11:22:53 | 000,080,172 | ---- | M] ()
 3 C:\Documents and Settings\Steven\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Steven\Local Settings\temp\*.tmp -> 
 
[Files - No Company Name]
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2012/02/16 19:31:42 | 000,001,374 | ---- | C] ()
 iacenc.dll -> C:\WINDOWS\System32\iacenc.dll -> [2012/02/16 14:39:48 | 000,003,072 | ---- | C] ()
 iacenc.dll -> C:\WINDOWS\System32\dllcache\iacenc.dll -> [2012/02/16 14:39:48 | 000,003,072 | ---- | C] ()
 kmxcfg.u2k0 -> C:\WINDOWS\System32\drivers\kmxcfg.u2k0 -> [2012/02/16 14:35:08 | 002,150,873 | ---- | C] ()
 kmxzone.u2k0 -> C:\WINDOWS\System32\drivers\kmxzone.u2k0 -> [2012/02/16 14:35:08 | 000,000,315 | ---- | C] ()
 kmxcfg.u2k7 -> C:\WINDOWS\System32\drivers\kmxcfg.u2k7 -> [2012/02/16 14:35:08 | 000,000,085 | ---- | C] ()
 kmxcfg.u2k6 -> C:\WINDOWS\System32\drivers\kmxcfg.u2k6 -> [2012/02/16 14:35:08 | 000,000,085 | ---- | C] ()
 kmxcfg.u2k5 -> C:\WINDOWS\System32\drivers\kmxcfg.u2k5 -> [2012/02/16 14:35:08 | 000,000,085 | ---- | C] ()
 kmxcfg.u2k4 -> C:\WINDOWS\System32\drivers\kmxcfg.u2k4 -> [2012/02/16 14:35:08 | 000,000,085 | ---- | C] ()
 kmxcfg.u2k3 -> C:\WINDOWS\System32\drivers\kmxcfg.u2k3 -> [2012/02/16 14:35:08 | 000,000,085 | ---- | C] ()
 kmxcfg.u2k2 -> C:\WINDOWS\System32\drivers\kmxcfg.u2k2 -> [2012/02/16 14:35:08 | 000,000,085 | ---- | C] ()
 kmxcfg.u2k1 -> C:\WINDOWS\System32\drivers\kmxcfg.u2k1 -> [2012/02/16 14:35:08 | 000,000,085 | ---- | C] ()
 kmxzone.u2k7 -> C:\WINDOWS\System32\drivers\kmxzone.u2k7 -> [2012/02/16 14:35:08 | 000,000,049 | ---- | C] ()
 kmxzone.u2k6 -> C:\WINDOWS\System32\drivers\kmxzone.u2k6 -> [2012/02/16 14:35:08 | 000,000,049 | ---- | C] ()
 kmxzone.u2k5 -> C:\WINDOWS\System32\drivers\kmxzone.u2k5 -> [2012/02/16 14:35:08 | 000,000,049 | ---- | C] ()
 kmxzone.u2k4 -> C:\WINDOWS\System32\drivers\kmxzone.u2k4 -> [2012/02/16 14:35:08 | 000,000,049 | ---- | C] ()
 kmxzone.u2k3 -> C:\WINDOWS\System32\drivers\kmxzone.u2k3 -> [2012/02/16 14:35:08 | 000,000,049 | ---- | C] ()
 kmxzone.u2k2 -> C:\WINDOWS\System32\drivers\kmxzone.u2k2 -> [2012/02/16 14:35:08 | 000,000,049 | ---- | C] ()
 kmxzone.u2k1 -> C:\WINDOWS\System32\drivers\kmxzone.u2k1 -> [2012/02/16 14:35:08 | 000,000,049 | ---- | C] ()
 MBR.dat -> C:\Documents and Settings\Steven\Desktop\MBR.dat -> [2012/02/14 08:46:36 | 000,000,512 | ---- | C] ()
 CCleaner.lnk -> C:\Documents and Settings\Steven\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk -> [2012/02/13 15:26:44 | 000,000,692 | ---- | C] ()
 micronta22-211multitestermanual.zip -> C:\Documents and Settings\Steven\Desktop\micronta22-211multitestermanual.zip -> [2012/02/12 11:51:51 | 000,734,671 | ---- | C] ()
 Dealextreme2.JPG -> C:\Documents and Settings\Steven\Desktop\Dealextreme2.JPG -> [2012/02/11 13:27:54 | 000,100,417 | ---- | C] ()
 Dealextreme1.JPG -> C:\Documents and Settings\Steven\Desktop\Dealextreme1.JPG -> [2012/02/11 13:26:08 | 000,112,622 | ---- | C] ()
