PDA

View Full Version : Can't get rid of Smitfraud-C



Kingault
2012-03-17, 21:54
I have tried many things to get rid of this pest.
1) Installed Avira
2) Ran a pree-boot scan
3) Ran Spybot at least 5 times. No luck.
4) Did 2 System recoveries + 1 restore
5) Downloaded Smitfraudfix. Used it. It seemed to work when I ran Spybot.
6) Inserted flash drive to get backups.
7) Ran SB. It was back
8) Ran SFF again. No luck.
9) Ran it again. It didn't work, but crashed/turned off midprocess.
10) Swallowed any remaining dignity I had left.
11)Went to this forum and used ERUNT/DDS.

Any help would be appreciated.

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385
Run by Synusie at 15:45:29 on 2012-03-17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2530 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Nightly\firefox.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Synusie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{EADE7F15-8206-4992-A8CF-811AB3C87562} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Synusie\AppData\Roaming\Mozilla\Firefox\Profiles\mtzbz1lp.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-17 136176]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-3 92216]
S2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-17 13336]
S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-3-17 1819752]
S2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-17 1153368]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-17 2538520]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-17 136176]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2012-3-17 24176]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-17 19:10:33 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-17 18:49:57 20480 ----a-w- C:\Windows\svchost.exe
2012-03-17 18:39:56 -------- d-----w- C:\Users\Synusie\AppData\Local\ElevatedDiagnostics
2012-03-17 18:06:11 691 ----a-w- C:\Users\Synusie\AppData\Roaming\GetValue.vbs
2012-03-17 18:06:11 35 ----a-w- C:\Users\Synusie\AppData\Roaming\SetValue.bat
2012-03-17 18:05:17 564224 ----a-w- C:\Windows\System32\idt64mp1.exe
2012-03-17 18:05:17 524800 ----a-w- C:\Windows\sttray64.exe
2012-03-17 18:05:17 4594176 ----a-w- C:\Windows\System32\stlang64.dll
2012-03-17 18:05:17 438784 ----a-w- C:\Windows\System32\IDTNC64.cpl
2012-03-17 18:05:17 -------- d-----w- C:\Program Files\IDT
2012-03-17 17:43:29 -------- d-----w- C:\Users\Synusie\AppData\Roaming\ZumoDrive
2012-03-17 17:42:29 -------- d-----w- C:\Users\Synusie\AppData\Roaming\Roxio Log Files
2012-03-17 17:37:34 2672 ----a-w- C:\Windows\SysWow64\tmp.reg
2012-03-17 17:30:01 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-03-17 17:27:28 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-03-17 17:27:19 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-03-17 17:26:22 -------- d-----w- C:\Users\Synusie\AppData\Roaming\DAEMON Tools Lite
2012-03-17 17:26:20 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-03-17 17:12:53 -------- d-----w- C:\Users\Synusie\AppData\Local\Mozilla
2012-03-17 17:12:41 -------- d-----w- C:\Program Files\Nightly
2012-03-17 17:09:11 -------- d-----w- C:\Users\Synusie\AppData\Roaming\AVG2012
2012-03-17 17:07:59 -------- d--h--w- C:\ProgramData\Common Files
2012-03-17 17:07:51 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-03-17 17:07:43 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-03-17 17:07:43 -------- d-----w- C:\ProgramData\AVG2012
2012-03-17 17:06:59 -------- d-----w- C:\Program Files (x86)\AVG
2012-03-17 17:05:33 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-17 17:05:33 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-17 17:04:23 -------- d-----w- C:\Program Files\PeerBlock
2012-03-17 17:03:55 -------- d-----w- C:\Program Files\CCleaner
2012-03-17 17:02:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-17 17:02:59 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-17 17:02:59 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-17 17:02:59 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-17 17:02:59 -------- d-----w- C:\ProgramData\MFAData
2012-03-17 17:02:58 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-17 17:02:58 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-17 17:02:58 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-17 17:02:25 -------- d-----w- C:\Users\Synusie\AppData\Local\Google
2012-03-17 16:55:58 -------- d-----w- C:\Users\Synusie\AppData\Roaming\PictureMover
2012-03-17 16:55:06 -------- d-----w- C:\Users\Synusie\AppData\Roaming\Intel Corporation
2012-03-17 16:55:04 -------- d-----w- C:\Users\Synusie\AppData\Roaming\hpqLog
2012-03-17 16:54:57 -------- d-----w- C:\Users\Synusie\AppData\Roaming\Synaptics
2012-03-17 16:54:11 -------- d-----w- C:\Users\Synusie\AppData\Local\RemEngine
2012-03-17 16:52:39 -------- d-----w- C:\Users\Synusie\AppData\Local\Hewlett-Packard
2012-03-17 16:52:23 -------- d-----w- C:\Users\Synusie\AppData\Local\Hewlett-Packard_Company
.
==================== Find3M ====================
.
2012-03-17 19:13:40 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 15:45:54.35 ===============

Sorry, I meant that I installed Avast, not Avira.

Blade81
2012-03-18, 17:23
Hi,

1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

Kingault
2012-03-18, 17:55
I'm not sure if this is related to Smitfraud-C, but all of my google searches led to redirects. Also, I am unable to enter safemode, probably due to the same thing.
Also, could Smitfraud-C infect any flash/USB drives as well?

Here's the log from TDSS Killer:

