Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Music playing in background on its own - Google links going to spam sites


  • This topic is locked This topic is locked
27 replies to this topic

#1 That_Steve_Guy

That_Steve_Guy

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 21 October 2011 - 03:33 PM

I started on the "Am I Infected What do I" do forum, the link to the thread below:
http://www.bleepingcomputer.com/forums/topic424152.html

I was surfing the internet looking for some project file the other day and somehow got a nasty virus/malware. I started noticing it when I was googling and being redirected to spam sites when clicking on search results, most of which had nothign to do with my search. PLus the URL did not match the result I clicked on and if I copied and pasted the URL directly it worked fine. THen i started getting music playing in teh background that wouldn't go away until I killed <iexplore.exe *32> in task manager.

The previous forum thread details what we have done up to now.. but for a synopsis:

Security check - Successfully ran - logs at end of post.
SUPERAntiSPyware Free - Successfully scanned in Safe mode - Logs at end of Post
Malwarebytes - Anty Malware - I removed my current version and followed your instructions to download and install a new version ensuring to rename the file before saving in download. I ran the Malware and have attached results to end of post.
ESET - no logs attached - however it kept crashing due to teh virus that was opening another window and starting music/adds which eventually through an explorer error and then crashed IE including the virus scan. After 2 trys I downloaded the exe to my desktop and ran it there.

I have since tried running windows update (as it popped up to upgrade explorer to version 9). In hopes it may kills the IE issue i tried, but still having same problems.

NOTE: I also have 64 Bit so I did not run the GMER program as directed.

---------------------------------------------------------------
- DDS LOG -
---------------------------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Steven at 16:18:53 on 2011-10-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3020.1512 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\windows\system32\mfevtps.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\1.3.21.69\GoogleCrashHandler.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
C:\Users\Steven\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\REGSVR32.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.toshiba.com/g/
uDefault_Page_URL = hxxp://start.toshiba.com/g/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111018132901.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
StartupFolder: C:\Users\Steven\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Steven\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Steven\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDQUIC~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WDDMStatus.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{28EE12E2-DE7B-4D55-9938-60DF4CB07168} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{28EE12E2-DE7B-4D55-9938-60DF4CB07168}\84F4D454633373 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{75763A0C-99E5-43AE-8312-2AA150CD3CA7} : DhcpNameServer = 68.87.74.166 68.87.68.166
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111018132901.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]