 clipbrd.lnk -> C:\Documents and Settings\Steven\Application Data\Microsoft\Internet Explorer\Quick Launch\clipbrd.lnk -> [2012/02/06 20:50:33 | 000,001,407 | ---- | C] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2012/02/04 11:57:18 | 3488,927,744 | -HS- | C] ()
 boot.ini -> C:\boot.ini -> [2012/02/02 15:30:34 | 000,000,326 | RHS- | C] ()
 Internet Explorer.lnk -> C:\Documents and Settings\Steven\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk -> [2012/02/02 14:07:57 | 000,000,813 | ---- | C] ()
 Boot.bak -> C:\Boot.bak -> [2012/02/02 13:06:23 | 000,000,326 | ---- | C] ()
 cmldr -> C:\cmldr -> [2012/02/02 13:06:16 | 000,260,272 | RHS- | C] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2012/02/02 12:48:35 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2012/02/02 12:48:35 | 000,208,896 | ---- | C] ()
 grep.exe -> C:\WINDOWS\grep.exe -> [2012/02/02 12:48:35 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\WINDOWS\zip.exe -> [2012/02/02 12:48:35 | 000,068,096 | ---- | C] ()
 sed.exe -> C:\WINDOWS\sed.exe -> [2012/02/02 12:48:34 | 000,098,816 | ---- | C] ()
 hosts.zip -> C:\Documents and Settings\Steven\My Documents\hosts.zip -> [2012/02/01 14:52:22 | 000,149,614 | ---- | C] ()
 Key1.reg -> C:\Documents and Settings\Steven\My Documents\Key1.reg -> [2012/01/23 22:31:03 | 000,002,472 | ---- | C] ()
 Jan23.reg -> C:\Documents and Settings\Steven\My Documents\Jan23.reg -> [2012/01/23 22:30:36 | 000,002,324 | ---- | C] ()
 HPHins08.dat.temp -> C:\WINDOWS\HPHins08.dat.temp -> [2012/01/20 11:22:52 | 000,080,754 | ---- | C] ()
 hphmdl08.dat.temp -> C:\WINDOWS\hphmdl08.dat.temp -> [2012/01/20 11:22:52 | 000,003,987 | ---- | C] ()
 ff_vfw.dll -> C:\WINDOWS\System32\ff_vfw.dll -> [2011/07/04 11:39:59 | 000,085,504 | ---- | C] ()
 DLAAPI_W.DLL -> C:\WINDOWS\System32\DLAAPI_W.DLL -> [2011/07/04 11:25:14 | 000,056,056 | ---- | C] ()
 nvdrsdb0.bin -> C:\WINDOWS\System32\nvdrsdb0.bin -> [2011/01/26 21:23:27 | 000,252,080 | ---- | C] ()
 nvdrsdb1.bin -> C:\WINDOWS\System32\nvdrsdb1.bin -> [2011/01/26 21:23:23 | 000,252,080 | ---- | C] ()
 nvdrssel.bin -> C:\WINDOWS\System32\nvdrssel.bin -> [2011/01/26 21:23:23 | 000,000,001 | ---- | C] ()
 nvdata.bin -> C:\WINDOWS\System32\nvdata.bin -> [2011/01/26 21:23:12 | 002,292,678 | ---- | C] ()
 ativpsrm.bin -> C:\WINDOWS\ativpsrm.bin -> [2011/01/26 18:58:54 | 000,000,000 | ---- | C] ()
 RtNicProp32.dll -> C:\WINDOWS\System32\RtNicProp32.dll -> [2011/01/24 22:18:37 | 000,073,728 | ---- | C] ()
 setup_ldm.iss -> C:\Documents and Settings\Steven\Application Data\setup_ldm.iss -> [2011/01/12 15:24:56 | 000,000,760 | ---- | C] ()
 Ckejanarigap.dat -> C:\WINDOWS\Ckejanarigap.dat -> [2010/06/06 12:17:14 | 000,000,120 | ---- | C] ()
 Wlubodas.bin -> C:\WINDOWS\Wlubodas.bin -> [2010/06/06 12:17:14 | 000,000,000 | ---- | C] ()
 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2009/10/02 08:34:31 | 000,000,664 | ---- | C] ()
 groovmec.ini -> C:\WINDOWS\groovmec.ini -> [2009/09/11 10:36:24 | 000,000,103 | ---- | C] ()