11:50:34.0722 4280 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
11:50:35.0243 4280 ============================================================
11:50:35.0243 4280 Current date / time: 2012/03/18 11:50:35.0243
11:50:35.0243 4280 SystemInfo:
11:50:35.0243 4280
11:50:35.0243 4280 OS Version: 6.1.7600 ServicePack: 0.0
11:50:35.0243 4280 Product type: Workstation
11:50:35.0244 4280 ComputerName: SYNUSIE-HP
11:50:35.0244 4280 UserName: Synusie
11:50:35.0244 4280 Windows directory: C:\Windows
11:50:35.0244 4280 System windows directory: C:\Windows
11:50:35.0244 4280 Running under WOW64
11:50:35.0244 4280 Processor architecture: Intel x64
11:50:35.0244 4280 Number of processors: 4
11:50:35.0244 4280 Page size: 0x1000
11:50:35.0244 4280 Boot type: Normal boot
11:50:35.0244 4280 ============================================================
11:50:35.0962 4280 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:50:35.0968 4280 \Device\Harddisk0\DR0:
11:50:35.0968 4280 MBR used
11:50:35.0968 4280 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
11:50:35.0968 4280 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38524800
11:50:35.0968 4280 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38588800, BlocksNum 0x1DC9800
11:50:35.0968 4280 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
11:50:36.0633 4280 Initialize success
11:50:36.0633 4280 ============================================================
11:50:42.0550 0916 ============================================================
11:50:42.0550 0916 Scan started
11:50:42.0550 0916 Mode: Manual;
11:50:42.0550 0916 ============================================================
11:50:46.0119 0916 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
11:50:46.0128 0916 1394ohci - ok
11:50:46.0903 0916 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
11:50:46.0905 0916 ACPI - ok
11:50:47.0669 0916 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
11:50:47.0676 0916 AcpiPmi - ok
11:50:48.0406 0916 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:50:48.0417 0916 adp94xx - ok
11:50:49.0563 0916 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:50:49.0577 0916 adpahci - ok
11:50:50.0431 0916 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:50:50.0446 0916 adpu320 - ok
11:50:51.0366 0916 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
11:50:51.0371 0916 AFD - ok
11:50:52.0058 0916 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
11:50:52.0073 0916 agp440 - ok
11:50:52.0762 0916 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
11:50:52.0778 0916 aliide - ok
11:50:53.0291 0916 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
11:50:53.0304 0916 amdide - ok
11:50:54.0030 0916 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:50:54.0037 0916 AmdK8 - ok
11:50:54.0968 0916 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:50:54.0976 0916 AmdPPM - ok
11:50:55.0580 0916 amdsata (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys
11:50:55.0592 0916 amdsata - ok
11:50:56.0220 0916 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:50:56.0230 0916 amdsbs - ok
11:50:56.0824 0916 amdxata (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys
11:50:56.0824 0916 amdxata - ok
11:50:57.0562 0916 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
11:50:57.0575 0916 AppID - ok
11:50:58.0202 0916 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:50:58.0212 0916 arc - ok
11:50:59.0185 0916 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:50:59.0197 0916 arcsas - ok
11:50:59.0954 0916 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
11:50:59.0955 0916 aswMonFlt - ok
11:51:00.0616 0916 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:51:00.0686 0916 AsyncMac - ok
11:51:01.0288 0916 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
11:51:01.0289 0916 atapi - ok
11:51:02.0206 0916 athr (e8e1ae3caa4c7286d40715336d8a11d4) C:\Windows\system32\DRIVERS\athrx.sys
11:51:02.0409 0916 athr - ok
11:51:03.0531 0916 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
11:51:03.0533 0916 AVGIDSDriver - ok
11:51:04.0099 0916 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
11:51:04.0100 0916 AVGIDSEH - ok
11:51:04.0904 0916 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
11:51:04.0905 0916 AVGIDSFilter - ok
11:51:05.0788 0916 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
11:51:05.0805 0916 Avgldx64 - ok
11:51:06.0427 0916 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
11:51:06.0434 0916 Avgmfx64 - ok
11:51:07.0130 0916 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
11:51:07.0131 0916 Avgrkx64 - ok
11:51:07.0797 0916 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
11:51:07.0809 0916 Avgtdia - ok
11:51:08.0407 0916 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:51:08.0419 0916 b06bdrv - ok
11:51:09.0169 0916 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:51:09.0202 0916 b57nd60a - ok
11:51:09.0740 0916 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:51:09.0751 0916 Beep - ok
11:51:10.0358 0916 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:51:10.0370 0916 blbdrive - ok
11:51:11.0068 0916 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
11:51:11.0074 0916 bowser - ok
11:51:11.0636 0916 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:51:11.0642 0916 BrFiltLo - ok
11:51:12.0307 0916 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:51:12.0317 0916 BrFiltUp - ok
11:51:12.0792 0916 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:51:12.0801 0916 Brserid - ok
11:51:13.0123 0916 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:51:13.0147 0916 BrSerWdm - ok
11:51:13.0486 0916 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:51:13.0496 0916 BrUsbMdm - ok
11:51:13.0828 0916 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:51:13.0840 0916 BrUsbSer - ok
11:51:14.0171 0916 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:51:14.0177 0916 BTHMODEM - ok
11:51:14.0681 0916 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:51:14.0696 0916 cdfs - ok
11:51:15.0049 0916 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
11:51:15.0053 0916 cdrom - ok
11:51:15.0402 0916 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:51:15.0412 0916 circlass - ok
11:51:15.0799 0916 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:51:15.0802 0916 CLFS - ok
11:51:16.0186 0916 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
11:51:16.0214 0916 clwvd - ok
11:51:16.0581 0916 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:51:16.0594 0916 CmBatt - ok
11:51:16.0924 0916 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
11:51:16.0935 0916 cmdide - ok
11:51:17.0269 0916 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
11:51:17.0277 0916 CNG - ok
11:51:17.0839 0916 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:51:17.0839 0916 Compbatt - ok
11:51:18.0456 0916 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:51:18.0463 0916 CompositeBus - ok
11:51:19.0029 0916 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:51:19.0044 0916 crcdisk - ok
11:51:19.0417 0916 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
11:51:19.0421 0916 DfsC - ok
11:51:19.0770 0916 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:51:19.0771 0916 discache - ok
11:51:20.0126 0916 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:51:20.0128 0916 Disk - ok
11:51:20.0471 0916 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:51:20.0483 0916 drmkaud - ok
11:51:20.0827 0916 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:51:20.0830 0916 dtsoftbus01 - ok
11:51:21.0161 0916 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
11:51:21.0182 0916 DXGKrnl - ok
11:51:21.0550 0916 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:51:21.0582 0916 ebdrv - ok
11:51:21.0964 0916 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:51:21.0978 0916 elxstor - ok
11:51:22.0290 0916 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
11:51:22.0302 0916 ErrDev - ok
11:51:22.0644 0916 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:51:22.0664 0916 exfat - ok
11:51:22.0989 0916 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:51:23.0002 0916 fastfat - ok
11:51:23.0320 0916 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:51:23.0327 0916 fdc - ok
11:51:23.0675 0916 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:51:23.0676 0916 FileInfo - ok
11:51:24.0005 0916 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:51:24.0008 0916 Filetrace - ok
11:51:24.0303 0916 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:51:24.0315 0916 flpydisk - ok
11:51:24.0620 0916 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
11:51:24.0630 0916 FltMgr - ok
11:51:24.0938 0916 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:51:24.0941 0916 FsDepends - ok
11:51:25.0270 0916 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:51:25.0271 0916 Fs_Rec - ok
11:51:25.0605 0916 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
11:51:25.0607 0916 fvevol - ok
11:51:25.0998 0916 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:51:26.0006 0916 gagp30kx - ok
11:51:26.0383 0916 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:51:26.0395 0916 hcw85cir - ok
11:51:26.0739 0916 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
11:51:26.0760 0916 HdAudAddService - ok
11:51:27.0088 0916 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:51:27.0089 0916 HDAudBus - ok
11:51:27.0443 0916 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
11:51:27.0470 0916 HECIx64 - ok
11:51:27.0784 0916 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:51:27.0792 0916 HidBatt - ok
11:51:28.0106 0916 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:51:28.0114 0916 HidBth - ok
11:51:28.0725 0916 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:51:28.0735 0916 HidIr - ok
11:51:29.0113 0916 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
11:51:29.0115 0916 HidUsb - ok
11:51:29.0567 0916 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
11:51:29.0575 0916 HpSAMD - ok
11:51:29.0946 0916 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
11:51:29.0969 0916 HTTP - ok
11:51:30.0292 0916 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
11:51:30.0293 0916 hwpolicy - ok
11:51:30.0834 0916 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:51:30.0844 0916 i8042prt - ok
11:51:31.0200 0916 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
11:51:31.0202 0916 iaStor - ok
11:51:31.0622 0916 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys
11:51:31.0632 0916 iaStorV - ok
11:51:32.0245 0916 igfx (0ac9e321d604be48a0d72b69ba484bdc) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:51:32.0595 0916 igfx - ok
11:51:33.0037 0916 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:51:33.0048 0916 iirsp - ok
11:51:33.0398 0916 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
11:51:33.0415 0916 Impcd - ok
11:51:33.0773 0916 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
11:51:33.0797 0916 IntcDAud - ok
11:51:34.0248 0916 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
11:51:34.0255 0916 intelide - ok
11:51:34.0833 0916 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:51:34.0835 0916 intelppm - ok
11:51:35.0187 0916 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:51:35.0207 0916 IpFilterDriver - ok
11:51:35.0552 0916 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:51:35.0564 0916 IPMIDRV - ok
11:51:35.0875 0916 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:51:35.0890 0916 IPNAT - ok
11:51:36.0216 0916 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:51:36.0218 0916 IRENUM - ok
11:51:36.0656 0916 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
11:51:36.0670 0916 isapnp - ok
11:51:36.0994 0916 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
11:51:37.0002 0916 iScsiPrt - ok
11:51:37.0321 0916 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:51:37.0335 0916 kbdclass - ok
11:51:37.0648 0916 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
11:51:37.0656 0916 kbdhid - ok
11:51:37.0973 0916 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
11:51:37.0975 0916 KSecDD - ok
11:51:38.0301 0916 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
11:51:38.0303 0916 KSecPkg - ok
11:51:38.0625 0916 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:51:38.0638 0916 ksthunk - ok
11:51:38.0989 0916 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:51:38.0991 0916 lltdio - ok
11:51:39.0366 0916 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:51:39.0375 0916 LSI_FC - ok
11:51:39.0754 0916 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:51:39.0761 0916 LSI_SAS - ok
11:51:40.0118 0916 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:51:40.0127 0916 LSI_SAS2 - ok
11:51:40.0660 0916 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:51:40.0670 0916 LSI_SCSI - ok
11:51:41.0084 0916 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:51:41.0085 0916 luafv - ok
11:51:41.0414 0916 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:51:41.0440 0916 megasas - ok
11:51:41.0786 0916 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:51:41.0808 0916 MegaSR - ok
11:51:42.0116 0916 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:51:42.0134 0916 Modem - ok
11:51:42.0722 0916 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:51:42.0723 0916 monitor - ok
11:51:43.0050 0916 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:51:43.0061 0916 mouclass - ok
11:51:43.0492 0916 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:51:43.0495 0916 mouhid - ok
11:51:43.0948 0916 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
11:51:43.0949 0916 mountmgr - ok
11:51:44.0326 0916 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
11:51:44.0338 0916 mpio - ok
11:51:45.0042 0916 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:51:45.0045 0916 mpsdrv - ok
11:51:45.0383 0916 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
11:51:45.0418 0916 MRxDAV - ok
11:51:46.0020 0916 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:51:46.0025 0916 mrxsmb - ok
11:51:46.0385 0916 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:51:46.0390 0916 mrxsmb10 - ok
11:51:47.0337 0916 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:51:47.0341 0916 mrxsmb20 - ok
11:51:47.0885 0916 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys
11:51:47.0886 0916 msahci - ok
11:51:48.0378 0916 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
11:51:48.0396 0916 msdsm - ok
11:51:49.0192 0916 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:51:49.0208 0916 Msfs - ok
11:51:49.0601 0916 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:51:49.0602 0916 mshidkmdf - ok
11:51:49.0908 0916 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
11:51:49.0909 0916 msisadrv - ok
11:51:50.0387 0916 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:51:50.0396 0916 MSKSSRV - ok
11:51:51.0125 0916 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:51:51.0135 0916 MSPCLOCK - ok
11:51:51.0466 0916 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:51:51.0475 0916 MSPQM - ok
11:51:51.0818 0916 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
11:51:51.0824 0916 MsRPC - ok
11:51:52.0213 0916 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:51:52.0214 0916 mssmbios - ok
11:51:52.0940 0916 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:51:52.0948 0916 MSTEE - ok
11:51:53.0302 0916 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:51:53.0312 0916 MTConfig - ok
11:51:53.0699 0916 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:51:53.0700 0916 Mup - ok
11:51:54.0027 0916 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:51:54.0031 0916 NativeWifiP - ok
11:51:54.0382 0916 NDIS (a3151b3463eea7e47f618f115d0d142e) C:\Windows\system32\drivers\ndis.sys
11:51:54.0389 0916 NDIS - ok
11:51:55.0308 0916 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:51:55.0317 0916 NdisCap - ok
11:51:55.0694 0916 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:51:55.0709 0916 NdisTapi - ok
11:51:56.0058 0916 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
11:51:56.0060 0916 Ndisuio - ok
11:51:56.0766 0916 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:51:56.0792 0916 NdisWan - ok
11:51:57.0208 0916 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
11:51:57.0250 0916 NDProxy - ok
11:51:57.0583 0916 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:51:57.0598 0916 NetBIOS - ok
11:51:57.0921 0916 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
11:51:57.0925 0916 NetBT - ok
11:51:58.0365 0916 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
11:51:58.0726 0916 netw5v64 - ok
11:51:59.0575 0916 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:51:59.0595 0916 nfrd960 - ok
11:51:59.0928 0916 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:51:59.0941 0916 Npfs - ok
11:52:00.0336 0916 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:52:00.0338 0916 nsiproxy - ok
11:52:00.0680 0916 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys
11:52:00.0724 0916 Ntfs - ok
11:52:01.0104 0916 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:52:01.0112 0916 Null - ok
11:52:01.0525 0916 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys
11:52:01.0558 0916 nvraid - ok
11:52:01.0893 0916 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys
11:52:01.0908 0916 nvstor - ok
11:52:02.0343 0916 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
11:52:02.0368 0916 nv_agp - ok
11:52:03.0263 0916 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
11:52:03.0272 0916 ohci1394 - ok
11:52:03.0598 0916 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:52:03.0609 0916 Parport - ok
11:52:03.0991 0916 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
11:52:03.0992 0916 partmgr - ok
11:52:04.0300 0916 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
11:52:04.0302 0916 pci - ok
11:52:05.0277 0916 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
11:52:05.0286 0916 pciide - ok
11:52:05.0606 0916 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:52:05.0626 0916 pcmcia - ok
11:52:05.0934 0916 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:52:05.0936 0916 pcw - ok
11:52:06.0263 0916 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:52:06.0273 0916 PEAUTH - ok
11:52:06.0942 0916 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
11:52:06.0955 0916 PptpMiniport - ok
11:52:07.0390 0916 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:52:07.0398 0916 Processor - ok
11:52:07.0778 0916 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
11:52:07.0781 0916 Psched - ok
11:52:08.0159 0916 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:52:08.0182 0916 ql2300 - ok
11:52:08.0629 0916 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:52:08.0640 0916 ql40xx - ok
11:52:09.0004 0916 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:52:09.0005 0916 QWAVEdrv - ok
11:52:09.0323 0916 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:52:09.0338 0916 RasAcd - ok
11:52:09.0667 0916 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:52:09.0719 0916 RasAgileVpn - ok
11:52:10.0075 0916 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:52:10.0118 0916 Rasl2tp - ok
11:52:10.0649 0916 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:52:10.0662 0916 RasPppoe - ok
11:52:11.0037 0916 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:52:11.0058 0916 RasSstp - ok
11:52:11.0795 0916 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
11:52:11.0861 0916 rdbss - ok
11:52:12.0564 0916 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:52:12.0571 0916 rdpbus - ok
11:52:13.0224 0916 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:52:13.0225 0916 RDPCDD - ok
11:52:14.0204 0916 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:52:16.0338 0916 RDPENCDD - ok
11:52:16.0835 0916 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:52:16.0836 0916 RDPREFMP - ok
11:52:17.0312 0916 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
11:52:17.0384 0916 RDPWD - ok
11:52:18.0085 0916 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
11:52:18.0086 0916 rdyboost - ok
11:52:18.0722 0916 RSPCIESTOR (739583523c1b359d90dfc286d4eded89) C:\Windows\system32\DRIVERS\RtsPStor.sys
11:52:18.0724 0916 RSPCIESTOR - ok
11:52:19.0575 0916 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:52:19.0582 0916 rspndr - ok
11:52:20.0208 0916 RTL8167 (2777226ee8bf50b059d7a7c90177e99c) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:52:20.0267 0916 RTL8167 - ok
11:52:20.0788 0916 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
11:52:20.0802 0916 sbp2port - ok
11:52:21.0371 0916 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
11:52:21.0376 0916 scfilter - ok
11:52:21.0885 0916 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
11:52:21.0899 0916 sdbus - ok
11:52:22.0370 0916 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:52:22.0373 0916 secdrv - ok
11:52:22.0920 0916 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:52:22.0932 0916 Serenum - ok
11:52:23.0407 0916 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:52:23.0416 0916 Serial - ok
11:52:23.0891 0916 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:52:23.0898 0916 sermouse - ok
11:52:24.0276 0916 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
11:52:24.0285 0916 sffdisk - ok
11:52:24.0915 0916 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:52:24.0922 0916 sffp_mmc - ok
11:52:25.0391 0916 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:52:25.0398 0916 sffp_sd - ok
11:52:25.0918 0916 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:52:25.0930 0916 sfloppy - ok
11:52:26.0454 0916 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:52:26.0464 0916 SiSRaid2 - ok
11:52:26.0999 0916 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:52:27.0011 0916 SiSRaid4 - ok
11:52:27.0551 0916 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:52:27.0563 0916 Smb - ok
11:52:28.0092 0916 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:52:28.0093 0916 spldr - ok
11:52:28.0856 0916 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
11:52:28.0887 0916 srv - ok
11:52:29.0525 0916 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
11:52:29.0531 0916 srv2 - ok
11:52:30.0114 0916 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:52:30.0144 0916 SrvHsfHDA - ok
11:52:31.0038 0916 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:52:31.0130 0916 SrvHsfV92 - ok
11:52:31.0586 0916 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:52:31.0620 0916 SrvHsfWinac - ok
11:52:32.0086 0916 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
11:52:32.0097 0916 srvnet - ok
11:52:32.0836 0916 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:52:32.0843 0916 stexstor - ok
11:52:33.0374 0916 STHDA (0aad250a31a7ee96e0945ab9e1f3baa7) C:\Windows\system32\DRIVERS\stwrt64.sys
11:52:33.0430 0916 STHDA - ok
11:52:33.0831 0916 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:52:33.0842 0916 swenum - ok
11:52:34.0718 0916 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
11:52:34.0737 0916 SynTP - ok
11:52:35.0422 0916 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
11:52:35.0444 0916 Tcpip - ok
11:52:36.0079 0916 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
11:52:36.0097 0916 TCPIP6 - ok
11:52:36.0617 0916 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
11:52:36.0619 0916 tcpipreg - ok
11:52:37.0223 0916 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:52:37.0237 0916 TDPIPE - ok
11:52:37.0766 0916 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
11:52:37.0776 0916 TDTCP - ok
11:52:38.0381 0916 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
11:52:38.0401 0916 tdx - ok
11:52:39.0142 0916 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
11:52:39.0154 0916 TermDD - ok
11:52:40.0155 0916 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:52:40.0160 0916 tssecsrv - ok
11:52:40.0829 0916 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
11:52:40.0844 0916 tunnel - ok
11:52:41.0292 0916 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:52:41.0315 0916 uagp35 - ok
11:52:41.0854 0916 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
11:52:41.0871 0916 udfs - ok
11:52:42.0685 0916 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
11:52:42.0694 0916 uliagpkx - ok
11:52:43.0346 0916 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
11:52:43.0361 0916 umbus - ok
11:52:43.0907 0916 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:52:43.0914 0916 UmPass - ok
11:52:44.0362 0916 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
11:52:44.0366 0916 usbccgp - ok
11:52:45.0013 0916 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
11:52:45.0020 0916 usbcir - ok
11:52:45.0618 0916 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
11:52:45.0633 0916 usbehci - ok
11:52:46.0087 0916 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
11:52:46.0103 0916 usbhub - ok
11:52:46.0747 0916 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
11:52:46.0754 0916 usbohci - ok
11:52:47.0216 0916 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:52:47.0231 0916 usbprint - ok
11:52:47.0725 0916 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:52:47.0741 0916 USBSTOR - ok
11:52:48.0155 0916 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:52:48.0162 0916 usbuhci - ok
11:52:48.0778 0916 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
11:52:48.0789 0916 usbvideo - ok
11:52:49.0324 0916 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
11:52:49.0325 0916 vdrvroot - ok
11:52:49.0930 0916 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:52:49.0944 0916 vga - ok
11:52:50.0425 0916 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:52:50.0433 0916 VgaSave - ok
11:52:50.0926 0916 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
11:52:50.0938 0916 vhdmp - ok
11:52:51.0509 0916 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
11:52:51.0522 0916 viaide - ok
11:52:52.0297 0916 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
11:52:52.0298 0916 volmgr - ok
11:52:53.0207 0916 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
11:52:53.0210 0916 volmgrx - ok
11:52:54.0088 0916 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
11:52:54.0090 0916 volsnap - ok
11:52:54.0848 0916 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:52:54.0858 0916 vsmraid - ok
11:52:55.0461 0916 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:52:55.0472 0916 vwifibus - ok
11:52:56.0288 0916 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:52:56.0299 0916 vwififlt - ok
11:52:57.0037 0916 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:52:57.0048 0916 WacomPen - ok
11:52:57.0447 0916 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:52:57.0474 0916 WANARP - ok
11:52:57.0493 0916 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:52:57.0494 0916 Wanarpv6 - ok
11:52:57.0943 0916 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:52:57.0950 0916 Wd - ok
11:52:58.0363 0916 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:52:58.0368 0916 Wdf01000 - ok
11:52:59.0020 0916 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:52:59.0035 0916 WfpLwf - ok
11:52:59.0504 0916 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:52:59.0518 0916 WIMMount - ok
11:53:00.0000 0916 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:53:00.0001 0916 WmiAcpi - ok
11:53:00.0860 0916 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:53:00.0861 0916 ws2ifsl - ok
11:53:01.0556 0916 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
11:53:01.0582 0916 WudfPf - ok
11:53:02.0029 0916 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
11:53:02.0060 0916 yukonw7 - ok
11:53:02.0078 0916 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
11:53:02.0114 0916 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
11:53:02.0114 0916 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
11:53:02.0151 0916 Boot (0x1200) (373fead99043e0ecc5826f3897f98b83) \Device\Harddisk0\DR0\Partition0
11:53:02.0156 0916 \Device\Harddisk0\DR0\Partition0 - ok
11:53:02.0208 0916 Boot (0x1200) (ad980033fac9a9ec440a4616ee0ed805) \Device\Harddisk0\DR0\Partition1
11:53:02.0211 0916 \Device\Harddisk0\DR0\Partition1 - ok
11:53:02.0244 0916 Boot (0x1200) (b2c600c0bd6705bb8721fa3d3f542103) \Device\Harddisk0\DR0\Partition2
11:53:02.0247 0916 \Device\Harddisk0\DR0\Partition2 - ok
11:53:02.0312 0916 Boot (0x1200) (dadc6f3b48a33fe0063b6dcfb5b8b3c6) \Device\Harddisk0\DR0\Partition3
11:53:02.0320 0916 \Device\Harddisk0\DR0\Partition3 - ok
11:53:02.0321 0916 ============================================================
11:53:02.0321 0916 Scan finished
11:53:02.0321 0916 ============================================================
11:53:02.0332 4756 Detected object count: 1
11:53:02.0332 4756 Actual detected object count: 1
11:53:16.0084 4756 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
11:53:16.0084 4756 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip

Blade81
2012-03-18, 18:38
Hi,

Yes, those symptoms are infection related.


Also, could Smitfraud-C infect any flash/USB drives as well?
Unless there're some other infections on board then external drives should be ok.

Anyway, please run TDSSKiller again using cure option this time. Post back the log + fresh dds.txt log.

Kingault
2012-03-18, 18:51
Done. Google started working properly, so I'm guessing that it worked.
I'm not sure if you want the new Attach.zip or not, so I attached it in case you did.