R1 MOBK755Filter;MOBK755Filter;C:\windows\system32\DRIVERS\MOBK755.sys --> C:\windows\system32\DRIVERS\MOBK755.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-10-18 355440]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-10-18 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-10-18 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-10-18 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-10-18 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-10-18 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\windows\system32\mfevtps.exe" --> C:\windows\system32\mfevtps.exe [?]
R2 MOBK755backup;McAfee Online Backup Service;C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe [2010-9-20 207672]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-17 2656280]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-8-1 317328]
R2 WDFMEService;WDFMEService;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-8-1 1978256]
R2 WDRulesService;WDRulesService;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-8-1 1338256]
R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-5-17 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-17 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-19 366152]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-17 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-10-19 19:20:56 -------- d-----w- C:\Program Files (x86)\ESET
2011-10-19 19:10:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-19 17:29:20 -------- d-----w- C:\Users\Steven\AppData\Roaming\SUPERAntiSpyware.com
2011-10-19 17:28:21 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-10-19 17:28:20 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-10-19 04:16:06 -------- d-----w- C:\$RECYCLE.BIN
2011-10-19 03:40:50 -------- d-----w- C:\ComboFix
2011-10-19 02:12:16 98816 ----a-w- C:\windows\sed.exe
2011-10-19 02:12:16 518144 ----a-w- C:\windows\SWREG.exe
2011-10-19 02:12:16 256000 ----a-w- C:\windows\PEV.exe
2011-10-19 02:12:16 208896 ----a-w- C:\windows\MBR.exe
2011-10-19 01:50:25 -------- d-----w- C:\Rooter$
2011-10-18 23:05:26 -------- d-----w- C:\Users\Steven\AppData\Roaming\Malwarebytes
2011-10-18 23:05:17 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-18 17:34:03 -------- d-----w- C:\Program Files (x86)\McAfeeMOBK
2011-10-18 17:33:54 66040 ----a-w- C:\windows\System32\drivers\MOBK755.sys
2011-10-18 17:33:53 -------- d-----w- C:\Program Files (x86)\McAfee Online Backup
2011-10-18 17:29:21 -------- d-----w- C:\Program Files (x86)\McAfee.com
2011-10-18 17:29:01 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2011-10-18 17:29:00 9984 ----a-w- C:\windows\System32\drivers\mfeclnk.sys
2011-10-18 16:24:16 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{823EF51E-6B3B-4E42-8F47-478CC2469289}\mpengine.dll
2011-10-12 21:45:06 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 17:50:39 3138048 ----a-w- C:\windows\System32\win32k.sys
2011-10-11 17:50:38 75776 ----a-w- C:\windows\SysWow64\psisrndr.ax
2011-10-11 17:50:38 613888 ----a-w- C:\windows\System32\psisdecd.dll
2011-10-11 17:50:38 465408 ----a-w- C:\windows\SysWow64\psisdecd.dll
2011-10-11 17:50:38 108032 ----a-w- C:\windows\System32\psisrndr.ax
2011-10-11 17:50:30 861696 ----a-w- C:\windows\System32\oleaut32.dll
2011-10-11 17:50:30 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2011-10-11 17:50:30 331776 ----a-w- C:\windows\System32\oleacc.dll
2011-10-11 17:50:30 233472 ----a-w- C:\windows\SysWow64\oleacc.dll
2011-09-29 17:48:50 -------- d-----w- C:\Program Files\Western Digital
2011-09-26 01:54:28 -------- d--h--w- C:\Users\Steven\AppData\Local\CrashDumps
.
==================== Find3M ====================
.
.
============= FINISH: 16:28:55.78 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 AM