 CTWave32.ini -> C:\WINDOWS\CTWave32.ini -> [2009/08/14 20:46:18 | 000,000,031 | ---- | C] ()
 DeltaIITray.exe -> C:\WINDOWS\System32\DeltaIITray.exe -> [2009/07/27 13:44:58 | 000,236,040 | ---- | C] ()
 ativva6x.dat -> C:\WINDOWS\System32\ativva6x.dat -> [2009/06/25 18:22:50 | 000,887,724 | ---- | C] ()
 ativva5x.dat -> C:\WINDOWS\System32\ativva5x.dat -> [2009/06/25 18:22:50 | 000,000,003 | ---- | C] ()
 atiicdxx.dat -> C:\WINDOWS\System32\atiicdxx.dat -> [2009/06/18 15:29:04 | 000,197,654 | ---- | C] ()
 2Wire.ini -> C:\WINDOWS\System32\2Wire.ini -> [2009/03/25 20:40:12 | 000,000,040 | ---- | C] ()
 NB-WGASW.ini -> C:\WINDOWS\System32\NB-WGASW.ini -> [2009/03/25 20:40:05 | 000,000,020 | ---- | C] ()
 acctresx.sys -> C:\WINDOWS\System32\acctresx.sys -> [2009/03/05 20:22:41 | 031,394,482 | -HS- | C] ()
 ATIODE.exe -> C:\WINDOWS\System32\ATIODE.exe -> [2009/02/18 13:55:22 | 000,294,912 | ---- | C] ()
 ATIODCLI.exe -> C:\WINDOWS\System32\ATIODCLI.exe -> [2009/02/03 16:52:04 | 000,045,056 | ---- | C] ()
 HP_CounterReport_Update_HPSU.ini -> C:\WINDOWS\HP_CounterReport_Update_HPSU.ini -> [2009/01/05 10:01:49 | 000,000,227 | ---- | C] ()
 CommonDL.dll -> C:\WINDOWS\System32\CommonDL.dll -> [2008/08/07 11:56:46 | 000,053,248 | ---- | C] ()
 lgAxconfig.ini -> C:\WINDOWS\System32\lgAxconfig.ini -> [2008/08/07 11:56:46 | 000,002,412 | ---- | C] ()
 JpgLib.dll -> C:\WINDOWS\System32\JpgLib.dll -> [2008/06/13 22:24:00 | 000,151,552 | ---- | C] ()
 HP_RedboxHprblog_HPSU.ini -> C:\WINDOWS\HP_RedboxHprblog_HPSU.ini -> [2008/01/24 18:00:04 | 000,000,221 | ---- | C] ()
 hpzids01.dll -> C:\WINDOWS\System32\hpzids01.dll -> [2008/01/23 17:01:06 | 000,077,824 | R--- | C] ()
 HPHins08.dat -> C:\WINDOWS\HPHins08.dat -> [2008/01/23 16:53:56 | 000,080,172 | ---- | C] ()
 hphmdl08.dat -> C:\WINDOWS\hphmdl08.dat -> [2008/01/23 16:53:56 | 000,004,011 | ---- | C] ()
 systeminfo3.dll -> C:\WINDOWS\System32\systeminfo3.dll -> [2008/01/03 00:39:44 | 000,000,014 | ---- | C] ()
 ezpinst.exe -> C:\Documents and Settings\Steven\Application Data\ezpinst.exe -> [2008/01/03 00:39:14 | 000,081,920 | ---- | C] ()
 pcouffin.cat -> C:\Documents and Settings\Steven\Application Data\pcouffin.cat -> [2008/01/03 00:39:14 | 000,007,887 | ---- | C] ()
 pcouffin.inf -> C:\Documents and Settings\Steven\Application Data\pcouffin.inf -> [2008/01/03 00:39:14 | 000,001,144 | ---- | C] ()
 DMX.bmk -> C:\Documents and Settings\Steven\Application Data\DMX.bmk -> [2007/10/25 19:33:59 | 000,014,848 | ---- | C] ()
 PlugFile.dll -> C:\WINDOWS\System32\PlugFile.dll -> [2007/10/17 15:36:11 | 000,028,672 | ---- | C] ()
 Msvcrt10.dll -> C:\WINDOWS\System32\Msvcrt10.dll -> [2007/10/17 15:36:10 | 000,210,944 | ---- | C] ()
 checkip.dat -> C:\WINDOWS\checkip.dat -> [2007/09/19 12:57:34 | 000,001,084 | ---- | C] ()
 fusioncache.dat -> C:\Documents and Settings\Steven\Local Settings\Application Data\fusioncache.dat -> [2007/09/11 18:07:45 | 000,000,129 | ---- | C] ()
 SpoonUninstall.exe -> C:\WINDOWS\System32\SpoonUninstall.exe -> [2007/08/30 13:21:26 | 010,884,472 | ---- | C] ()