TDSS:
12:39:30.0461 2156 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
12:39:31.0288 2156 ============================================================
12:39:31.0288 2156 Current date / time: 2012/03/18 12:39:31.0288
12:39:31.0288 2156 SystemInfo:
12:39:31.0288 2156
12:39:31.0288 2156 OS Version: 6.1.7600 ServicePack: 0.0
12:39:31.0288 2156 Product type: Workstation
12:39:31.0288 2156 ComputerName: SYNUSIE-HP
12:39:31.0288 2156 UserName: Synusie
12:39:31.0288 2156 Windows directory: C:\Windows
12:39:31.0288 2156 System windows directory: C:\Windows
12:39:31.0288 2156 Running under WOW64
12:39:31.0288 2156 Processor architecture: Intel x64
12:39:31.0288 2156 Number of processors: 4
12:39:31.0288 2156 Page size: 0x1000
12:39:31.0288 2156 Boot type: Normal boot
12:39:31.0288 2156 ============================================================
12:39:40.0882 2156 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:39:40.0897 2156 \Device\Harddisk0\DR0:
12:39:40.0897 2156 MBR used
12:39:40.0897 2156 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
12:39:40.0897 2156 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38524800
12:39:40.0897 2156 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38588800, BlocksNum 0x1DC9800
12:39:40.0897 2156 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
12:39:42.0208 2156 Initialize success
12:39:42.0208 2156 ============================================================
12:39:45.0452 1196 ============================================================
12:39:45.0452 1196 Scan started
12:39:45.0452 1196 Mode: Manual;
12:39:45.0452 1196 ============================================================
12:39:49.0852 1196 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
12:39:49.0852 1196 1394ohci - ok
12:39:51.0037 1196 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
12:39:51.0037 1196 ACPI - ok
12:39:51.0724 1196 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
12:39:51.0724 1196 AcpiPmi - ok
12:39:52.0738 1196 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:39:52.0738 1196 adp94xx - ok
12:39:53.0408 1196 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:39:53.0408 1196 adpahci - ok
12:39:54.0251 1196 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:39:54.0251 1196 adpu320 - ok
12:39:55.0078 1196 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
12:39:55.0078 1196 AFD - ok
12:39:55.0702 1196 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
12:39:55.0717 1196 agp440 - ok
12:39:56.0341 1196 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
12:39:56.0341 1196 aliide - ok
12:39:57.0059 1196 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
12:39:57.0059 1196 amdide - ok
12:39:57.0558 1196 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:39:57.0558 1196 AmdK8 - ok
12:39:58.0198 1196 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:39:58.0198 1196 AmdPPM - ok
12:39:59.0102 1196 amdsata (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys
12:39:59.0102 1196 amdsata - ok
12:39:59.0789 1196 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:39:59.0789 1196 amdsbs - ok
12:40:00.0288 1196 amdxata (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys
12:40:00.0288 1196 amdxata - ok
12:40:01.0052 1196 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
12:40:01.0068 1196 AppID - ok
12:40:01.0645 1196 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:40:01.0645 1196 arc - ok
12:40:02.0238 1196 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:40:02.0238 1196 arcsas - ok
12:40:03.0049 1196 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
12:40:03.0049 1196 aswMonFlt - ok
12:40:03.0595 1196 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:40:03.0611 1196 AsyncMac - ok
12:40:04.0079 1196 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
12:40:04.0079 1196 atapi - ok
12:40:05.0280 1196 athr (e8e1ae3caa4c7286d40715336d8a11d4) C:\Windows\system32\DRIVERS\athrx.sys
12:40:05.0374 1196 athr - ok
12:40:05.0935 1196 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
12:40:05.0935 1196 AVGIDSDriver - ok
12:40:06.0731 1196 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
12:40:06.0746 1196 AVGIDSEH - ok
12:40:07.0823 1196 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
12:40:07.0823 1196 AVGIDSFilter - ok
12:40:08.0462 1196 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
12:40:08.0462 1196 Avgldx64 - ok
12:40:09.0445 1196 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
12:40:09.0445 1196 Avgmfx64 - ok
12:40:10.0194 1196 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
12:40:10.0194 1196 Avgrkx64 - ok
12:40:11.0458 1196 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
12:40:11.0458 1196 Avgtdia - ok
12:40:12.0175 1196 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:40:12.0175 1196 b06bdrv - ok
12:40:13.0049 1196 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:40:13.0064 1196 b57nd60a - ok
12:40:13.0798 1196 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:40:13.0798 1196 Beep - ok
12:40:14.0531 1196 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:40:14.0531 1196 blbdrive - ok
12:40:15.0248 1196 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
12:40:15.0248 1196 bowser - ok
12:40:15.0904 1196 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:40:15.0904 1196 BrFiltLo - ok
12:40:16.0574 1196 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:40:16.0574 1196 BrFiltUp - ok
12:40:17.0339 1196 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:40:17.0339 1196 Brserid - ok
12:40:17.0978 1196 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:40:17.0978 1196 BrSerWdm - ok
12:40:18.0712 1196 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:40:18.0712 1196 BrUsbMdm - ok
12:40:19.0429 1196 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:40:19.0429 1196 BrUsbSer - ok
12:40:20.0147 1196 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:40:20.0147 1196 BTHMODEM - ok
12:40:21.0098 1196 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:40:21.0098 1196 cdfs - ok
12:40:21.0598 1196 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
12:40:21.0613 1196 cdrom - ok
12:40:22.0284 1196 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:40:22.0284 1196 circlass - ok
12:40:23.0080 1196 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:40:23.0095 1196 CLFS - ok
12:40:23.0688 1196 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
12:40:23.0688 1196 clwvd - ok
12:40:24.0203 1196 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:40:24.0203 1196 CmBatt - ok
12:40:24.0920 1196 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
12:40:24.0920 1196 cmdide - ok
12:40:25.0872 1196 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
12:40:25.0872 1196 CNG - ok
12:40:26.0683 1196 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:40:26.0683 1196 Compbatt - ok
12:40:27.0354 1196 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:40:27.0354 1196 CompositeBus - ok
12:40:28.0025 1196 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:40:28.0025 1196 crcdisk - ok
12:40:28.0898 1196 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
12:40:28.0898 1196 DfsC - ok
12:40:29.0522 1196 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:40:29.0522 1196 discache - ok
12:40:30.0146 1196 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:40:30.0146 1196 Disk - ok
12:40:30.0833 1196 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:40:30.0848 1196 drmkaud - ok
12:40:31.0426 1196 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:40:31.0426 1196 dtsoftbus01 - ok
12:40:32.0018 1196 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
12:40:32.0034 1196 DXGKrnl - ok
12:40:32.0939 1196 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:40:32.0970 1196 ebdrv - ok
12:40:33.0625 1196 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:40:33.0625 1196 elxstor - ok
12:40:34.0124 1196 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
12:40:34.0124 1196 ErrDev - ok
12:40:34.0780 1196 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:40:34.0780 1196 exfat - ok
12:40:35.0326 1196 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:40:35.0341 1196 fastfat - ok
12:40:35.0934 1196 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:40:35.0950 1196 fdc - ok
12:40:36.0558 1196 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:40:36.0558 1196 FileInfo - ok
12:40:37.0104 1196 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:40:37.0120 1196 Filetrace - ok
12:40:37.0790 1196 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:40:37.0790 1196 flpydisk - ok
12:40:38.0726 1196 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
12:40:38.0726 1196 FltMgr - ok
12:40:39.0319 1196 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:40:39.0319 1196 FsDepends - ok
12:40:40.0208 1196 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:40:40.0208 1196 Fs_Rec - ok
12:40:41.0004 1196 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
12:40:41.0004 1196 fvevol - ok
12:40:41.0597 1196 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:40:41.0597 1196 gagp30kx - ok
12:40:42.0252 1196 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:40:42.0252 1196 hcw85cir - ok
12:40:43.0063 1196 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
12:40:43.0063 1196 HdAudAddService - ok
12:40:43.0812 1196 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:40:43.0828 1196 HDAudBus - ok
12:40:44.0389 1196 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
12:40:44.0389 1196 HECIx64 - ok
12:40:45.0122 1196 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:40:45.0122 1196 HidBatt - ok
12:40:45.0606 1196 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:40:45.0606 1196 HidBth - ok
12:40:46.0214 1196 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:40:46.0214 1196 HidIr - ok
12:40:47.0525 1196 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
12:40:47.0540 1196 HidUsb - ok
12:40:48.0710 1196 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:40:48.0710 1196 HpSAMD - ok
12:40:49.0818 1196 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
12:40:49.0834 1196 HTTP - ok
12:40:50.0504 1196 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
12:40:50.0504 1196 hwpolicy - ok
12:40:51.0674 1196 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:40:51.0674 1196 i8042prt - ok
12:40:53.0078 1196 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
12:40:53.0078 1196 iaStor - ok
12:40:53.0796 1196 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys
12:40:53.0812 1196 iaStorV - ok
12:40:55.0933 1196 igfx (0ac9e321d604be48a0d72b69ba484bdc) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:40:56.0214 1196 igfx - ok
12:40:57.0119 1196 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:40:57.0119 1196 iirsp - ok
12:40:57.0899 1196 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
12:40:57.0914 1196 Impcd - ok
12:40:58.0757 1196 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
12:40:58.0773 1196 IntcDAud - ok
12:40:59.0865 1196 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
12:40:59.0865 1196 intelide - ok
12:41:00.0801 1196 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:41:00.0801 1196 intelppm - ok
12:41:01.0627 1196 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:41:01.0627 1196 IpFilterDriver - ok
12:41:02.0251 1196 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:41:02.0251 1196 IPMIDRV - ok
12:41:03.0234 1196 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:41:03.0234 1196 IPNAT - ok
12:41:03.0921 1196 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:41:03.0936 1196 IRENUM - ok
12:41:05.0371 1196 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
12:41:05.0371 1196 isapnp - ok
12:41:06.0261 1196 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
12:41:06.0276 1196 iScsiPrt - ok
12:41:07.0087 1196 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:41:07.0087 1196 kbdclass - ok
12:41:07.0774 1196 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
12:41:07.0774 1196 kbdhid - ok
12:41:08.0601 1196 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
12:41:08.0601 1196 KSecDD - ok
12:41:09.0474 1196 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
12:41:09.0474 1196 KSecPkg - ok
12:41:10.0114 1196 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:41:10.0114 1196 ksthunk - ok
12:41:11.0019 1196 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:41:11.0019 1196 lltdio - ok
12:41:11.0736 1196 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:41:11.0752 1196 LSI_FC - ok
12:41:12.0391 1196 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:41:12.0391 1196 LSI_SAS - ok
12:41:13.0140 1196 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:41:13.0140 1196 LSI_SAS2 - ok
12:41:13.0717 1196 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:41:13.0717 1196 LSI_SCSI - ok
12:41:14.0341 1196 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:41:14.0341 1196 luafv - ok
12:41:15.0106 1196 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:41:15.0106 1196 megasas - ok
12:41:15.0964 1196 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:41:15.0964 1196 MegaSR - ok
12:41:16.0697 1196 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:41:16.0713 1196 Modem - ok
12:41:17.0430 1196 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:41:17.0430 1196 monitor - ok
12:41:17.0945 1196 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:41:17.0945 1196 mouclass - ok
12:41:18.0647 1196 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:41:18.0663 1196 mouhid - ok
12:41:19.0209 1196 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
12:41:19.0209 1196 mountmgr - ok
12:41:19.0833 1196 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
12:41:19.0848 1196 mpio - ok
12:41:20.0784 1196 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:41:20.0784 1196 mpsdrv - ok
12:41:21.0486 1196 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
12:41:21.0486 1196 MRxDAV - ok
12:41:22.0079 1196 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:41:22.0095 1196 mrxsmb - ok
12:41:23.0046 1196 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:41:23.0062 1196 mrxsmb10 - ok
12:41:23.0998 1196 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:41:23.0998 1196 mrxsmb20 - ok
12:41:24.0715 1196 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys
12:41:24.0715 1196 msahci - ok
12:41:25.0464 1196 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
12:41:25.0464 1196 msdsm - ok
12:41:26.0244 1196 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:41:26.0244 1196 Msfs - ok
12:41:27.0180 1196 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:41:27.0180 1196 mshidkmdf - ok
12:41:27.0820 1196 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
12:41:27.0820 1196 msisadrv - ok
12:41:29.0177 1196 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:41:29.0177 1196 MSKSSRV - ok
12:41:29.0941 1196 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:41:29.0941 1196 MSPCLOCK - ok
12:41:30.0768 1196 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:41:30.0768 1196 MSPQM - ok
12:41:31.0392 1196 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
12:41:31.0392 1196 MsRPC - ok
12:41:32.0079 1196 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:41:32.0079 1196 mssmbios - ok
12:41:32.0859 1196 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:41:32.0859 1196 MSTEE - ok
12:41:33.0935 1196 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:41:33.0935 1196 MTConfig - ok
12:41:34.0793 1196 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:41:34.0793 1196 Mup - ok
12:41:35.0479 1196 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:41:35.0495 1196 NativeWifiP - ok
12:41:36.0322 1196 NDIS (a3151b3463eea7e47f618f115d0d142e) C:\Windows\system32\drivers\ndis.sys
12:41:36.0337 1196 NDIS - ok
12:41:37.0273 1196 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:41:37.0273 1196 NdisCap - ok
12:41:38.0069 1196 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:41:38.0069 1196 NdisTapi - ok
12:41:38.0755 1196 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
12:41:38.0755 1196 Ndisuio - ok
12:41:39.0364 1196 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:41:39.0364 1196 NdisWan - ok
12:41:40.0081 1196 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
12:41:40.0081 1196 NDProxy - ok
12:41:40.0877 1196 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:41:40.0877 1196 NetBIOS - ok
12:41:41.0470 1196 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
12:41:41.0470 1196 NetBT - ok
12:41:42.0655 1196 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
12:41:42.0780 1196 netw5v64 - ok
12:41:43.0357 1196 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:41:43.0357 1196 nfrd960 - ok
12:41:43.0950 1196 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:41:43.0950 1196 Npfs - ok
12:41:44.0559 1196 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:41:44.0559 1196 nsiproxy - ok
12:41:45.0385 1196 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys
12:41:45.0432 1196 Ntfs - ok
12:41:46.0009 1196 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:41:46.0009 1196 Null - ok
12:41:46.0696 1196 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys
12:41:46.0711 1196 nvraid - ok
12:41:47.0694 1196 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys
12:41:47.0694 1196 nvstor - ok
12:41:48.0334 1196 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
12:41:48.0334 1196 nv_agp - ok
12:41:49.0363 1196 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
12:41:49.0363 1196 ohci1394 - ok
12:41:49.0941 1196 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:41:49.0941 1196 Parport - ok
12:41:50.0455 1196 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
12:41:50.0455 1196 partmgr - ok
12:41:51.0376 1196 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
12:41:51.0391 1196 pci - ok
12:41:51.0906 1196 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
12:41:51.0906 1196 pciide - ok
12:41:52.0702 1196 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:41:52.0702 1196 pcmcia - ok
12:41:53.0373 1196 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:41:53.0373 1196 pcw - ok
12:41:54.0777 1196 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:41:54.0792 1196 PEAUTH - ok
12:41:55.0603 1196 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
12:41:55.0619 1196 PptpMiniport - ok
12:41:56.0149 1196 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:41:56.0149 1196 Processor - ok
12:41:57.0085 1196 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
12:41:57.0085 1196 Psched - ok
12:41:58.0006 1196 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:41:58.0021 1196 ql2300 - ok
12:41:58.0895 1196 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:41:58.0911 1196 ql40xx - ok
12:41:59.0535 1196 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:41:59.0535 1196 QWAVEdrv - ok
12:42:00.0361 1196 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:42:00.0361 1196 RasAcd - ok
12:42:01.0204 1196 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:42:01.0219 1196 RasAgileVpn - ok
12:42:01.0765 1196 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:42:01.0765 1196 Rasl2tp - ok
12:42:02.0577 1196 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:42:02.0577 1196 RasPppoe - ok
12:42:03.0310 1196 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:42:03.0310 1196 RasSstp - ok
12:42:03.0825 1196 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
12:42:03.0840 1196 rdbss - ok
12:42:04.0963 1196 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:42:04.0979 1196 rdpbus - ok
12:42:08.0286 1196 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:42:08.0286 1196 RDPCDD - ok
12:42:08.0926 1196 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:42:08.0941 1196 RDPENCDD - ok
12:42:09.0690 1196 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:42:09.0690 1196 RDPREFMP - ok
12:42:10.0377 1196 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
12:42:10.0377 1196 RDPWD - ok
12:42:11.0079 1196 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
12:42:11.0079 1196 rdyboost - ok
12:42:11.0983 1196 RSPCIESTOR (739583523c1b359d90dfc286d4eded89) C:\Windows\system32\DRIVERS\RtsPStor.sys
12:42:11.0983 1196 RSPCIESTOR - ok
12:42:12.0623 1196 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:42:12.0623 1196 rspndr - ok
12:42:13.0372 1196 RTL8167 (2777226ee8bf50b059d7a7c90177e99c) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:42:13.0372 1196 RTL8167 - ok
12:42:13.0902 1196 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
12:42:13.0902 1196 sbp2port - ok
12:42:14.0776 1196 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
12:42:14.0791 1196 scfilter - ok
12:42:15.0369 1196 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
12:42:15.0384 1196 sdbus - ok
12:42:15.0946 1196 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:42:15.0946 1196 secdrv - ok
12:42:16.0476 1196 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:42:16.0476 1196 Serenum - ok
12:42:17.0053 1196 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:42:17.0053 1196 Serial - ok
12:42:17.0646 1196 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:42:17.0646 1196 sermouse - ok
12:42:18.0208 1196 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
12:42:18.0208 1196 sffdisk - ok
12:42:18.0816 1196 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:42:18.0816 1196 sffp_mmc - ok
12:42:19.0393 1196 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:42:19.0393 1196 sffp_sd - ok
12:42:19.0908 1196 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:42:19.0908 1196 sfloppy - ok
12:42:20.0470 1196 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:42:20.0470 1196 SiSRaid2 - ok
12:42:21.0016 1196 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:42:21.0016 1196 SiSRaid4 - ok
12:42:21.0546 1196 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:42:21.0546 1196 Smb - ok
12:42:22.0014 1196 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:42:22.0014 1196 spldr - ok
12:42:22.0903 1196 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
12:42:22.0966 1196 srv - ok
12:42:23.0543 1196 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
12:42:23.0574 1196 srv2 - ok
12:42:24.0198 1196 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
12:42:24.0229 1196 SrvHsfHDA - ok
12:42:25.0103 1196 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
12:42:25.0134 1196 SrvHsfV92 - ok
12:42:25.0743 1196 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
12:42:25.0774 1196 SrvHsfWinac - ok
12:42:26.0382 1196 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
12:42:26.0398 1196 srvnet - ok
12:42:27.0396 1196 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:42:27.0396 1196 stexstor - ok
12:42:28.0239 1196 STHDA (0aad250a31a7ee96e0945ab9e1f3baa7) C:\Windows\system32\DRIVERS\stwrt64.sys
12:42:28.0270 1196 STHDA - ok
12:42:29.0034 1196 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:42:29.0034 1196 swenum - ok
12:42:29.0830 1196 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
12:42:29.0845 1196 SynTP - ok
12:42:30.0797 1196 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
12:42:30.0813 1196 Tcpip - ok
12:42:31.0717 1196 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
12:42:31.0733 1196 TCPIP6 - ok
12:42:32.0263 1196 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
12:42:32.0263 1196 tcpipreg - ok
12:42:33.0121 1196 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:42:33.0137 1196 TDPIPE - ok
12:42:33.0667 1196 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
12:42:33.0683 1196 TDTCP - ok
12:42:34.0182 1196 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
12:42:34.0198 1196 tdx - ok
12:42:35.0165 1196 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
12:42:35.0165 1196 TermDD - ok
12:42:35.0727 1196 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:42:35.0727 1196 tssecsrv - ok
12:42:36.0241 1196 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
12:42:36.0257 1196 tunnel - ok
12:42:37.0115 1196 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:42:37.0131 1196 uagp35 - ok
12:42:37.0677 1196 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
12:42:37.0708 1196 udfs - ok
12:42:38.0269 1196 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:42:38.0269 1196 uliagpkx - ok
12:42:39.0018 1196 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
12:42:39.0018 1196 umbus - ok
12:42:39.0627 1196 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:42:39.0627 1196 UmPass - ok
12:42:40.0251 1196 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
12:42:40.0266 1196 usbccgp - ok
12:42:43.0511 1196 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
12:42:43.0511 1196 usbcir - ok
12:42:44.0073 1196 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
12:42:44.0073 1196 usbehci - ok
12:42:44.0884 1196 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
12:42:44.0915 1196 usbhub - ok
12:42:45.0477 1196 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
12:42:45.0477 1196 usbohci - ok
12:42:46.0069 1196 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:42:46.0069 1196 usbprint - ok
12:42:46.0943 1196 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:42:46.0943 1196 USBSTOR - ok
12:42:47.0489 1196 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
12:42:47.0505 1196 usbuhci - ok
12:42:48.0097 1196 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
12:42:48.0097 1196 usbvideo - ok
12:42:48.0862 1196 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:42:48.0862 1196 vdrvroot - ok
12:42:49.0501 1196 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:42:49.0501 1196 vga - ok
12:42:50.0063 1196 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:42:50.0063 1196 VgaSave - ok
12:42:50.0874 1196 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
12:42:50.0874 1196 vhdmp - ok
12:42:51.0561 1196 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
12:42:51.0561 1196 viaide - ok
12:42:52.0091 1196 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
12:42:52.0107 1196 volmgr - ok
12:42:53.0105 1196 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
12:42:53.0105 1196 volmgrx - ok
12:42:53.0682 1196 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
12:42:53.0682 1196 volsnap - ok
12:42:54.0447 1196 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:42:54.0462 1196 vsmraid - ok
12:42:55.0367 1196 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:42:55.0367 1196 vwifibus - ok
12:42:56.0038 1196 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:42:56.0038 1196 vwififlt - ok
12:42:56.0740 1196 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:42:56.0740 1196 WacomPen - ok
12:42:57.0208 1196 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:42:57.0208 1196 WANARP - ok
12:42:57.0224 1196 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:42:57.0224 1196 Wanarpv6 - ok
12:42:57.0738 1196 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:42:57.0754 1196 Wd - ok
12:42:58.0238 1196 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:42:58.0253 1196 Wdf01000 - ok
12:42:59.0096 1196 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:42:59.0096 1196 WfpLwf - ok
12:42:59.0642 1196 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:42:59.0657 1196 WIMMount - ok
12:43:00.0250 1196 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:43:00.0250 1196 WmiAcpi - ok
12:43:02.0559 1196 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:43:02.0559 1196 ws2ifsl - ok
12:43:06.0474 1196 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
12:43:06.0490 1196 WudfPf - ok
12:43:06.0958 1196 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
12:43:06.0989 1196 yukonw7 - ok
12:43:07.0067 1196 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
12:43:07.0098 1196 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
12:43:07.0098 1196 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
12:43:07.0145 1196 Boot (0x1200) (373fead99043e0ecc5826f3897f98b83) \Device\Harddisk0\DR0\Partition0
12:43:07.0145 1196 \Device\Harddisk0\DR0\Partition0 - ok
12:43:07.0176 1196 Boot (0x1200) (ad980033fac9a9ec440a4616ee0ed805) \Device\Harddisk0\DR0\Partition1
12:43:07.0192 1196 \Device\Harddisk0\DR0\Partition1 - ok
12:43:07.0223 1196 Boot (0x1200) (b2c600c0bd6705bb8721fa3d3f542103) \Device\Harddisk0\DR0\Partition2
12:43:07.0239 1196 \Device\Harddisk0\DR0\Partition2 - ok
12:43:07.0301 1196 Boot (0x1200) (dadc6f3b48a33fe0063b6dcfb5b8b3c6) \Device\Harddisk0\DR0\Partition3
12:43:07.0301 1196 \Device\Harddisk0\DR0\Partition3 - ok
12:43:07.0301 1196 ============================================================
12:43:07.0301 1196 Scan finished
12:43:07.0301 1196 ============================================================
12:43:07.0317 2580 Detected object count: 1
12:43:07.0317 2580 Actual detected object count: 1
12:43:14.0945 2580 \Device\Harddisk0\DR0\# - copied to quarantine
12:43:14.0945 2580 \Device\Harddisk0\DR0 - copied to quarantine
12:43:15.0101 2580 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
12:43:15.0117 2580 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
12:43:15.0132 2580 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
12:43:15.0148 2580 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
12:43:15.0195 2580 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
12:43:15.0210 2580 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
12:43:15.0210 2580 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
12:43:15.0226 2580 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
12:43:15.0226 2580 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
12:43:15.0226 2580 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
12:43:15.0226 2580 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
12:43:15.0242 2580 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
12:43:15.0288 2580 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
12:43:15.0288 2580 \Device\Harddisk0\DR0 - ok
12:43:15.0788 2580 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
12:43:20.0062 3088 Deinitialize success