Posted 25 October 2011 - 01:13 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 That_Steve_Guy

That_Steve_Guy
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 26 October 2011 - 10:22 AM

UPDATE:

- I had already run defogger and have not re-enabled so we are good with that.
- I have not used my laptop for much of anything for fear of someone hijacking any data i have. So the only update I have on its condition is that the explorer window still pops up on its own and music starts as well. Google search results still redirect me to SPAM sites 50% - 75% of the time.. No real change as of yet.


DDS LOG BELOW:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Steven at 11:04:06 on 2011-10-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3020.1836 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\windows\system32\mfevtps.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
C:\Users\Steven\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\notepad.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.toshiba.com/g/
uDefault_Page_URL = hxxp://start.toshiba.com/g/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111021165943.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
StartupFolder: C:\Users\Steven\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Steven\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Steven\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDQUIC~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WDDMStatus.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{28EE12E2-DE7B-4D55-9938-60DF4CB07168} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{28EE12E2-DE7B-4D55-9938-60DF4CB07168}\84F4D454633373 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{75763A0C-99E5-43AE-8312-2AA150CD3CA7} : DhcpNameServer = 68.87.74.166 68.87.68.166
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111021165943.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]
R1 MOBK755Filter;MOBK755Filter;C:\windows\system32\DRIVERS\MOBK755.sys --> C:\windows\system32\DRIVERS\MOBK755.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-10-18 200056]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\windows\system32\mfevtps.exe" --> C:\windows\system32\mfevtps.exe [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-17 2656280]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-8-1 317328]
R2 WDFMEService;WDFMEService;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-8-1 1978256]
R2 WDRulesService;WDRulesService;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-8-1 1338256]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-5-17 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-17 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-19 366152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-10-18 355440]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-10-18 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-10-18 355440]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-10-18 355440]
S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-10-18 245352]
S2 MOBK755backup;McAfee Online Backup Service;C:\Program Files (x86)\McAfee Online Backup\MOBK755backup.exe [2010-9-20 207672]
S3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-17 136176]
S3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-10-19 19:20:56 -------- d-----w- C:\Program Files (x86)\ESET
2011-10-19 19:10:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-19 17:29:20 -------- d-----w- C:\Users\Steven\AppData\Roaming\SUPERAntiSpyware.com
2011-10-19 17:28:21 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-10-19 17:28:20 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-10-19 04:16:06 -------- d-----w- C:\$RECYCLE.BIN
2011-10-19 03:40:50 -------- d-----w- C:\ComboFix
2011-10-19 02:12:16 98816 ----a-w- C:\windows\sed.exe
2011-10-19 02:12:16 518144 ----a-w- C:\windows\SWREG.exe
2011-10-19 02:12:16 256000 ----a-w- C:\windows\PEV.exe
2011-10-19 02:12:16 208896 ----a-w- C:\windows\MBR.exe
2011-10-19 01:50:25 -------- d-----w- C:\Rooter$
2011-10-18 23:05:26 -------- d-----w- C:\Users\Steven\AppData\Roaming\Malwarebytes
2011-10-18 23:05:17 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-18 17:34:03 -------- d-----w- C:\Program Files (x86)\McAfeeMOBK
2011-10-18 17:33:54 66040 ----a-w- C:\windows\System32\drivers\MOBK755.sys
2011-10-18 17:33:53 -------- d-----w- C:\Program Files (x86)\McAfee Online Backup
2011-10-18 17:29:21 -------- d-----w- C:\Program Files (x86)\McAfee.com
2011-10-18 17:29:01 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2011-10-18 17:29:00 9984 ----a-w- C:\windows\System32\drivers\mfeclnk.sys
2011-10-18 16:24:16 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{823EF51E-6B3B-4E42-8F47-478CC2469289}\mpengine.dll
2011-10-12 21:45:06 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 17:50:39 3138048 ----a-w- C:\windows\System32\win32k.sys
2011-10-11 17:50:38 75776 ----a-w- C:\windows\SysWow64\psisrndr.ax
2011-10-11 17:50:38 613888 ----a-w- C:\windows\System32\psisdecd.dll
2011-10-11 17:50:38 465408 ----a-w- C:\windows\SysWow64\psisdecd.dll
2011-10-11 17:50:38 108032 ----a-w- C:\windows\System32\psisrndr.ax
2011-10-11 17:50:30 861696 ----a-w- C:\windows\System32\oleaut32.dll
2011-10-11 17:50:30 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2011-10-11 17:50:30 331776 ----a-w- C:\windows\System32\oleacc.dll
2011-10-11 17:50:30 233472 ----a-w- C:\windows\SysWow64\oleacc.dll
2011-09-29 17:48:50 -------- d-----w- C:\Program Files\Western Digital
.
==================== Find3M ====================
.
.
============= FINISH: 11:14:21.92 ===============