 rx_audio.Cache -> C:\Documents and Settings\Steven\Local Settings\Application Data\rx_audio.Cache -> [2007/08/18 21:00:41 | 001,553,596 | ---- | C] ()
 rx_image.Cache -> C:\Documents and Settings\Steven\Local Settings\Application Data\rx_image.Cache -> [2007/08/18 20:06:12 | 032,631,280 | ---- | C] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2007/08/18 19:55:02 | 000,001,114 | ---- | C] ()
 sfbm.INI -> C:\WINDOWS\sfbm.INI -> [2007/08/17 21:52:07 | 000,000,029 | ---- | C] ()
 sbwin.ini -> C:\WINDOWS\sbwin.ini -> [2007/08/16 13:07:59 | 000,000,070 | ---- | C] ()
 QTSBandwidthCache -> C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache -> [2007/07/30 09:09:46 | 000,001,755 | ---- | C] ()
 loc2.INI -> C:\WINDOWS\loc2.INI -> [2007/05/05 18:15:05 | 000,000,041 | ---- | C] ()
 FindServ.INI -> C:\WINDOWS\FindServ.INI -> [2007/05/05 18:15:01 | 000,000,041 | ---- | C] ()
 SA2004.ini -> C:\WINDOWS\SA2004.ini -> [2007/05/05 18:07:37 | 000,000,038 | ---- | C] ()
 NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2007/04/05 14:51:02 | 000,000,116 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2007/03/26 11:23:47 | 000,000,376 | ---- | C] ()
 MGIIpl2A6.dll -> C:\WINDOWS\System32\MGIIpl2A6.dll -> [2007/03/26 08:27:07 | 001,265,664 | ---- | C] ()
 PhotoSuite.ini -> C:\WINDOWS\PhotoSuite.ini -> [2007/03/26 08:27:07 | 000,000,002 | ---- | C] ()
 MGIIpl2PX.dll -> C:\WINDOWS\System32\MGIIpl2PX.dll -> [2007/03/26 08:26:53 | 001,064,960 | ---- | C] ()
 FPXLIB.DLL -> C:\WINDOWS\System32\FPXLIB.DLL -> [2007/03/26 08:26:53 | 000,332,800 | ---- | C] ()
 JPEGLIB.DLL -> C:\WINDOWS\System32\JPEGLIB.DLL -> [2007/03/26 08:26:53 | 000,122,880 | ---- | C] ()
 MGIIpl2.dll -> C:\WINDOWS\System32\MGIIpl2.dll -> [2007/03/26 08:26:53 | 000,020,480 | ---- | C] ()
 CPUINF32.DLL -> C:\WINDOWS\System32\CPUINF32.DLL -> [2007/03/26 08:26:53 | 000,019,968 | ---- | C] ()
 HOTAS.ini -> C:\WINDOWS\HOTAS.ini -> [2007/03/20 16:09:15 | 000,000,028 | ---- | C] ()
 unVHDDrvExe.exe -> C:\WINDOWS\System32\unVHDDrvExe.exe -> [2007/03/20 15:55:15 | 000,036,864 | ---- | C] ()
 inVHDDrvExe.exe -> C:\WINDOWS\System32\inVHDDrvExe.exe -> [2007/03/20 15:55:15 | 000,036,864 | ---- | C] ()
 nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2007/03/13 06:56:42 | 000,000,335 | ---- | C] ()
 mozver.dat -> C:\WINDOWS\mozver.dat -> [2007/03/13 06:56:27 | 000,006,420 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Steven\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2007/03/06 17:13:07 | 000,025,088 | ---- | C] ()
 OGACheckControl.DLL -> C:\WINDOWS\System32\OGACheckControl.DLL -> [2007/03/05 12:34:28 | 000,676,224 | ---- | C] ()
 patchw32.dll -> C:\WINDOWS\patchw32.dll -> [2007/03/03 19:29:39 | 000,205,824 | ---- | C] ()
 pw32a.dll -> C:\WINDOWS\pw32a.dll -> [2007/03/03 19:28:35 | 000,205,824 | ---- | C] ()
 pw32a.dll -> C:\WINDOWS\System32\pw32a.dll -> [2007/03/03 19:28:33 | 000,205,824 | ---- | C] ()
 gl.dll -> C:\WINDOWS\System32\gl.dll -> [2007/02/24 00:48:01 | 000,061,440 | ---- | C] ()