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Synusie at 12:46:09 on 2012-03-18
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2733 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\System32\GfxUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\Synusie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{EADE7F15-8206-4992-A8CF-811AB3C87562} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Synusie\AppData\Roaming\Mozilla\Firefox\Profiles\mtzbz1lp.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-17 44768]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-3 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-3-17 1819752]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-17 1153368]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-17 136176]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-17 13336]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-17 2538520]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-17 136176]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-18 16:43:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-18 13:30:41 -------- d-----w- C:\c3ccaa07de7d4d569722b3a5
2012-03-18 13:18:57 634368 ----a-w- C:\Windows\System32\msvcrt.dll
2012-03-18 13:18:55 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-03-18 13:18:37 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2012-03-18 13:18:37 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2012-03-18 13:18:37 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2012-03-18 13:18:37 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2012-03-18 13:18:12 235344 ----a-w- C:\Windows\SysWow64\d3dx11_42.dll
2012-03-18 13:18:12 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2012-03-18 13:16:56 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-03-18 13:13:16 -------- d-----w- C:\Users\Synusie\AppData\Local\Turbine
2012-03-18 13:13:11 -------- d-----w- C:\Users\Synusie\AppData\Local\ApplicationHistory
2012-03-18 13:09:56 77312 ----a-w- C:\Windows\System32\packager.dll
2012-03-18 13:09:56 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-03-18 13:08:26 -------- d-----w- C:\Windows\SysWow64\URTTEMP
2012-03-18 02:51:10 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-03-18 02:51:10 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-03-18 02:51:10 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-03-18 02:51:10 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-03-18 02:51:10 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-03-18 02:51:10 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-03-18 02:51:10 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-03-18 02:51:09 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-03-18 02:51:09 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-03-18 02:51:09 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-03-18 02:45:12 20480 ----a-w- C:\Windows\svchost.exe
2012-03-18 00:41:41 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-03-18 00:41:29 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-18 00:41:19 -------- d-----w- C:\ProgramData\AVAST Software
2012-03-18 00:41:19 -------- d-----w- C:\Program Files\AVAST Software
2012-03-17 23:46:11 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
2012-03-17 23:46:11 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-03-17 23:06:23 -------- d-----w- C:\Program Files (x86)\Turbine
2012-03-17 20:55:58 -------- d-----w- C:\Users\Synusie\AppData\Local\Adobe
2012-03-17 20:31:19 -------- d-----w- C:\Program Files (x86)\Pando Networks
2012-03-17 19:52:47 -------- d-----w- C:\Users\Synusie\AppData\Roaming\IrfanView
2012-03-17 19:52:47 -------- d-----w- C:\Program Files (x86)\IrfanView
2012-03-17 19:10:33 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-17 18:39:56 -------- d-----w- C:\Users\Synusie\AppData\Local\ElevatedDiagnostics
2012-03-17 18:06:11 691 ----a-w- C:\Users\Synusie\AppData\Roaming\GetValue.vbs
2012-03-17 18:06:11 35 ----a-w- C:\Users\Synusie\AppData\Roaming\SetValue.bat
2012-03-17 18:05:17 564224 ----a-w- C:\Windows\System32\idt64mp1.exe
2012-03-17 18:05:17 524800 ----a-w- C:\Windows\sttray64.exe
2012-03-17 18:05:17 4594176 ----a-w- C:\Windows\System32\stlang64.dll
2012-03-17 18:05:17 438784 ----a-w- C:\Windows\System32\IDTNC64.cpl
2012-03-17 18:05:17 -------- d-----w- C:\Program Files\IDT
2012-03-17 17:43:29 -------- d-----w- C:\Users\Synusie\AppData\Roaming\ZumoDrive
2012-03-17 17:42:29 -------- d-----w- C:\Users\Synusie\AppData\Roaming\Roxio Log Files
2012-03-17 17:37:34 2672 ----a-w- C:\Windows\SysWow64\tmp.reg
2012-03-17 17:30:01 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-03-17 17:27:28 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-03-17 17:27:19 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-03-17 17:26:22 -------- d-----w- C:\Users\Synusie\AppData\Roaming\DAEMON Tools Lite
2012-03-17 17:26:20 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-03-17 17:12:53 -------- d-----w- C:\Users\Synusie\AppData\Local\Mozilla
2012-03-17 17:12:41 -------- d-----w- C:\Program Files\Nightly
2012-03-17 17:09:11 -------- d-----w- C:\Users\Synusie\AppData\Roaming\AVG2012
2012-03-17 17:07:59 -------- d--h--w- C:\ProgramData\Common Files
2012-03-17 17:07:51 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-03-17 17:07:43 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-03-17 17:07:43 -------- d-----w- C:\ProgramData\AVG2012
2012-03-17 17:06:59 -------- d-----w- C:\Program Files (x86)\AVG
2012-03-17 17:05:33 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-17 17:05:33 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-17 17:04:23 -------- d-----w- C:\Program Files\PeerBlock
2012-03-17 17:03:55 -------- d-----w- C:\Program Files\CCleaner
2012-03-17 17:02:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-17 17:02:59 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-17 17:02:59 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-17 17:02:59 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-17 17:02:59 -------- d-----w- C:\ProgramData\MFAData
2012-03-17 17:02:58 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-17 17:02:58 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-17 17:02:58 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-17 17:02:25 -------- d-----w- C:\Users\Synusie\AppData\Local\Google
2012-03-17 16:55:58 -------- d-----w- C:\Users\Synusie\AppData\Roaming\PictureMover
2012-03-17 16:55:06 -------- d-----w- C:\Users\Synusie\AppData\Roaming\Intel Corporation
2012-03-17 16:55:04 -------- d-----w- C:\Users\Synusie\AppData\Roaming\hpqLog
2012-03-17 16:54:57 -------- d-----w- C:\Users\Synusie\AppData\Roaming\Synaptics
2012-03-17 16:54:11 -------- d-----w- C:\Users\Synusie\AppData\Local\RemEngine
2012-03-17 16:52:39 -------- d-----w- C:\Users\Synusie\AppData\Local\Hewlett-Packard
2012-03-17 16:52:23 -------- d-----w- C:\Users\Synusie\AppData\Local\Hewlett-Packard_Company
.
==================== Find3M ====================
.
2012-03-17 19:13:40 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 12:48:07.38 ===============