ATTACH.TXT LOG FILE BELOW:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/8/2011 12:22:07 AM
System Uptime: 10/26/2011 10:39:53 AM (1 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz | CPU | 798/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 209.383 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6500 E709a
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 6500 E709a
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP24: 10/5/2011 5:45:55 PM - Windows Update
RP25: 10/9/2011 9:50:37 AM - Windows Update
RP26: 10/12/2011 7:33:08 AM - Windows Update
RP27: 10/18/2011 9:29:24 AM - Windows Update
RP29: 10/18/2011 11:54:12 AM - Windows Defender Checkpoint
RP30: 10/18/2011 11:55:16 AM - Restore Operation
RP31: 10/19/2011 12:52:49 AM - Removed PixiePack Codec Pack
RP32: 10/21/2011 3:46:12 PM - Windows Update
RP33: 10/21/2011 4:03:23 PM - Installed TOSHIBA Service Station
.
==== Installed Programs ======================
.
6500_E709_eDocs
6500_E709_Help
6500_E709a
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1) MUI
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Best Buy pc app
Bing Bar
Bing Bar Platform
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DocMgr
DocProc
Dropbox
ESET Online Scanner v3
Fax
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 20
Junk Mail filter update
Label@Once 1.0
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
McAfee Internet Security
McAfee Online Backup
Mesh Runtime
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
PlayReady PC Runtime x86
ProductContext
QuickBooks
QuickBooks Pro 2010
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Scan
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft InfoPath 2010 (KB2510065)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2584066)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Word 2010 (KB2345000)
SmartWebPrinting
SolutionCenter
Status
Toolbox
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
ToshibaRegistration
TrayApp
Tunebite
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2583935)
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
10/26/2011 10:42:40 AM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
10/26/2011 10:42:27 AM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
10/26/2011 10:42:27 AM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
10/19/2011 7:03:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8005d537a7, 0x0000000000000000, 0x0000000077790000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 101911-26176-01.
10/19/2011 12:13:58 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/19/2011 1:40:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
10/19/2011 1:39:34 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/19/2011 1:39:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/19/2011 1:39:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/19/2011 1:39:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/19/2011 1:39:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/19/2011 1:39:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/19/2011 1:39:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/19/2011 1:39:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk MOBK755Filter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf
10/19/2011 1:39:17 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/19/2011 1:39:17 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/19/2011 1:39:17 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/19/2011 1:39:17 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/19/2011 1:39:17 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/19/2011 1:39:17 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/19/2011 1:39:17 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/19/2011 1:39:17 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/19/2011 1:39:17 PM, Error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
10/19/2011 1:39:17 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
10/19/2011 1:39:17 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
10/19/2011 1:39:17 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
10/19/2011 1:39:17 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
10/19/2011 1:39:17 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
10/19/2011 1:39:17 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/19/2011 1:39:17 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/19/2011 1:39:17 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 AM

Posted 26 October 2011 - 10:24 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 That_Steve_Guy

That_Steve_Guy
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 28 October 2011 - 12:57 PM

I followed instructions to disable all anti-virus / anti-malware etc..

Downloaded the ComboFix and ran it today.
It did give me the registry error you mentioned which cleared after I restarted.
To test, I went to google and seach on "Bleeping Computer" when I clicked on the link it redirected me to: http://63.209.69.107/search/web/Bleeping%20Computerx/a36/itcg-20342/v5

I have not heard music as of yet in the background, but it is normally sporatic and I am leaving my volume up for now and will re-post if/when it happens again.

Combofix Logs Below:

ComboFix 11-10-28.04 - Steven 10/28/2011 11:46:01.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3020.1799 [GMT -4:00]
Running from: c:\users\Steven\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-28 16:15 . 2011-10-28 16:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-21 20:02 . 2011-10-21 20:02 -------- d-----w- c:\users\Steven\AppData\Roaming\InstallShield
2011-10-19 19:20 . 2011-10-19 19:20 -------- d-----w- c:\program files (x86)\ESET
2011-10-19 19:10 . 2011-10-19 19:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-19 17:29 . 2011-10-19 17:29 -------- d-----w- c:\users\Steven\AppData\Roaming\SUPERAntiSpyware.com
2011-10-19 17:28 . 2011-10-19 17:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-19 17:28 . 2011-10-19 17:28 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-19 01:50 . 2011-10-19 01:51 -------- d-----w- C:\Rooter$
2011-10-18 23:05 . 2011-10-18 23:05 -------- d-----w- c:\users\Steven\AppData\Roaming\Malwarebytes
2011-10-18 23:05 . 2011-10-18 23:05 -------- d-----w- c:\programdata\Malwarebytes
2011-10-18 17:33 . 2011-10-18 17:33 -------- dc----w- c:\windows\system32\DRVSTORE
2011-10-18 17:33 . 2010-09-20 07:27 66040 ----a-w- c:\windows\system32\drivers\MOBK755.sys
2011-10-18 17:33 . 2011-10-18 17:33 -------- d-----w- c:\program files (x86)\McAfee Online Backup
2011-10-18 17:29 . 2011-10-18 17:30 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2011-10-18 17:29 . 2011-04-14 18:01 9984 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-10-18 17:28 . 2011-04-14 18:01 149032 ----a-w- c:\windows\system32\mfevtps.exe
2011-10-18 17:28 . 2011-04-14 18:01 94992 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-10-18 17:28 . 2011-04-14 18:01 75160 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-10-18 17:28 . 2011-04-14 18:01 63056 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-10-18 17:28 . 2011-04-14 18:01 530304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-10-18 17:28 . 2011-04-14 18:01 441840 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-10-18 17:28 . 2011-04-14 18:01 283744 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-10-18 17:28 . 2011-04-14 18:01 190520 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-10-18 17:28 . 2011-04-14 18:01 121376 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-10-18 17:28 . 2011-10-18 17:30 -------- d-----w- c:\program files\Common Files\McAfee
2011-10-18 17:28 . 2011-10-18 17:34 -------- d-----w- c:\program files\McAfee
2011-10-18 17:28 . 2011-10-19 01:35 -------- d-----w- c:\program files (x86)\McAfee
2011-10-18 17:15 . 2011-10-18 21:28 -------- d-----w- c:\programdata\McAfee
2011-10-18 16:24 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{823EF51E-6B3B-4E42-8F47-478CC2469289}\mpengine.dll
2011-10-12 21:45 . 2011-10-12 21:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 17:50 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-11 17:50 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-11 17:50 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-11 17:50 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-11 17:50 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-11 17:50 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-11 17:50 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-11 17:50 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-11 17:50 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-09-29 17:48 . 2011-10-18 16:04 -------- d-----w- c:\program files\Western Digital
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 04:23 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-19_02.53.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-21 19:48 . 2011-10-21 19:48 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2011-10-21 19:48 . 2011-10-21 19:48 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2011-10-21 19:48 . 2011-10-21 19:48 54272 c:\windows\SysWOW64\pngfilt.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 48640 c:\windows\SysWOW64\mshtmler.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 11776 c:\windows\SysWOW64\mshta.exe
+ 2011-10-21 19:48 . 2011-10-21 19:48 10752 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-10-21 19:48 . 2011-10-21 19:48 41472 c:\windows\SysWOW64\msfeedsbs.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 23552 c:\windows\SysWOW64\licmgr10.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 78848 c:\windows\SysWOW64\inseng.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 35840 c:\windows\SysWOW64\imgutil.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 86528 c:\windows\SysWOW64\iesysprep.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 74752 c:\windows\SysWOW64\iesetup.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 31744 c:\windows\SysWOW64\iernonce.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 74240 c:\windows\SysWOW64\ie4uinit.exe
+ 2011-10-21 19:48 . 2011-10-21 19:48 66048 c:\windows\SysWOW64\icardie.dll
+ 2010-11-21 03:09 . 2011-10-28 15:11 45212 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-28 15:11 35922 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-21 19:48 . 2011-10-21 19:48 91648 c:\windows\system32\SetIEInstalledDate.exe
+ 2011-10-21 19:48 . 2011-10-21 19:48 89088 c:\windows\system32\RegisterIEPKEYs.exe
+ 2011-10-21 19:48 . 2011-10-21 19:48 65024 c:\windows\system32\pngfilt.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 48640 c:\windows\system32\mshtmler.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 96256 c:\windows\system32\mshtmled.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 12288 c:\windows\system32\mshta.exe
+ 2011-10-21 19:48 . 2011-10-21 19:48 10752 c:\windows\system32\msfeedssync.exe
+ 2011-10-21 19:48 . 2011-10-21 19:48 55296 c:\windows\system32\msfeedsbs.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 30720 c:\windows\system32\licmgr10.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 85504 c:\windows\system32\jsproxy.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 49664 c:\windows\system32\imgutil.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 85504 c:\windows\system32\iesetup.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 39936 c:\windows\system32\iernonce.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 89088 c:\windows\system32\ie4uinit.exe
+ 2011-10-21 19:48 . 2011-10-21 19:48 82432 c:\windows\system32\icardie.dll