 e1.ini -> C:\WINDOWS\System32\e1.ini -> [2007/02/24 00:48:01 | 000,006,123 | ---- | C] ()
 ppsio2.sys -> C:\WINDOWS\System32\drivers\ppsio2.sys -> [2007/02/24 00:48:00 | 000,023,200 | ---- | C] ()
 PestPatrol5.INI -> C:\WINDOWS\PestPatrol5.INI -> [2007/01/31 16:32:27 | 000,000,000 | ---- | C] ()
 PciBus.sys -> C:\WINDOWS\System32\drivers\PciBus.sys -> [2007/01/30 15:15:03 | 000,003,972 | ---- | C] ()
 secupd.dat -> C:\WINDOWS\System32\secupd.dat -> [2007/01/18 22:35:15 | 000,004,569 | ---- | C] ()
 AsIO.dll -> C:\WINDOWS\System32\AsIO.dll -> [2007/01/12 19:44:11 | 000,024,576 | R--- | C] ()
 AsIO.sys -> C:\WINDOWS\System32\drivers\AsIO.sys -> [2007/01/12 19:44:11 | 000,005,685 | R--- | C] ()
 AsusSetup.ini -> C:\WINDOWS\System32\AsusSetup.ini -> [2007/01/12 16:37:56 | 000,000,709 | R--- | C] ()
 raidmgmt.ini -> C:\WINDOWS\System32\raidmgmt.ini -> [2007/01/12 16:37:56 | 000,000,263 | R--- | C] ()
 Ascd_log.ini -> C:\WINDOWS\Ascd_log.ini -> [2007/01/12 16:35:37 | 000,016,781 | ---- | C] ()
 Ascd_tmp.ini -> C:\WINDOWS\Ascd_tmp.ini -> [2007/01/12 16:35:22 | 000,016,602 | ---- | C] ()
 ASACPI.sys -> C:\WINDOWS\System32\drivers\ASACPI.sys -> [2007/01/12 16:35:22 | 000,005,810 | R--- | C] ()
 ASUSHWIO.SYS -> C:\WINDOWS\System32\drivers\ASUSHWIO.SYS -> [2007/01/12 16:35:16 | 000,010,288 | ---- | C] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2007/01/12 16:14:52 | 000,002,048 | --S- | C] ()
 emptyregdb.dat -> C:\WINDOWS\System32\emptyregdb.dat -> [2007/01/12 16:10:40 | 000,023,348 | ---- | C] ()
 ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2007/01/12 11:05:52 | 000,004,161 | ---- | C] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2007/01/12 11:05:12 | 000,373,672 | ---- | C] ()
 px.ini -> C:\WINDOWS\System32\px.ini -> [2006/08/15 14:58:40 | 000,000,000 | ---- | C] ()
 CddbPlaylist2Roxio.dll -> C:\WINDOWS\System32\CddbPlaylist2Roxio.dll -> [2006/08/09 03:19:50 | 000,520,192 | ---- | C] ()
 CddbFileTaggerRoxio.dll -> C:\WINDOWS\System32\CddbFileTaggerRoxio.dll -> [2006/08/09 03:19:50 | 000,204,800 | ---- | C] ()
 besch.exe -> C:\WINDOWS\System32\besch.exe -> [2006/08/09 00:00:00 | 000,045,056 | ---- | C] ()
 besched.dll -> C:\WINDOWS\System32\besched.dll -> [2006/08/09 00:00:00 | 000,028,672 | ---- | C] ()
 DivXsm.exe -> C:\WINDOWS\System32\DivXsm.exe -> [2005/07/15 13:36:35 | 000,524,288 | ---- | C] ()
 libeay32.dll -> C:\WINDOWS\System32\libeay32.dll -> [2005/07/15 13:35:56 | 000,831,488 | ---- | C] ()
 ssleay32.dll -> C:\WINDOWS\System32\ssleay32.dll -> [2005/07/15 13:35:56 | 000,159,744 | ---- | C] ()
 qt-dx331.dll -> C:\WINDOWS\System32\qt-dx331.dll -> [2005/07/15 13:35:24 | 003,596,288 | ---- | C] ()
 Ludap17.ini -> C:\WINDOWS\System32\Ludap17.ini -> [2005/07/07 04:26:56 | 000,005,663 | ---- | C] ()
 P17.dll -> C:\WINDOWS\System32\P17.dll -> [2005/05/03 06:38:42 | 000,064,512 | ---- | C] ()
 ctzapxx.ini -> C:\WINDOWS\System32\ctzapxx.ini -> [2005/03/08 01:17:08 | 000,000,075 | ---- | C] ()