Blade81
2012-03-18, 19:00
Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Kingault
2012-03-18, 19:29
Combofix log:
ComboFix 12-03-17.01 - Synusie 03/18/2012 13:07:23.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2050 [GMT -4:00]
Running from: c:\users\Synusie\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\SysWow64\404Fix.exe
c:\windows\SysWow64\Agent.OMZ.Fix.exe
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\IEDFix.C.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\o4Patch.exe
c:\windows\SysWow64\Process.exe
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\WS2Fix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-18 to 2012-03-18 )))))))))))))))))))))))))))))))
.
.
2012-03-18 17:18 . 2012-03-18 17:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-18 16:43 . 2012-03-18 16:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-18 13:30 . 2012-03-18 13:30 -------- d-----w- C:\c3ccaa07de7d4d569722b3a5
2012-03-18 13:18 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-18 13:18 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-03-18 13:18 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2012-03-18 13:18 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2012-03-18 13:18 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-03-18 13:18 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
2012-03-18 13:18 . 2009-09-04 21:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll
2012-03-18 13:18 . 2009-09-04 21:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-03-18 13:16 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-03-18 13:09 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-03-18 13:09 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-18 13:08 . 2012-03-18 13:08 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-03-18 02:51 . 2012-03-18 02:51 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-03-18 02:51 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-03-18 02:51 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-03-18 02:51 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-03-18 02:51 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-03-18 02:51 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-03-18 02:51 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-03-18 02:51 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-03-18 02:51 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-03-18 02:51 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-03-18 02:51 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-03-18 00:41 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-18 00:41 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-18 00:41 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-18 00:41 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-18 00:41 . 2012-03-18 00:41 -------- d-----w- c:\programdata\AVAST Software
2012-03-18 00:41 . 2012-03-18 00:41 -------- d-----w- c:\program files\AVAST Software
2012-03-17 23:46 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-03-17 23:46 . 2007-03-12 20:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
2012-03-17 23:06 . 2012-03-17 23:06 -------- d-----w- c:\program files (x86)\Turbine
2012-03-17 20:31 . 2012-03-17 20:31 -------- d-----w- c:\program files (x86)\Pando Networks
2012-03-17 19:52 . 2012-03-17 19:52 -------- d-----w- c:\program files (x86)\IrfanView
2012-03-17 19:50 . 2012-03-17 19:50 -------- d-----w- c:\windows\Sun
2012-03-17 19:45 . 2006-12-01 10:20 79360 ----a-w- c:\windows\system32\swxcacls.exe
2012-03-17 19:45 . 2006-08-29 23:43 135168 ----a-w- c:\windows\system32\swreg.exe
2012-03-17 19:35 . 2012-03-17 19:35 -------- d-----w- c:\program files (x86)\ERUNT
2012-03-17 19:14 . 2012-03-17 19:14 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-17 19:13 . 2012-03-17 19:13 -------- d-----w- c:\program files (x86)\Java
2012-03-17 19:10 . 2012-03-18 03:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-17 19:10 . 2012-03-17 19:10 -------- d-----w- c:\windows\system32\Macromed
2012-03-17 18:05 . 2012-03-17 18:05 -------- d-----w- c:\program files\IDT
2012-03-17 18:05 . 2010-12-02 04:44 564224 ----a-w- c:\windows\system32\idt64mp1.exe
2012-03-17 18:05 . 2010-12-02 04:44 524800 ----a-w- c:\windows\sttray64.exe
2012-03-17 18:05 . 2010-12-02 04:44 4594176 ----a-w- c:\windows\system32\stlang64.dll
2012-03-17 18:05 . 2010-12-02 04:44 438784 ----a-w- c:\windows\system32\IDTNC64.cpl
2012-03-17 17:30 . 2012-03-17 17:30 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-03-17 17:27 . 2012-03-17 17:27 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-17 17:27 . 2012-03-17 17:27 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-03-17 17:26 . 2012-03-17 17:26 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-03-17 17:12 . 2012-03-18 13:43 -------- d-----w- c:\program files\Nightly
2012-03-17 17:07 . 2012-03-17 17:07 -------- d--h--w- c:\programdata\Common Files
2012-03-17 17:07 . 2012-03-17 17:07 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-03-17 17:07 . 2012-03-18 13:08 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-17 17:07 . 2012-03-17 17:24 -------- d-----w- c:\programdata\AVG2012
2012-03-17 17:06 . 2012-03-17 17:06 -------- d-----w- c:\program files (x86)\AVG
2012-03-17 17:05 . 2012-03-17 17:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-17 17:05 . 2012-03-17 17:05 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-17 17:04 . 2012-03-17 22:28 -------- d-----w- c:\program files\PeerBlock
2012-03-17 17:03 . 2012-03-17 17:03 -------- d-----w- c:\program files\CCleaner
2012-03-17 17:03 . 2012-03-17 17:03 -------- d-----w- c:\program files\Google
2012-03-17 17:02 . 2012-03-18 13:08 -------- d-----w- c:\programdata\MFAData
2012-03-17 17:02 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-17 17:02 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-17 17:02 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-17 17:02 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-17 17:02 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-17 17:02 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-17 17:02 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-17 17:02 . 2012-03-18 00:42 -------- d-----w- c:\program files (x86)\Google
2012-03-17 16:52 . 2012-03-17 16:52 -------- d-----w- c:\users\Public\Symantec
2012-03-17 16:50 . 2012-03-17 16:54 -------- d-----w- c:\users\Synusie
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-17 19:13 . 2011-01-16 21:45 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-17 17:24 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-17 39408]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\Synusie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-17 136176]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-17 136176]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-04 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-22 1819752]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 21:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-17 17:02]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-17 17:02]
.
2012-03-17 c:\windows\Tasks\HPCeeScheduleForSYNUSIE-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-07 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-07 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-07 417304]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-02 524800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Synusie\AppData\Roaming\Mozilla\Firefox\Profiles\mtzbz1lp.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4} - c:\program files (x86)\InstallShield Installation Information\{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-18 13:25:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-18 17:25
.
Pre-Run: 425,804,210,176 bytes free
Post-Run: 426,547,036,160 bytes free
.
- - End Of File - - 90E726ECBE733A26045C099B72E13292

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Synusie at 13:26:57 on 2012-03-18
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2294 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\SysWOW64\SWSC.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Nightly\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
StartupFolder: C:\Users\Synusie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{EADE7F15-8206-4992-A8CF-811AB3C87562} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Synusie\AppData\Roaming\Mozilla\Firefox\Profiles\mtzbz1lp.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-17 44768]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-3 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-17 13336]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-3-17 1819752]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-17 1153368]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-17 2538520]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-17 136176]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-17 136176]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-18 17:06:21 98816 ----a-w- C:\Windows\sed.exe
2012-03-18 17:06:21 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-18 17:06:21 256000 ----a-w- C:\Windows\PEV.exe
2012-03-18 17:06:21 208896 ----a-w- C:\Windows\MBR.exe
2012-03-18 17:06:13 -------- d-----w- C:\ComboFix
2012-03-18 16:43:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-18 13:30:41 -------- d-----w- C:\c3ccaa07de7d4d569722b3a5
2012-03-18 13:18:57 634368 ----a-w- C:\Windows\System32\msvcrt.dll
2012-03-18 13:18:55 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-03-18 13:18:37 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2012-03-18 13:18:37 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2012-03-18 13:18:37 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2012-03-18 13:18:37 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2012-03-18 13:18:12 235344 ----a-w- C:\Windows\SysWow64\d3dx11_42.dll
2012-03-18 13:18:12 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2012-03-18 13:16:56 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-03-18 13:13:16 -------- d-----w- C:\Users\Synusie\AppData\Local\Turbine
2012-03-18 13:13:11 -------- d-----w- C:\Users\Synusie\AppData\Local\ApplicationHistory
2012-03-18 13:09:56 77312 ----a-w- C:\Windows\System32\packager.dll
2012-03-18 13:09:56 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-03-18 13:08:26 -------- d-----w- C:\Windows\SysWow64\URTTEMP
2012-03-18 02:51:10 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-03-18 02:51:10 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-03-18 02:51:10 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-03-18 02:51:10 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-03-18 02:51:10 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-03-18 02:51:10 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-03-18 02:51:10 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-03-18 02:51:09 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-03-18 02:51:09 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-03-18 02:51:09 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-03-18 00:41:41 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-03-18 00:41:29 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-18 00:41:19 -------- d-----w- C:\ProgramData\AVAST Software
2012-03-18 00:41:19 -------- d-----w- C:\Program Files\AVAST Software
2012-03-17 23:46:11 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
2012-03-17 23:46:11 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-03-17 23:06:23 -------- d-----w- C:\Program Files (x86)\Turbine
2012-03-17 20:55:58 -------- d-----w- C:\Users\Synusie\AppData\Local\Adobe
2012-03-17 20:31:19 -------- d-----w- C:\Program Files (x86)\Pando Networks
2012-03-17 19:52:47 -------- d-----w- C:\Users\Synusie\AppData\Roaming\IrfanView
2012-03-17 19:52:47 -------- d-----w- C:\Program Files (x86)\IrfanView
2012-03-17 19:45:13 79360 ----a-w- C:\Windows\System32\swxcacls.exe
2012-03-17 19:45:13 135168 ----a-w- C:\Windows\System32\swreg.exe
2012-03-17 19:10:33 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-17 18:39:56 -------- d-----w- C:\Users\Synusie\AppData\Local\ElevatedDiagnostics
2012-03-17 18:06:11 691 ----a-w- C:\Users\Synusie\AppData\Roaming\GetValue.vbs
2012-03-17 18:06:11 35 ----a-w- C:\Users\Synusie\AppData\Roaming\SetValue.bat
2012-03-17 18:05:17 564224 ----a-w- C:\Windows\System32\idt64mp1.exe
2012-03-17 18:05:17 524800 ----a-w- C:\Windows\sttray64.exe
2012-03-17 18:05:17 4594176 ----a-w- C:\Windows\System32\stlang64.dll
2012-03-17 18:05:17 438784 ----a-w- C:\Windows\System32\IDTNC64.cpl
2012-03-17 18:05:17 -------- d-----w- C:\Program Files\IDT
2012-03-17 17:43:29 -------- d-----w- C:\Users\Synusie\AppData\Roaming\ZumoDrive
2012-03-17 17:42:29 -------- d-----w- C:\Users\Synusie\AppData\Roaming\Roxio Log Files
2012-03-17 17:30:01 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-03-17 17:27:28 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-03-17 17:27:19 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-03-17 17:26:22 -------- d-----w- C:\Users\Synusie\AppData\Roaming\DAEMON Tools Lite
2012-03-17 17:26:20 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-03-17 17:12:53 -------- d-----w- C:\Users\Synusie\AppData\Local\Mozilla
2012-03-17 17:12:41 -------- d-----w- C:\Program Files\Nightly
2012-03-17 17:09:11 -------- d-----w- C:\Users\Synusie\AppData\Roaming\AVG2012
2012-03-17 17:07:59 -------- d--h--w- C:\ProgramData\Common Files
2012-03-17 17:07:51 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-03-17 17:07:43 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-03-17 17:07:43 -------- d-----w- C:\ProgramData\AVG2012
2012-03-17 17:06:59 -------- d-----w- C:\Program Files (x86)\AVG
2012-03-17 17:05:33 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-17 17:05:33 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-17 17:04:23 -------- d-----w- C:\Program Files\PeerBlock
2012-03-17 17:03:55 -------- d-----w- C:\Program Files\CCleaner
2012-03-17 17:02:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-17 17:02:59 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-17 17:02:59 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-17 17:02:59 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-17 17:02:59 -------- d-----w- C:\ProgramData\MFAData
2012-03-17 17:02:58 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-17 17:02:58 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-17 17:02:58 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-17 17:02:25 -------- d-----w- C:\Users\Synusie\AppData\Local\Google
2012-03-17 16:55:58 -------- d-----w- C:\Users\Synusie\AppData\Roaming\PictureMover
2012-03-17 16:55:06 -------- d-----w- C:\Users\Synusie\AppData\Roaming\Intel Corporation
2012-03-17 16:55:04 -------- d-----w- C:\Users\Synusie\AppData\Roaming\hpqLog
2012-03-17 16:54:57 -------- d-----w- C:\Users\Synusie\AppData\Roaming\Synaptics
2012-03-17 16:54:11 -------- d-----w- C:\Users\Synusie\AppData\Local\RemEngine
2012-03-17 16:52:39 -------- d-----w- C:\Users\Synusie\AppData\Local\Hewlett-Packard
2012-03-17 16:52:23 -------- d-----w- C:\Users\Synusie\AppData\Local\Hewlett-Packard_Company
.
==================== Find3M ====================
.
2012-03-17 19:13:40 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 13:27:18.04 ===============

Blade81
2012-03-18, 20:35
Hi again,


Open notepad and copy/paste the text in the quotebox below into it:



DDS::
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FileLook::
C:\Windows\System32\swxcacls.exe
C:\Windows\System32\swreg.exe



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1 and separate 10.1.1 10.1.2 updates for it) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).


Uninstall your current Adobe shockwave player and get the fresh one here (http://get.adobe.com/shockwave/) if needed.


* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Kingault
2012-03-19, 00:17
I set ESET to scan archives as well.
ESET:
C:\Program Files\Nightly\SmitfraudFix\Process.exe Win32/PrcView application
C:\Program Files\Nightly\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\Qoobox\Quarantine\C\Windows\System32\Process.exe.vir Win32/PrcView application
C:\Qoobox\Quarantine\C\Windows\SysWOW64\Process.exe.vir Win32/PrcView application
C:\TDSSKiller_Quarantine\18.03.2012_12.39.31\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\18.03.2012_12.39.31\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\18.03.2012_12.39.31\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\18.03.2012_12.39.31\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AG trojan
C:\TDSSKiller_Quarantine\18.03.2012_12.39.31\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.KB trojan
C:\TDSSKiller_Quarantine\18.03.2012_12.39.31\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AF trojan
C:\TDSSKiller_Quarantine\18.03.2012_12.39.31\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\18.03.2012_12.39.31\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.X trojan
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\43974315-13446683 Java/Exploit.Blacole.AN trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\43974315-13446683 Java/Exploit.Blacole.AN trojan