+ 2011-08-08 15:19 . 2011-10-28 15:16 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-08 15:19 . 2011-10-19 02:52 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-08 15:19 . 2011-10-28 15:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-08 15:19 . 2011-10-19 02:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-19 02:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-28 15:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-08 04:24 . 2011-10-21 19:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-08 04:24 . 2011-10-19 02:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-18 16:24 . 2011-10-21 19:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-18 16:24 . 2011-10-19 01:37 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-18 16:24 . 2011-10-21 19:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-10-18 16:24 . 2011-10-19 01:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-10-18 16:24 . 2011-10-19 01:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2011-10-18 16:24 . 2011-10-21 19:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2011-08-08 04:24 . 2011-10-21 19:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-08 04:24 . 2011-10-19 02:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-08 04:24 . 2011-10-19 02:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-08 04:24 . 2011-10-21 19:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-18 17:16 . 2010-03-18 17:16 87408 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsFormsIntegration.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 93024 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\UIAutomationTypes.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 35688 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\UIAutomationProvider.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 17784 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Windows.Presentation.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 58240 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Windows.Input.Manipulations.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 83272 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PenIMC.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 39256 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WMINet_Utils.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 44920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.ApplicationServices.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 37240 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Channels.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 64352 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Numerics.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 52608 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.EnterpriseServices.Thunk.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 51032 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Device.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 50552 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.DataSetExtensions.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 81784 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Configuration.Install.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 81800 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.DataAnnotations.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 39784 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.AddIn.Contract.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 68952 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMDiagnostics.dll
+ 2010-03-18 19:58 . 2010-03-18 19:58 96088 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\SetupUtility.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 78152 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\3082\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\3076\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\2070\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\2052\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1055\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1053\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1049\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1046\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1045\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17752 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1044\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1043\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15192 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1042\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 15704 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1041\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1040\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1038\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 16728 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1037\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1036\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1035\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1033\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 19288 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1032\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18776 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1031\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1030\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 18264 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1029\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 14168 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1028\SetupResources.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 17240 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\1025\SetupResources.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 48512 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelPerformanceCounters.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 14160 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SbsNclPerf.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 65360 c:\windows\Microsoft.NET\Framework64\v4.0.30319\regtlibv12.exe
+ 2010-03-18 18:27 . 2010-03-18 18:27 32080 c:\windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
+ 2010-03-18 18:27 . 2010-03-18 18:27 51528 c:\windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
+ 2010-03-18 18:27 . 2010-03-18 18:27 24408 c:\windows\Microsoft.NET\Framework64\v4.0.30319\normalization.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 67920 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 27984 c:\windows\Microsoft.NET\Framework64\v4.0.30319\MUI\0409\mscorsecr.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 45904 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorpe.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 20816 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscoreeis.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 62880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 12128 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualC.Dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 97680 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 36168 c:\windows\Microsoft.NET\Framework64\v4.0.30319\jsc.exe
+ 2010-03-18 18:27 . 2010-03-18 18:27 94552 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ISymWrapper.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 67416 c:\windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtilLib.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 27480 c:\windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