 P17CPI.dll -> C:\WINDOWS\System32\P17CPI.dll -> [2003/10/02 17:48:18 | 000,053,248 | ---- | C] ()
 lockout.dll -> C:\WINDOWS\System32\lockout.dll -> [2003/10/02 00:00:00 | 000,208,896 | ---- | C] ()
 lockres.dll -> C:\WINDOWS\System32\lockres.dll -> [2003/10/02 00:00:00 | 000,045,056 | ---- | C] ()
 oembios.dat -> C:\WINDOWS\System32\oembios.dat -> [2003/07/16 11:48:28 | 000,004,594 | ---- | C] ()
 oembios.bin -> C:\WINDOWS\System32\oembios.bin -> [2003/07/16 11:48:27 | 013,107,200 | ---- | C] ()
 perfi009.dat -> C:\WINDOWS\System32\perfi009.dat -> [2003/07/16 11:35:07 | 000,272,128 | ---- | C] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2003/07/16 11:35:06 | 000,533,584 | ---- | C] ()
 perfd009.dat -> C:\WINDOWS\System32\perfd009.dat -> [2003/07/16 11:35:05 | 000,028,626 | ---- | C] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2003/07/16 11:35:03 | 000,101,044 | ---- | C] ()
 noise.dat -> C:\WINDOWS\System32\noise.dat -> [2003/07/16 11:33:18 | 000,000,741 | ---- | C] ()
 mlang.dat -> C:\WINDOWS\System32\mlang.dat -> [2003/07/16 11:28:25 | 000,673,088 | ---- | C] ()
 mib.bin -> C:\WINDOWS\System32\mib.bin -> [2003/07/16 11:28:14 | 000,046,258 | ---- | C] ()
 dssec.dat -> C:\WINDOWS\System32\dssec.dat -> [2003/07/16 11:21:49 | 000,218,003 | ---- | C] ()
 dcache.bin -> C:\WINDOWS\System32\dcache.bin -> [2003/07/16 11:20:48 | 000,001,804 | ---- | C] ()
 giveio.sys -> C:\WINDOWS\System32\giveio.sys -> [1996/04/03 14:33:26 | 000,005,248 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\All Users\Documents\Julie's Documents:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven\My Documents\CLC Documents:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven\My Documents\DD 214 1976.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven\My Documents\DD214 (1994).bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven\My Documents\Hubble_Deep_Field_location.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven\My Documents\Hubble_Deep_Field_observing_geometry.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven\My Documents\Hubble_Ultra_Deep_Field_Black_point_edit.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven\My Documents\HubbleDeepField_800px.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven\My Documents\MS Word Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven\My Documents\My Pictures:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven\My Documents\My Web:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven\My Documents\PDF Docs:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven\My Documents\Publisher Docs:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven\My Documents\Roxio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven\My Documents\SF15.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Steven\My Documents\VA Letter for Employment.bmp:Roxio EMC Stream
< End of report >
```


----------



## Cookiegal (Aug 27, 2003)

I apologize for not replying sooner. I didn't receive notification of your reply.