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Synusie at 18:04:27 on 2012-03-18
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.1858 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\SWSC.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\SysWOW64\msiexec.exe
C:\Program Files (x86)\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
C:\Program Files (x86)\Turbine\The Lord of the Rings Online\lotroclient.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Synusie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{EADE7F15-8206-4992-A8CF-811AB3C87562} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Synusie\AppData\Roaming\Mozilla\Firefox\Profiles\mtzbz1lp.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-17 44768]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-3 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-17 13336]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-3-17 1819752]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-17 1153368]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-17 2538520]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-17 136176]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-17 136176]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-18 20:38:00 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-18 20:30:46 -------- d-----w- C:\Users\Synusie\AppData\Local\CrashDumps
2012-03-18 20:18:50 -------- d-----w- C:\Program Files (x86)\ESET
2012-03-18 20:16:51 -------- d-----w- C:\Windows\SysWow64\Adobe
2012-03-18 19:58:51 -------- d-----w- C:\Users\Synusie\AppData\Roaming\ShanghaiAlice
2012-03-18 19:57:17 -------- d-----w- C:\ComboFix
2012-03-18 18:11:02 -------- d-----w- C:\Users\Synusie\AppData\Local\The Lord of the Rings Online
2012-03-18 17:54:42 -------- d-----w- C:\Windows\SysWow64\Wat
2012-03-18 17:54:42 -------- d-----w- C:\Windows\System32\Wat
2012-03-18 17:49:12 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-03-18 17:06:21 98816 ----a-w- C:\Windows\sed.exe
2012-03-18 17:06:21 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-18 17:06:21 256000 ----a-w- C:\Windows\PEV.exe
2012-03-18 17:06:21 208896 ----a-w- C:\Windows\MBR.exe
2012-03-18 16:43:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-18 13:30:41 -------- d-----w- C:\c3ccaa07de7d4d569722b3a5
2012-03-18 13:20:58 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2012-03-18 13:18:57 634368 ----a-w- C:\Windows\System32\msvcrt.dll
2012-03-18 13:17:59 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-03-18 13:16:58 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-03-18 13:15:53 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-18 13:15:52 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-18 13:15:52 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-18 13:13:16 -------- d-----w- C:\Users\Synusie\AppData\Local\Turbine
2012-03-18 13:13:11 -------- d-----w- C:\Users\Synusie\AppData\Local\ApplicationHistory
2012-03-18 13:09:56 77312 ----a-w- C:\Windows\System32\packager.dll
2012-03-18 13:09:56 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-03-18 13:08:26 -------- d-----w- C:\Windows\SysWow64\URTTEMP
2012-03-18 02:51:10 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-03-18 02:51:10 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-03-18 02:51:10 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-03-18 02:51:10 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-03-18 02:51:10 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-03-18 02:51:10 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-03-18 02:51:10 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-03-18 02:51:09 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-03-18 02:51:09 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-03-18 02:51:09 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-03-18 00:41:41 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-03-18 00:41:29 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-18 00:41:19 -------- d-----w- C:\ProgramData\AVAST Software
2012-03-18 00:41:19 -------- d-----w- C:\Program Files\AVAST Software
2012-03-17 23:46:11 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
2012-03-17 23:46:11 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-03-17 23:06:23 -------- d-----w- C:\Program Files (x86)\Turbine
2012-03-17 20:55:58 -------- d-----w- C:\Users\Synusie\AppData\Local\Adobe
2012-03-17 20:31:19 -------- d-----w- C:\Program Files (x86)\Pando Networks
2012-03-17 19:52:47 -------- d-----w- C:\Users\Synusie\AppData\Roaming\IrfanView
2012-03-17 19:52:47 -------- d-----w- C:\Program Files (x86)\IrfanView
2012-03-17 19:45:13 79360 ----a-w- C:\Windows\System32\swxcacls.exe
2012-03-17 19:45:13 135168 ----a-w- C:\Windows\System32\swreg.exe
2012-03-17 19:10:33 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-17 18:39:56 -------- d-----w- C:\Users\Synusie\AppData\Local\ElevatedDiagnostics
2012-03-17 18:06:11 691 ----a-w- C:\Users\Synusie\AppData\Roaming\GetValue.vbs
2012-03-17 18:06:11 35 ----a-w- C:\Users\Synusie\AppData\Roaming\SetValue.bat
2012-03-17 18:05:17 564224 ----a-w- C:\Windows\System32\idt64mp1.exe
2012-03-17 18:05:17 524800 ----a-w- C:\Windows\sttray64.exe
2012-03-17 18:05:17 4594176 ----a-w- C:\Windows\System32\stlang64.dll
2012-03-17 18:05:17 438784 ----a-w- C:\Windows\System32\IDTNC64.cpl
2012-03-17 18:05:17 -------- d-----w- C:\Program Files\IDT
2012-03-17 17:43:29 -------- d-----w- C:\Users\Synusie\AppData\Roaming\ZumoDrive
2012-03-17 17:42:29 -------- d-----w- C:\Users\Synusie\AppData\Roaming\Roxio Log Files
2012-03-17 17:30:01 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-03-17 17:27:28 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-03-17 17:27:19 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-03-17 17:26:22 -------- d-----w- C:\Users\Synusie\AppData\Roaming\DAEMON Tools Lite
2012-03-17 17:26:20 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-03-17 17:12:53 -------- d-----w- C:\Users\Synusie\AppData\Local\Mozilla
2012-03-17 17:12:41 -------- d-----w- C:\Program Files\Nightly
2012-03-17 17:09:11 -------- d-----w- C:\Users\Synusie\AppData\Roaming\AVG2012
2012-03-17 17:07:59 -------- d--h--w- C:\ProgramData\Common Files
2012-03-17 17:07:51 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-03-17 17:07:43 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-03-17 17:07:43 -------- d-----w- C:\ProgramData\AVG2012
2012-03-17 17:06:59 -------- d-----w- C:\Program Files (x86)\AVG
2012-03-17 17:05:33 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-17 17:05:33 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-17 17:04:23 -------- d-----w- C:\Program Files\PeerBlock
2012-03-17 17:03:55 -------- d-----w- C:\Program Files\CCleaner
2012-03-17 17:02:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-17 17:02:59 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-17 17:02:59 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-17 17:02:59 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-17 17:02:59 -------- d-----w- C:\ProgramData\MFAData
2012-03-17 17:02:58 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-17 17:02:58 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-17 17:02:58 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-17 17:02:25 -------- d-----w- C:\Users\Synusie\AppData\Local\Google
2012-03-17 16:55:58 -------- d-----w- C:\Users\Synusie\AppData\Roaming\PictureMover
2012-03-17 16:55:06 -------- d-----w- C:\Users\Synusie\AppData\Roaming\Intel Corporation
2012-03-17 16:55:04 -------- d-----w- C:\Users\Synusie\AppData\Roaming\hpqLog
2012-03-17 16:54:57 -------- d-----w- C:\Users\Synusie\AppData\Roaming\Synaptics
2012-03-17 16:54:11 -------- d-----w- C:\Users\Synusie\AppData\Local\RemEngine
2012-03-17 16:52:39 -------- d-----w- C:\Users\Synusie\AppData\Local\Hewlett-Packard
2012-03-17 16:52:23 -------- d-----w- C:\Users\Synusie\AppData\Local\Hewlett-Packard_Company
.
==================== Find3M ====================
.
2012-03-17 19:13:40 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 18:05:12.39 ===============


Combofix had to be divided into two parts due to size.

Part1:

ComboFix 12-03-17.01 - Synusie 03/18/2012 15:58:08.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2658 [GMT -4:00]
Running from: c:\users\Synusie\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-18 to 2012-03-18 )))))))))))))))))))))))))))))))
.
.
2012-03-18 20:02 . 2012-03-18 20:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-18 17:54 . 2012-03-18 17:54 -------- d-----w- c:\windows\SysWow64\Wat
2012-03-18 17:54 . 2012-03-18 17:54 -------- d-----w- c:\windows\system32\Wat
2012-03-18 17:49 . 2012-03-18 17:49 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-03-18 16:43 . 2012-03-18 16:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-18 13:30 . 2012-03-18 13:30 -------- d-----w- C:\c3ccaa07de7d4d569722b3a5
2012-03-18 13:20 . 2011-07-16 05:26 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-03-18 13:18 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-18 13:17 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-03-18 13:16 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-03-18 13:15 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-18 13:15 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-18 13:15 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-18 13:09 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-03-18 13:09 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-18 13:08 . 2012-03-18 13:08 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-03-18 02:51 . 2012-03-18 02:51 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-03-18 02:51 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-03-18 02:51 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-03-18 02:51 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-03-18 02:51 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-03-18 02:51 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-03-18 02:51 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-03-18 02:51 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-03-18 02:51 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-03-18 02:51 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-03-18 02:51 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-03-18 00:41 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-18 00:41 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-18 00:41 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-18 00:41 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-18 00:41 . 2012-03-18 00:41 -------- d-----w- c:\programdata\AVAST Software
2012-03-18 00:41 . 2012-03-18 00:41 -------- d-----w- c:\program files\AVAST Software
2012-03-17 23:46 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-03-17 23:46 . 2007-03-12 20:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
2012-03-17 23:06 . 2012-03-17 23:06 -------- d-----w- c:\program files (x86)\Turbine
2012-03-17 20:31 . 2012-03-17 20:31 -------- d-----w- c:\program files (x86)\Pando Networks
2012-03-17 19:52 . 2012-03-17 19:52 -------- d-----w- c:\program files (x86)\IrfanView
2012-03-17 19:50 . 2012-03-17 19:50 -------- d-----w- c:\windows\Sun
2012-03-17 19:45 . 2006-12-01 10:20 79360 ----a-w- c:\windows\system32\swxcacls.exe
2012-03-17 19:45 . 2006-08-29 23:43 135168 ----a-w- c:\windows\system32\swreg.exe
2012-03-17 19:35 . 2012-03-17 19:35 -------- d-----w- c:\program files (x86)\ERUNT
2012-03-17 19:14 . 2012-03-17 19:14 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-17 19:13 . 2012-03-17 19:13 -------- d-----w- c:\program files (x86)\Java
2012-03-17 19:10 . 2012-03-18 03:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-17 19:10 . 2012-03-17 19:10 -------- d-----w- c:\windows\system32\Macromed
2012-03-17 18:05 . 2012-03-17 18:05 -------- d-----w- c:\program files\IDT
2012-03-17 18:05 . 2010-12-02 04:44 564224 ----a-w- c:\windows\system32\idt64mp1.exe
2012-03-17 18:05 . 2010-12-02 04:44 524800 ----a-w- c:\windows\sttray64.exe
2012-03-17 18:05 . 2010-12-02 04:44 4594176 ----a-w- c:\windows\system32\stlang64.dll
2012-03-17 18:05 . 2010-12-02 04:44 438784 ----a-w- c:\windows\system32\IDTNC64.cpl
2012-03-17 17:30 . 2012-03-17 17:30 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-03-17 17:27 . 2012-03-17 17:27 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-17 17:27 . 2012-03-17 17:27 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-03-17 17:26 . 2012-03-17 17:26 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-03-17 17:12 . 2012-03-18 13:43 -------- d-----w- c:\program files\Nightly
2012-03-17 17:07 . 2012-03-17 17:07 -------- d--h--w- c:\programdata\Common Files
2012-03-17 17:07 . 2012-03-17 17:07 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-03-17 17:07 . 2012-03-18 13:08 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-17 17:07 . 2012-03-17 17:24 -------- d-----w- c:\programdata\AVG2012
2012-03-17 17:06 . 2012-03-17 17:06 -------- d-----w- c:\program files (x86)\AVG
2012-03-17 17:05 . 2012-03-17 17:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-17 17:05 . 2012-03-17 17:05 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-17 17:04 . 2012-03-17 22:28 -------- d-----w- c:\program files\PeerBlock
2012-03-17 17:03 . 2012-03-17 17:03 -------- d-----w- c:\program files\CCleaner
2012-03-17 17:03 . 2012-03-17 17:03 -------- d-----w- c:\program files\Google
2012-03-17 17:02 . 2012-03-18 13:08 -------- d-----w- c:\programdata\MFAData
2012-03-17 17:02 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-17 17:02 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-17 17:02 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-17 17:02 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-17 17:02 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-17 17:02 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-17 17:02 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-17 17:02 . 2012-03-18 00:42 -------- d-----w- c:\program files (x86)\Google
2012-03-17 16:52 . 2012-03-17 16:52 -------- d-----w- c:\users\Public\Symantec
2012-03-17 16:50 . 2012-03-17 16:54 -------- d-----w- c:\users\Synusie
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-17 19:13 . 2011-01-16 21:45 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-17 17:24 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\System32\swreg.exe ---
Company: SteelWerX
File Description: Freeware implementation of REG.EXE
File Version: 2.0.1.0
Product Name: SteelWerX Registry Editor
Copyright: Copyright © Frank Staal 1999-2006
Original Filename: SWREG.EXE
File size: 135168
Created time: 2012-03-17 19:45
Modified time: 2006-08-29 23:43
MD5: E417D888FDDE9A2290C369C82A7AEC3E
SHA1: 54A6ACF7ED038AFC6A632CCD568C17FC31EAC00E
.
.
--- c:\windows\System32\swxcacls.exe ---
Company: SteelWerX
File Description: Freeware implementation of XCACLS
File Version: 1.0.1.1
Product Name: SteelWerX Extended Configurator ACLists
Copyright: Copyright © Frank Staal 1999-2006
Original Filename: SWXCACLS.EXE
File size: 79360
Created time: 2012-03-17 19:45
Modified time: 2006-12-01 10:20
MD5: EF5DC4CF7C39CFB4653859878C14D86C
SHA1: 82AB38D121C5D6CCCE79D0E63BF51604CD3C9FD6
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-18_17.20.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-18 13:16 . 2011-11-17 05:35 96768 c:\windows\SysWOW64\sspicli.dll
- 2011-01-16 22:07 . 2011-01-16 22:07 96768 c:\windows\SysWOW64\sspicli.dll
- 2011-01-16 22:07 . 2011-01-16 22:07 22016 c:\windows\SysWOW64\secur32.dll
+ 2012-03-18 13:16 . 2011-11-17 05:39 22016 c:\windows\SysWOW64\secur32.dll
+ 2012-03-18 13:17 . 2011-06-15 09:04 86016 c:\windows\SysWOW64\odbccu32.dll
- 2009-07-14 00:12 . 2009-07-14 01:16 86016 c:\windows\SysWOW64\odbccu32.dll
+ 2012-03-18 13:17 . 2011-06-15 09:04 81920 c:\windows\SysWOW64\odbccr32.dll
+ 2012-03-18 13:18 . 2011-03-03 05:27 28672 c:\windows\SysWOW64\dnscacheugc.exe
- 2009-07-13 23:38 . 2009-07-14 01:14 28672 c:\windows\SysWOW64\dnscacheugc.exe
- 2011-01-16 22:07 . 2011-01-16 22:07 34304 c:\windows\SysWOW64\atmlib.dll
+ 2012-03-18 13:16 . 2011-02-19 05:32 34304 c:\windows\SysWOW64\atmlib.dll
+ 2009-07-14 05:10 . 2012-03-18 17:59 37134 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-18 13:16 . 2011-11-17 07:11 28672 c:\windows\system32\sspisrv.dll
- 2009-07-13 23:20 . 2009-07-14 01:41 28672 c:\windows\system32\sspisrv.dll
- 2009-07-13 23:50 . 2009-07-14 01:41 28160 c:\windows\system32\secur32.dll
+ 2012-03-18 13:16 . 2011-11-17 07:11 28160 c:\windows\system32\secur32.dll
- 2009-07-13 23:20 . 2009-07-14 01:39 31232 c:\windows\system32\lsass.exe
+ 2012-03-18 13:16 . 2011-11-17 07:05 31232 c:\windows\system32\lsass.exe
+ 2012-03-18 13:16 . 2011-11-17 07:17 95088 c:\windows\system32\drivers\ksecdd.sys
- 2009-07-13 23:54 . 2009-07-14 01:39 30208 c:\windows\system32\dnscacheugc.exe
+ 2012-03-18 13:18 . 2011-03-03 06:14 30208 c:\windows\system32\dnscacheugc.exe
+ 2012-03-18 13:16 . 2011-10-26 05:19 43520 c:\windows\system32\csrsrv.dll
- 2009-07-13 23:19 . 2009-07-14 01:40 43520 c:\windows\system32\csrsrv.dll
- 2012-03-17 19:49 . 2012-03-18 16:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-17 19:49 . 2012-03-18 17:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-17 19:49 . 2012-03-18 16:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-17 19:49 . 2012-03-18 17:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-18 16:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-18 17:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-16 22:07 . 2011-01-16 22:07 46080 c:\windows\system32\atmlib.dll
+ 2012-03-18 13:16 . 2011-02-19 06:36 46080 c:\windows\system32\atmlib.dll
+ 2009-07-14 04:46 . 2012-03-18 17:59 78344 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-03-17 16:58 . 2012-03-18 17:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-17 16:58 . 2012-03-18 19:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-18 17:34 . 2009-07-14 01:41 53248 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
+ 2012-03-17 16:58 . 2012-03-18 19:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-17 16:58 . 2012-03-18 17:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-04-13 02:16 . 2011-04-13 02:16 67920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
+ 2011-07-09 14:05 . 2011-07-09 14:05 67920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
+ 2011-07-09 13:30 . 2011-07-09 13:30 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
- 2011-04-12 19:11 . 2011-04-12 19:11 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2012-03-18 17:51 . 2012-03-18 17:51 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-03-18 13:34 . 2012-03-18 13:34 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-03-18 13:34 . 2012-03-18 13:34 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-03-18 17:51 . 2012-03-18 17:51 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-03-18 13:34 . 2012-03-18 13:34 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-03-18 17:51 . 2012-03-18 17:51 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-03-18 13:34 . 2012-03-18 13:34 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-03-18 17:51 . 2012-03-18 17:51 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-03-18 13:34 . 2012-03-18 13:34 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-03-18 17:51 . 2012-03-18 17:51 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-03-18 17:51 . 2012-03-18 17:51 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-03-18 13:33 . 2012-03-18 13:33 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-03-18 17:51 . 2012-03-18 17:51 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-03-18 13:34 . 2012-03-18 13:34 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-03-18 17:51 . 2012-03-18 17:51 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-03-18 13:33 . 2012-03-18 13:33 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-03-18 17:51 . 2012-03-18 17:51 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-03-18 13:33 . 2012-03-18 13:33 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-03-18 17:51 . 2012-03-18 17:51 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-03-18 13:33 . 2012-03-18 13:33 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-03-18 13:33 . 2012-03-18 13:33 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-03-18 17:51 . 2012-03-18 17:51 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-03-18 17:51 . 2012-03-18 17:51 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-03-18 13:33 . 2012-03-18 13:33 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-03-18 17:51 . 2012-03-18 17:51 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-03-18 13:33 . 2012-03-18 13:33 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-03-18 17:51 . 2012-03-18 17:51 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-03-18 13:34 . 2012-03-18 13:34 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-03-18 17:51 . 2012-03-18 17:51 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-03-18 13:34 . 2012-03-18 13:34 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-03-18 17:51 . 2012-03-18 17:51 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-03-18 13:33 . 2012-03-18 13:33 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-03-18 13:33 . 2012-03-18 13:33 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-03-18 17:51 . 2012-03-18 17:51 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-03-18 13:33 . 2012-03-18 13:33 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-03-18 17:51 . 2012-03-18 17:51 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-03-18 13:33 . 2012-03-18 13:33 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-03-18 17:51 . 2012-03-18 17:51 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-03-18 13:33 . 2012-03-18 13:33 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-03-18 17:51 . 2012-03-18 17:51 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-03-18 13:32 . 2012-03-18 13:32 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-03-18 17:50 . 2012-03-18 17:50 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-03-18 13:32 . 2012-03-18 13:32 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-03-18 17:50 . 2012-03-18 17:50 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-03-18 17:49 . 2012-03-18 17:49 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2012-03-18 17:49 . 2012-03-18 17:49 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2012-03-18 18:01 . 2012-03-18 18:01 61952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCFFRast#\6b5b7285e73ded10e6b378aa3c953aa4\PresentationCFFRasterizer.ni.dll
+ 2012-03-18 17:58 . 2012-03-18 17:58 32256 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualC\b73a08124600d3ddbf54835ec3e97ce9\Microsoft.VisualC.ni.dll
+ 2012-03-18 18:00 . 2012-03-18 18:00 78848 c:\windows\assembly\NativeImages_v2.0.50727_64\Accessibility\0345ecdd28beb31aaa47e026002d6eee\Accessibility.ni.dll
+ 2012-03-18 18:04 . 2012-03-18 18:04 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\fccf285ecdd9091a3f8d5e73d79c3300\UIAutomationProvider.ni.dll
+ 2012-03-18 18:04 . 2012-03-18 18:04 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\b669ed26c27a26dbe32110e21034faa7\PresentationCFFRasterizer.ni.dll
+ 2012-03-18 18:04 . 2012-03-18 18:04 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\6e7774cf6c789f580f403693a07a919f\Microsoft.VisualC.ni.dll
+ 2012-03-18 18:04 . 2012-03-18 18:04 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d71769228ebe7732ae31ac194fe00ff0\Accessibility.ni.dll
+ 2012-03-18 20:02 . 2012-03-18 20:02 1794 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-03-17 16:52 . 2012-03-18 17:59 5026 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1838615134-1822502067-947055908-1000_UserData.bin
- 2012-03-18 17:20 . 2012-03-18 17:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-18 20:03 . 2012-03-18 20:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-18 17:20 . 2012-03-18 17:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-18 20:03 . 2012-03-18 20:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-18 13:16 . 2011-11-17 05:39 314368 c:\windows\SysWOW64\webio.dll
+ 2012-03-18 17:54 . 2012-03-18 17:37 128424 c:\windows\SysWOW64\Wat\WatWeb.dll
+ 2012-03-18 17:54 . 2012-03-18 17:37 114600 c:\windows\SysWOW64\Wat\npWatWeb.dll
+ 2012-03-18 13:16 . 2011-02-18 05:36 428032 c:\windows\SysWOW64\vbscript.dll
- 2009-07-13 23:30 . 2009-07-14 01:16 496128 c:\windows\SysWOW64\taskschd.dll
+ 2012-03-18 13:21 . 2010-11-02 04:40 496128 c:\windows\SysWOW64\taskschd.dll
+ 2012-03-18 13:21 . 2010-11-02 04:34 192000 c:\windows\SysWOW64\taskeng.exe
+ 2012-03-18 13:21 . 2010-11-02 04:40 305152 c:\windows\SysWOW64\taskcomp.dll
+ 2012-03-18 13:21 . 2010-11-02 04:34 179712 c:\windows\SysWOW64\schtasks.exe
+ 2012-03-18 13:16 . 2011-11-17 05:39 224768 c:\windows\SysWOW64\schannel.dll
+ 2012-03-18 13:18 . 2010-12-23 05:28 850432 c:\windows\SysWOW64\sbe.dll
- 2009-07-14 00:06 . 2009-07-14 01:16 850432 c:\windows\SysWOW64\sbe.dll
+ 2012-03-18 13:18 . 2011-10-26 04:28 514560 c:\windows\SysWOW64\qdvd.dll
- 2009-07-14 00:03 . 2009-07-14 01:16 514560 c:\windows\SysWOW64\qdvd.dll
+ 2012-03-18 13:16 . 2011-08-17 04:26 465408 c:\windows\SysWOW64\psisdecd.dll
- 2011-03-17 20:02 . 2011-03-17 20:02 465408 c:\windows\SysWOW64\psisdecd.dll
+ 2012-03-18 13:20 . 2011-04-09 05:56 123904 c:\windows\SysWOW64\poqexec.exe
- 2009-07-13 23:22 . 2009-07-14 01:14 123904 c:\windows\SysWOW64\poqexec.exe
- 2009-07-14 00:11 . 2009-07-14 01:16 163840 c:\windows\SysWOW64\odbctrac.dll
+ 2012-03-18 13:17 . 2011-06-15 09:04 163840 c:\windows\SysWOW64\odbctrac.dll
+ 2012-03-18 13:17 . 2011-06-15 09:04 319488 c:\windows\SysWOW64\odbcjt32.dll
- 2009-07-14 00:12 . 2009-07-14 01:16 319488 c:\windows\SysWOW64\odbcjt32.dll
- 2009-07-14 00:12 . 2009-07-14 01:16 122880 c:\windows\SysWOW64\odbccp32.dll
+ 2012-03-18 13:17 . 2011-06-15 09:04 122880 c:\windows\SysWOW64\odbccp32.dll
+ 2012-03-18 13:18 . 2010-12-18 05:29 541184 c:\windows\SysWOW64\kerberos.dll
- 2009-07-13 23:35 . 2009-07-14 01:15 541184 c:\windows\SysWOW64\kerberos.dll
- 2011-01-16 22:03 . 2011-01-16 22:03 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-03-18 13:16 . 2011-02-18 05:35 716800 c:\windows\SysWOW64\jscript.dll
- 2009-07-13 23:26 . 2009-07-14 01:15 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL
+ 2012-03-18 13:18 . 2011-07-27 04:30 361472 c:\windows\SysWOW64\IME\IMEJP10\IMJPAPI.DLL
- 2009-07-13 23:12 . 2009-07-14 01:15 269824 c:\windows\SysWOW64\dnsapi.dll
+ 2012-03-18 13:18 . 2011-03-03 05:29 269824 c:\windows\SysWOW64\dnsapi.dll
+ 2012-03-18 13:17 . 2012-02-10 05:41 218624 c:\windows\SysWOW64\d3d10_1core.dll
+ 2012-03-18 13:17 . 2012-02-10 05:41 161792 c:\windows\SysWOW64\d3d10_1.dll
- 2009-07-13 23:27 . 2009-07-14 01:15 161792 c:\windows\SysWOW64\d3d10_1.dll
+ 2012-03-18 13:17 . 2012-02-10 05:41 739840 c:\windows\SysWOW64\d2d1.dll
+ 2012-03-18 13:18 . 2010-12-23 05:28 642048 c:\windows\SysWOW64\CPFilters.dll
+ 2009-07-14 04:54 . 2012-03-18 20:05 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-18 17:22 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-18 17:22 475136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-18 20:05 475136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-18 13:16 . 2011-02-19 03:37 294912 c:\windows\SysWOW64\atmfd.dll
+ 2012-03-18 13:21 . 2010-11-02 05:18 524288 c:\windows\system32\wmicmiplugin.dll
+ 2012-03-18 13:16 . 2011-11-17 07:12 395776 c:\windows\system32\webio.dll
+ 2012-03-18 18:41 . 2012-03-18 19:42 134000 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2012-03-18 15:59 . 2012-03-18 19:56 207014 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-03-18 17:54 . 2012-03-18 17:37 152888 c:\windows\system32\Wat\WatWeb.dll
+ 2012-03-18 17:54 . 2012-03-18 17:37 249656 c:\windows\system32\Wat\WatUX.exe
+ 2012-03-18 17:54 . 2012-03-18 17:37 138664 c:\windows\system32\Wat\npWatWeb.dll
+ 2012-03-18 13:16 . 2011-02-18 06:37 612352 c:\windows\system32\vbscript.dll
- 2011-01-16 22:08 . 2011-01-16 22:08 612352 c:\windows\system32\vbscript.dll
+ 2012-03-18 13:21 . 2010-11-02 05:10 464384 c:\windows\system32\taskeng.exe
+ 2012-03-18 13:21 . 2010-11-02 05:17 473600 c:\windows\system32\taskcomp.dll
- 2009-07-13 23:47 . 2009-07-14 01:41 473600 c:\windows\system32\taskcomp.dll
+ 2012-03-18 13:16 . 2011-11-17 07:11 136192 c:\windows\system32\sspicli.dll
- 2009-07-13 23:20 . 2009-07-14 01:41 136192 c:\windows\system32\sspicli.dll
+ 2012-03-18 13:21 . 2010-11-02 05:10 285696 c:\windows\system32\schtasks.exe
+ 2012-03-18 13:16 . 2011-11-17 07:10 340992 c:\windows\system32\schannel.dll
- 2011-01-16 21:57 . 2011-01-16 21:57 340992 c:\windows\system32\schannel.dll
- 2009-07-13 23:34 . 2009-07-14 01:39 142336 c:\windows\system32\poqexec.exe
+ 2012-03-18 13:20 . 2011-04-09 06:58 142336 c:\windows\system32\poqexec.exe
+ 2009-07-14 02:36 . 2012-03-18 17:50 645398 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-18 16:59 645398 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-18 16:59 114772 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-18 17:50 114772 c:\windows\system32\perfc009.dat
- 2009-07-14 00:28 . 2009-07-14 01:41 212992 c:\windows\system32\odbctrac.dll
+ 2012-03-18 13:17 . 2011-06-15 09:58 212992 c:\windows\system32\odbctrac.dll
+ 2012-03-18 13:17 . 2011-06-15 09:58 106496 c:\windows\system32\odbccu32.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 106496 c:\windows\system32\odbccu32.dll
+ 2012-03-18 13:17 . 2011-06-15 09:58 106496 c:\windows\system32\odbccr32.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 106496 c:\windows\system32\odbccr32.dll
+ 2012-03-18 13:17 . 2011-06-15 09:58 163840 c:\windows\system32\odbccp32.dll
- 2009-07-14 00:28 . 2009-07-14 01:41 163840 c:\windows\system32\odbccp32.dll
+ 2012-03-18 13:18 . 2010-12-18 06:11 714752 c:\windows\system32\kerberos.dll
+ 2012-03-18 13:16 . 2011-02-18 06:36 852480 c:\windows\system32\jscript.dll
- 2011-01-16 22:03 . 2011-01-16 22:03 852480 c:\windows\system32\jscript.dll
- 2009-07-13 23:40 . 2009-07-14 01:41 546304 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL
+ 2012-03-18 13:18 . 2011-07-27 05:31 546304 c:\windows\system32\IME\IMEJP10\IMJPAPI.DLL
- 2009-07-14 04:45 . 2012-03-17 17:35 293792 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-03-18 17:56 293792 c:\windows\system32\FNTCACHE.DAT
+ 2012-03-18 13:17 . 2011-04-29 03:12 161792 c:\windows\system32\drivers\srvnet.sys
- 2011-01-16 21:58 . 2011-01-16 21:58 161792 c:\windows\system32\drivers\srvnet.sys
+ 2012-03-18 13:17 . 2011-04-29 03:12 399872 c:\windows\system32\drivers\srv2.sys
+ 2012-03-18 13:17 . 2011-04-29 03:13 461312 c:\windows\system32\drivers\srv.sys
+ 2012-03-18 13:21 . 2011-05-04 02:51 126464 c:\windows\system32\drivers\mrxsmb20.sys
- 2012-03-18 13:16 . 2011-02-23 05:15 126464 c:\windows\system32\drivers\mrxsmb20.sys
+ 2012-03-18 13:21 . 2011-07-09 02:44 287744 c:\windows\system32\drivers\mrxsmb10.sys
- 2012-03-18 13:16 . 2011-02-23 05:15 157696 c:\windows\system32\drivers\mrxsmb.sys
+ 2012-03-18 13:21 . 2011-05-04 02:51 157696 c:\windows\system32\drivers\mrxsmb.sys
+ 2012-03-18 13:16 . 2011-11-17 07:17 152432 c:\windows\system32\drivers\ksecpkg.sys
- 2009-07-13 23:23 . 2009-07-13 23:23 102400 c:\windows\system32\drivers\dfsc.sys
+ 2012-03-18 13:16 . 2011-04-27 02:57 102400 c:\windows\system32\drivers\dfsc.sys
+ 2012-03-18 13:16 . 2011-11-17 07:15 460296 c:\windows\system32\drivers\cng.sys
+ 2012-03-18 13:18 . 2011-12-28 03:59 499200 c:\windows\system32\drivers\afd.sys
+ 2012-03-18 13:18 . 2011-03-03 06:17 182272 c:\windows\system32\dnsrslvr.dll
- 2009-07-13 23:21 . 2009-07-14 01:40 182272 c:\windows\system32\dnsrslvr.dll
- 2009-07-13 23:21 . 2009-07-14 01:40 356352 c:\windows\system32\dnsapi.dll
+ 2012-03-18 13:18 . 2011-03-03 06:17 356352 c:\windows\system32\dnsapi.dll

Kingault
2012-03-19, 00:21
Hang on... I messed up with copying and pasting Combofix's log.. I'll just upload it as multiple .txt files.

Blade81
2012-03-19, 09:47
Hi again,


Open notepad and copy/paste the text in the quotebox below into it:



File::
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\43974315-13446683
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\43974315-13446683



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.