+ 2010-03-18 18:27 . 2010-03-18 18:27 48456 c:\windows\Microsoft.NET\Framework64\v4.0.30319\fusion.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 11592 c:\windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
+ 2010-03-18 18:27 . 2010-03-18 18:27 35656 c:\windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
+ 2010-03-18 18:27 . 2010-03-18 18:27 91488 c:\windows\Microsoft.NET\Framework64\v4.0.30319\CustomMarshalers.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 53072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Culture.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 94536 c:\windows\Microsoft.NET\Framework64\v4.0.30319\CasPol.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 29008 c:\windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe
+ 2010-03-18 18:27 . 2010-03-18 18:27 29528 c:\windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess32.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 29016 c:\windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 17240 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Accessibility.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 10064 c:\windows\Microsoft.NET\Framework64\v4.0.30319\1033\CvtResUI.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 24400 c:\windows\Microsoft.NET\Framework64\v4.0.30319\1033\alinkui.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 87408 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsFormsIntegration.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 93024 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationTypes.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 35688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationProvider.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 17784 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Presentation.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 58240 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Windows.Input.Manipulations.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 67912 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 31576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WMINet_Utils.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 44920 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.ApplicationServices.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 37240 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Channels.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 64352 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Numerics.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 45952 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Thunk.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 51032 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Device.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 50552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.DataSetExtensions.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 81784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Configuration.Install.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 81800 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.DataAnnotations.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 39784 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.Contract.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 68952 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 42880 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelPerformanceCounters.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 13648 c:\windows\Microsoft.NET\Framework\v4.0.30319\SbsNclPerf.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 58192 c:\windows\Microsoft.NET\Framework\v4.0.30319\regtlibv12.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 32592 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 52040 c:\windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 21336 c:\windows\Microsoft.NET\Framework\v4.0.30319\normalization.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 56656 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 27984 c:\windows\Microsoft.NET\Framework\v4.0.30319\MUI\0409\mscorsecr.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 40784 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpe.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 20816 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreeis.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 62880 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 12128 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.Dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 97680 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 36168 c:\windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 78168 c:\windows\Microsoft.NET\Framework\v4.0.30319\ISymWrapper.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 58200 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtilLib.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 27992 c:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 42312 c:\windows\Microsoft.NET\Framework\v4.0.30319\fusion.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 11592 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 88904 c:\windows\Microsoft.NET\Framework\v4.0.30319\dfdll.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 31048 c:\windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 81248 c:\windows\Microsoft.NET\Framework\v4.0.30319\CustomMarshalers.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 44368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Culture.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 95048 c:\windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 29008 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 29528 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 29016 c:\windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 17240 c:\windows\Microsoft.NET\Framework\v4.0.30319\Accessibility.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 10064 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\CvtResUI.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 24400 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\alinkui.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-10-26 15:37 . 2011-10-26 15:37 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-10-26 15:37 . 2011-10-26 15:37 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-10-22 14:34 . 2011-10-22 14:34 25088 c:\windows\Installer\ad0ac.msi
+ 2011-10-28 15:51 . 2011-10-28 15:51 42496 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\ae6799bd4dc4d1a2a65cdcc8a82cea40\System.Windows.Presentation.ni.dll
+ 2011-10-28 15:51 . 2011-10-28 15:51 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\cb9aa37454ca42d505366aa421872b49\System.Web.ApplicationServices.ni.dll