Do you still need assistance? I just wanted to make sure before going through the lengthy log.


----------



## Nightmare (Sep 23, 2004)

I think that this has done the trick. The only thing left would be the clean up and it is my understanding that these are independent programs that can be draged to the RB and do not have to be unloaded.

Everything seems to be working as it should and there has been no problems noted.


----------



## Cookiegal (Aug 27, 2003)

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.


```
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{10134636-E7AF-4AC5-A1DC-C7C44BB97D81}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15]
YN -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Reg Error: Key error.]
YN -> {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15]
YN -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15]
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> PFW -> Reg Error: Value error.
[Files/Folders - Modified Within 30 Days]
NY ->  3 C:\Documents and Settings\Steven\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Steven\Local Settings\temp\*.tmp
[Files - No Company Name]
NY ->  Ckejanarigap.dat -> C:\WINDOWS\Ckejanarigap.dat
NY ->  Wlubodas.bin -> C:\WINDOWS\Wlubodas.bin
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Start Explorer]
[Reboot]
```


----------



## Nightmare (Sep 23, 2004)

OTS log:

All Processes Killed
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW\ deleted successfully.
[Files/Folders - Modified Within 30 Days]
C:\Documents and Settings\Steven\Local Settings\temp\VGX40.tmp deleted successfully.
C:\Documents and Settings\Steven\Local Settings\temp\~DF7317.tmp deleted successfully.
C:\Documents and Settings\Steven\Local Settings\temp\~DF816A.tmp deleted successfully.
C:\Documents and Settings\Steven\Local Settings\temp\~DFC412.tmp deleted successfully.
[Files - No Company Name]
C:\WINDOWS\Ckejanarigap.dat moved successfully.
C:\WINDOWS\Wlubodas.bin moved successfully.
[Empty Temp Folders]

User: Admin

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 8208836 bytes
->Java cache emptied: 13 bytes
->Flash cache emptied: 13499 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7635078 bytes
->Java cache emptied: 4752 bytes
->Flash cache emptied: 13604 bytes

User: Steven
->Temp folder emptied: 69422877 bytes
->Temporary Internet Files folder emptied: 53518468 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1383 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3348582 bytes

Total Files Cleaned = 136.00 mb

[EMPTYFLASH]

User: Admin

User: Administrator

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Steven
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Admin

User: Administrator

User: All Users

User: Default User

User: LocalService
->Java cache emptied: 0 bytes

User: NetworkService
->Java cache emptied: 0 bytes

User: Steven
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.46.0 fix logfile created on 02222012_150933

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


----------



## Nightmare (Sep 23, 2004)

Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:18:41 PM, on 2/22/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baynews9.com/weather/klystron9?animate=hillsborough
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CA Anti-Phishing Toolbar Helper - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: CA Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\casc.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266880529093
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://www.gunbroker.com/WebResourc...ksu6ajL4Qvm6a-2VX8ROm8K0&t=634230999680000000
O16 - DPF: {DB31DA00-4F6F-4CC7-8627-C5A142E1FC7C} (SyncXfer Class) - http://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAAMSvc - CA - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32 Intelligent Application Manager (IAM) (clr_optimization_v2.0.50727_32 Intelligent Application Manager (IAM)) - Unknown owner - C:\WINDOWS\system32\acodel.exe (file missing)
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32lanmanserver (clr_optimization_v2.0.50727_32lanmanserver) - Unknown owner - C:\WINDOWS\system32\ALSndMgre.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: TM Engine (UmxEngine) - CA - C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe

--
End of file - 10197 bytes


----------



## Cookiegal (Aug 27, 2003)

Here are some final instructions for you.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there (the screenshot is just for illustration purposes but the actual command uses the entire word "uninstall" and not just the "u" as shown in the picture).










Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.


----------



## Nightmare (Sep 23, 2004)

I could not uninstall ComboFix so I just dragged it to the RB. Have done everything else recommended.

I would say that the problem has been solved.\


Thank you again Cookiegal for all of your assistance.


----------



## Cookiegal (Aug 27, 2003)

It was my pleasure.


----------