Kingault
2012-03-19, 21:57
Combofix:
ComboFix 12-03-17.01 - Synusie 03/19/2012 15:30:25.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.1906 [GMT -4:00]
Running from: c:\users\Synusie\Downloads\ComboFix.exe
Command switches used :: c:\users\Synusie\Downloads\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip"
"c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\43974315-13446683"
"c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\43974315-13446683"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip
c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\43974315-13446683
.
.
((((((((((((((((((((((((( Files Created from 2012-02-19 to 2012-03-19 )))))))))))))))))))))))))))))))
.
.
2012-03-19 19:36 . 2012-03-19 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-18 20:18 . 2012-03-18 20:18 -------- d-----w- c:\program files (x86)\ESET
2012-03-18 20:16 . 2012-03-18 20:17 -------- d-----w- c:\windows\SysWow64\Adobe
2012-03-18 17:54 . 2012-03-18 17:54 -------- d-----w- c:\windows\SysWow64\Wat
2012-03-18 17:54 . 2012-03-18 17:54 -------- d-----w- c:\windows\system32\Wat
2012-03-18 17:49 . 2012-03-18 17:49 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-03-18 16:43 . 2012-03-18 16:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-18 13:30 . 2012-03-18 13:30 -------- d-----w- C:\c3ccaa07de7d4d569722b3a5
2012-03-18 13:20 . 2011-07-16 05:26 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-03-18 13:18 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-18 13:17 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-03-18 13:16 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-03-18 13:15 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-18 13:15 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-18 13:15 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-18 13:09 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-03-18 13:09 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-18 13:08 . 2012-03-18 13:08 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-03-18 02:51 . 2012-03-18 02:51 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-03-18 02:51 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-03-18 02:51 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-03-18 02:51 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-03-18 02:51 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-03-18 02:51 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-03-18 02:51 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-03-18 02:51 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-03-18 02:51 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-03-18 02:51 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-03-18 02:51 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-03-18 00:41 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-18 00:41 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-18 00:41 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-18 00:41 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-18 00:41 . 2012-03-18 00:41 -------- d-----w- c:\programdata\AVAST Software
2012-03-18 00:41 . 2012-03-18 00:41 -------- d-----w- c:\program files\AVAST Software
2012-03-17 23:46 . 2009-09-04 21:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-03-17 23:46 . 2007-03-12 20:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
2012-03-17 23:06 . 2012-03-17 23:06 -------- d-----w- c:\program files (x86)\Turbine
2012-03-17 20:31 . 2012-03-17 20:31 -------- d-----w- c:\program files (x86)\Pando Networks
2012-03-17 19:52 . 2012-03-17 19:52 -------- d-----w- c:\program files (x86)\IrfanView
2012-03-17 19:50 . 2012-03-17 19:50 -------- d-----w- c:\windows\Sun
2012-03-17 19:45 . 2006-12-01 10:20 79360 ----a-w- c:\windows\system32\swxcacls.exe
2012-03-17 19:45 . 2006-08-29 23:43 135168 ----a-w- c:\windows\system32\swreg.exe
2012-03-17 19:35 . 2012-03-17 19:35 -------- d-----w- c:\program files (x86)\ERUNT
2012-03-17 19:14 . 2012-03-17 19:14 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-17 19:13 . 2012-03-17 19:13 -------- d-----w- c:\program files (x86)\Java
2012-03-17 19:10 . 2012-03-18 03:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-17 19:10 . 2012-03-17 19:10 -------- d-----w- c:\windows\system32\Macromed
2012-03-17 18:05 . 2012-03-17 18:05 -------- d-----w- c:\program files\IDT
2012-03-17 18:05 . 2010-12-02 04:44 564224 ----a-w- c:\windows\system32\idt64mp1.exe
2012-03-17 18:05 . 2010-12-02 04:44 524800 ----a-w- c:\windows\sttray64.exe
2012-03-17 18:05 . 2010-12-02 04:44 4594176 ----a-w- c:\windows\system32\stlang64.dll
2012-03-17 18:05 . 2010-12-02 04:44 438784 ----a-w- c:\windows\system32\IDTNC64.cpl
2012-03-17 17:30 . 2012-03-17 17:30 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-03-17 17:27 . 2012-03-17 17:27 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-17 17:27 . 2012-03-17 17:27 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-03-17 17:26 . 2012-03-17 17:26 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-03-17 17:12 . 2012-03-18 13:43 -------- d-----w- c:\program files\Nightly
2012-03-17 17:07 . 2012-03-17 17:07 -------- d--h--w- c:\programdata\Common Files
2012-03-17 17:07 . 2012-03-17 17:07 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-03-17 17:07 . 2012-03-19 19:24 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-17 17:07 . 2012-03-17 17:24 -------- d-----w- c:\programdata\AVG2012
2012-03-17 17:06 . 2012-03-17 17:06 -------- d-----w- c:\program files (x86)\AVG
2012-03-17 17:05 . 2012-03-17 17:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-17 17:05 . 2012-03-17 17:05 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-17 17:04 . 2012-03-17 22:28 -------- d-----w- c:\program files\PeerBlock
2012-03-17 17:03 . 2012-03-17 17:03 -------- d-----w- c:\program files\CCleaner
2012-03-17 17:03 . 2012-03-17 17:03 -------- d-----w- c:\program files\Google
2012-03-17 17:02 . 2012-03-19 19:24 -------- d-----w- c:\programdata\MFAData
2012-03-17 17:02 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-17 17:02 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-17 17:02 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-17 17:02 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-17 17:02 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-17 17:02 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-17 17:02 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-17 17:02 . 2012-03-18 00:42 -------- d-----w- c:\program files (x86)\Google
2012-03-17 16:52 . 2012-03-17 16:52 -------- d-----w- c:\users\Public\Symantec
2012-03-17 16:50 . 2012-03-17 16:54 -------- d-----w- c:\users\Synusie
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-17 19:13 . 2011-01-16 21:45 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-17 17:24 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-18_20.04.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-18 20:17 . 2012-03-18 20:17 87942 c:\windows\SysWOW64\Adobe\Shockwave 11\uninstaller.exe
+ 2012-02-21 14:03 . 2012-02-21 14:03 86016 c:\windows\SysWOW64\Adobe\Shockwave 11\SwMenu.dll
+ 2012-02-21 13:46 . 2012-02-21 13:46 73408 c:\windows\SysWOW64\Adobe\Shockwave 11\gtapi.dll
+ 2012-02-21 13:46 . 2012-02-21 13:46 64512 c:\windows\SysWOW64\Adobe\Shockwave 11\gcapi_dll.dll
+ 2012-02-21 14:04 . 2012-02-21 14:04 12800 c:\windows\SysWOW64\Adobe\Shockwave 11\DynaPlayer.dll
+ 2009-07-14 05:10 . 2012-03-19 19:21 37770 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-17 19:49 . 2012-03-19 19:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-17 19:49 . 2012-03-18 17:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-17 19:49 . 2012-03-19 19:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-17 19:49 . 2012-03-18 17:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-18 17:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-19 19:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-03-19 19:23 79976 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-03-17 16:58 . 2012-03-19 19:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-17 16:58 . 2012-03-18 19:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-17 16:58 . 2012-03-18 19:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-17 16:58 . 2012-03-19 19:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-18 17:51 . 2012-03-18 17:51 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-03-18 17:50 . 2012-03-18 17:50 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-03-18 17:50 . 2012-03-18 17:50 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 64952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\armsvc.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2012-03-18 20:02 . 2012-03-19 10:48 1982 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-03-17 16:52 . 2012-03-19 19:21 5694 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1838615134-1822502067-947055908-1000_UserData.bin
+ 2012-03-19 19:44 . 2012-03-19 19:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-18 20:03 . 2012-03-18 20:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-19 19:44 . 2012-03-19 19:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-18 20:03 . 2012-03-18 20:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-03-18 20:05 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-19 19:45 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-19 19:45 475136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-18 20:05 475136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-21 13:46 . 2012-02-21 13:46 279992 c:\windows\SysWOW64\Adobe\Shockwave 11\SymCCIS.dll
+ 2012-02-21 14:03 . 2012-02-21 14:03 114176 c:\windows\SysWOW64\Adobe\Shockwave 11\SwInit.exe
+ 2012-02-21 14:04 . 2012-02-21 14:04 434176 c:\windows\SysWOW64\Adobe\Shockwave 11\Proj.dll
+ 2012-02-21 14:03 . 2012-02-21 14:03 365056 c:\windows\SysWOW64\Adobe\Shockwave 11\Plugin.dll
+ 2012-02-21 13:50 . 2012-02-21 13:50 990208 c:\windows\SysWOW64\Adobe\Shockwave 11\iml32.dll
+ 2012-02-21 14:03 . 2012-02-21 14:03 543232 c:\windows\SysWOW64\Adobe\Shockwave 11\Control.dll
+ 2012-02-02 13:56 . 2012-02-02 13:56 113592 c:\windows\SysWOW64\Adobe\Director\SWDNLD.EXE
+ 2012-02-02 13:56 . 2012-02-02 13:56 281016 c:\windows\SysWOW64\Adobe\Director\SwDir.dll
+ 2012-02-21 14:04 . 2012-02-21 14:04 145920 c:\windows\SysWOW64\Adobe\Director\np32dsw.dll
+ 2012-03-18 18:41 . 2012-03-18 21:56 153426 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2012-03-18 15:59 . 2012-03-19 19:43 213424 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-03-18 17:50 645398 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-19 10:47 645398 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-18 17:50 114772 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-19 10:47 114772 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-03-18 20:02 284088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-19 19:43 284088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-26 09:47 . 2011-12-26 09:47 261912 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe
+ 2011-12-26 08:39 . 2011-12-26 08:39 192792 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2011-04-12 19:11 . 2011-04-12 19:11 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
- 2010-03-18 17:16 . 2010-03-18 17:16 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-03-18 17:50 . 2012-03-18 17:50 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-03-18 17:50 . 2012-03-18 17:50 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-03-18 17:50 . 2012-03-18 17:50 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-03-18 17:50 . 2012-03-18 17:50 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-03-18 17:50 . 2012-03-18 17:50 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 729088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\09ee8d91e80e00991226aec062aa1e92\System.Security.ni.dll
+ 2012-03-19 04:30 . 2012-03-19 04:30 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\d038332bf07a163f855200919ee678cc\System.Numerics.ni.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 377344 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\30bdf637fad5e84fc46d7322f487c801\System.Dynamic.ni.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 980480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\768ccd38c2bf1f7045e79ac03cb679f1\System.ComponentModel.Composition.ni.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 450560 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\daec0a92c216faca879f205a2e8e8169\PresentationFramework.Aero.ni.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\942a5e3ee871f5f4a323d95505f9667c\PresentationFramework.Luna.ni.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 327680 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\65bd29660d00ac08c14edad26ce38e2c\PresentationFramework.Royale.ni.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 284160 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\446fc2e471272940ddac8c8c949000cf\PresentationFramework.Classic.ni.dll
- 2009-07-14 04:54 . 2012-03-18 20:05 3735552 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-19 19:45 3735552 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-21 14:10 . 2012-02-21 14:10 1041848 c:\windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1164634.exe
+ 2012-02-21 13:46 . 2012-02-21 13:46 2376368 c:\windows\SysWOW64\Adobe\Shockwave 11\gt.exe
+ 2012-02-21 13:46 . 2012-02-21 13:46 1225216 c:\windows\SysWOW64\Adobe\Shockwave 11\gi.dll
+ 2012-02-21 13:52 . 2012-02-21 13:52 1742336 c:\windows\SysWOW64\Adobe\Shockwave 11\dirapi.dll
- 2009-07-14 02:34 . 2012-03-18 18:10 9699328 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-03-19 19:28 9699328 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 04:45 . 2012-03-18 17:58 3777877 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-03-19 19:21 3777877 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-04-12 19:11 . 2011-04-12 19:11 5028200 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll
+ 2011-04-13 02:16 . 2011-04-13 02:16 1525064 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
+ 2011-04-12 19:11 . 2011-04-12 19:11 5028200 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 3511880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 3511880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 3111768 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 3111768 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 3453792 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 3453792 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 4967248 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-03-18 17:51 . 2012-03-18 17:51 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-03-18 17:50 . 2012-03-18 17:50 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-03-18 17:50 . 2012-03-18 17:50 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-03-18 17:50 . 2012-03-18 17:50 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 5197648 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-03-18 17:50 . 2012-03-18 17:50 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-06-06 20:45 . 2011-06-06 20:45 2318848 c:\windows\Installer\7e8f8.msi
+ 2011-12-26 10:24 . 2011-12-26 10:24 8835072 c:\windows\Installer\48f495.msp
+ 2011-06-06 16:55 . 2011-06-06 16:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 16:55 . 2011-06-06 16:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2012-03-19 19:29 . 2012-03-19 19:29 9699328 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2012-03-19 10:47 . 2012-03-19 10:47 3798016 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ff4ecc058f27a9c36136e5d38e43fb59\WindowsBase.ni.dll
+ 2012-03-19 10:46 . 2012-03-19 10:46 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Temp\2438-0\Microsoft.CSharp.dll
+ 2012-03-19 10:46 . 2012-03-19 10:46 9090560 c:\windows\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 5618176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 1652736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 6798336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\97586cdb698c29ba95fd83e44a0c0ca6\System.Data.ni.dll
+ 2012-03-19 10:48 . 2012-03-19 10:48 2545152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\cc02699121b243dc52e77197ad973fc3\System.Data.SqlXml.ni.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 2512384 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\3d105e94140b8c742ed50a2c6194394c\System.Data.Linq.ni.dll
+ 2012-03-19 10:46 . 2012-03-19 10:46 7054336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
+ 2012-03-19 10:48 . 2012-03-19 10:48 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\5e4d35f27edcdebe56cc5bb5b5174275\Microsoft.CSharp.ni.dll
+ 2012-01-03 17:44 . 2012-01-03 17:44 15929344 c:\windows\Installer\7e8f9.msp
+ 2011-04-13 15:48 . 2011-04-13 15:48 35326464 c:\windows\Installer\48f48d.msp
+ 2011-06-06 16:55 . 2011-06-06 16:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
+ 2012-03-19 04:29 . 2012-03-19 04:29 11879936 c:\windows\assembly\NativeImages_v4.0.30319_64\System\b0fb08b12d22c8f5a5cf76de090816e2\System.ni.dll
+ 2012-03-19 04:29 . 2012-03-19 04:29 19352064 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b10e2a4a87b27f241113ead9433e25da\mscorlib.ni.dll
+ 2012-03-19 10:47 . 2012-03-19 10:47 13137920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll
+ 2012-03-19 10:48 . 2012-03-19 10:48 17671168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b72152b4330e2f009a868aa16c47acb4\PresentationFramework.ni.dll
+ 2012-03-19 10:48 . 2012-03-19 10:48 11106816 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\ed36e9ff00f2fb0f33f1c08b20a7afc0\PresentationCore.ni.dll
+ 2012-03-19 04:30 . 2012-03-19 04:30 14407680 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.

Kingault
2012-03-19, 21:57
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-17 39408]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Synusie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-17 136176]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-17 136176]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-11-04 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-22 1819752]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 21:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-17 17:02]
.
2012-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-17 17:02]
.
2012-03-17 c:\windows\Tasks\HPCeeScheduleForSYNUSIE-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-07 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-07 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-07 417304]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-02 524800]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Synusie\AppData\Roaming\Mozilla\Firefox\Profiles\mtzbz1lp.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Turbine\The Lord of the Rings Online\TurbineLauncher.exe
c:\program files (x86)\Turbine\The Lord of the Rings Online\lotroclient.exe
.
**************************************************************************
.
Completion time: 2012-03-19 15:51:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-19 19:51
ComboFix2.txt 2012-03-18 20:08
ComboFix3.txt 2012-03-18 17:25
.
Pre-Run: 421,667,000,320 bytes free
Post-Run: 421,388,771,328 bytes free
.
- - End Of File - - AA0B05CB3BBA4B7FE5B90A0229A898D0

Blade81
2012-03-20, 08:44
Good. How's the system running now?

Kingault
2012-03-20, 21:27
It's running exactly the same as it did before I had the virus.
In other words, perfectly.

Blade81
2012-03-20, 23:08
Good. Let's see the final steps then :)


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.


Now lets uninstall ComboFix:

Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK



UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.


Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:

Kingault
2012-03-21, 00:02
Done.
Thank you for the help.

Kingault
2012-03-21, 00:05
Is it safe for me to delete the TDSSKiller Quarantine folder?

Blade81
2012-03-21, 07:41
You're welcome :)


Is it safe for me to delete the TDSSKiller Quarantine folder?
Yes, you may delete that.

Kingault
2012-03-21, 22:03
Thanks again.

Blade81
2012-03-22, 07:22
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.