+ 2011-10-28 15:48 . 2011-10-28 15:48 97280 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\47d59056ac291cf639edc1499ad22e84\System.AddIn.Contract.ni.dll
+ 2011-10-28 15:46 . 2011-10-28 15:46 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\35566e921b6dc6f070408594e730faaa\Microsoft.VisualC.ni.dll
+ 2011-10-28 15:45 . 2011-10-28 15:45 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\a354197a45ffa73be93177ed5b0ce377\dfsvc.ni.exe
+ 2011-10-28 15:45 . 2011-10-28 15:45 57856 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\dea86a81aacc28e408507e311da6d2fa\Accessibility.ni.dll
+ 2011-08-09 07:47 . 2011-10-28 15:11 6210 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1561732382-1320324981-2356204285-1001_UserData.bin
- 2011-10-19 02:51 . 2011-10-19 02:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-28 16:18 . 2011-10-28 16:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-28 16:18 . 2011-10-28 16:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-19 02:51 . 2011-10-19 02:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.3082.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.3076.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.2070.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8024 c:\windows\Microsoft.NET\NETFXRepair.2052.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1055.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1053.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1049.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1046.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1045.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1044.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1043.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1042.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1041.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1040.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1038.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1037.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1036.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1035.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1033.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 9048 c:\windows\Microsoft.NET\NETFXRepair.1032.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1031.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1030.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1029.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8024 c:\windows\Microsoft.NET\NETFXRepair.1028.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8536 c:\windows\Microsoft.NET\NETFXRepair.1025.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 8032 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelRegUI.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 8040 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 8032 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelRegUI.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8040 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 8032 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 152064 c:\windows\SysWOW64\wextract.exe
+ 2011-10-21 19:48 . 2011-10-21 19:48 203776 c:\windows\SysWOW64\webcheck.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 420864 c:\windows\SysWOW64\vbscript.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 231936 c:\windows\SysWOW64\url.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 123392 c:\windows\SysWOW64\occache.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 771424 c:\windows\SysWOW64\msvcr100_clr0400.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 162304 c:\windows\SysWOW64\msrating.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 161792 c:\windows\SysWOW64\msls31.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 580608 c:\windows\SysWOW64\msfeeds.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 716800 c:\windows\SysWOW64\jscript.dll
- 2011-08-08 17:17 . 2011-02-18 05:41 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 150528 c:\windows\SysWOW64\iexpress.exe
+ 2011-10-21 19:48 . 2011-10-21 19:48 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2011-10-11 17:50 . 2011-08-20 04:26 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 118784 c:\windows\SysWOW64\iepeers.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 353584 c:\windows\SysWOW64\iedkcs32.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 434176 c:\windows\SysWOW64\ieapfltr.dll
- 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 163840 c:\windows\SysWOW64\ieakui.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 227840 c:\windows\SysWOW64\ieaksie.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 130560 c:\windows\SysWOW64\ieakeng.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 110592 c:\windows\SysWOW64\IEAdvpack.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 223232 c:\windows\SysWOW64\dxtrans.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 353792 c:\windows\SysWOW64\dxtmsft.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 101888 c:\windows\SysWOW64\admparse.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 160256 c:\windows\system32\wextract.exe
+ 2011-10-21 19:48 . 2011-10-21 19:48 249344 c:\windows\system32\webcheck.dll
+ 2011-08-08 04:42 . 2011-10-22 21:39 252610 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-10-21 19:48 . 2011-10-21 19:48 603648 c:\windows\system32\vbscript.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 237056 c:\windows\system32\url.dll
+ 2009-07-14 02:36 . 2011-10-26 15:40 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-26 15:40 106522 c:\windows\system32\perfc009.dat
+ 2011-10-21 19:48 . 2011-10-21 19:48 149504 c:\windows\system32\occache.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 827744 c:\windows\system32\msvcr100_clr0400.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 197120 c:\windows\system32\msrating.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 222208 c:\windows\system32\msls31.dll
- 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 697344 c:\windows\system32\msfeeds.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 818176 c:\windows\system32\jscript.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 103936 c:\windows\system32\inseng.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 165888 c:\windows\system32\iexpress.exe
+ 2011-10-21 19:48 . 2011-10-21 19:48 173056 c:\windows\system32\ieUnatt.exe
+ 2011-10-21 19:48 . 2011-10-21 19:48 248320 c:\windows\system32\ieui.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 111616 c:\windows\system32\iesysprep.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 145920 c:\windows\system32\iepeers.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 403248 c:\windows\system32\iedkcs32.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 534528 c:\windows\system32\ieapfltr.dll
- 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 163840 c:\windows\system32\ieakui.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 267776 c:\windows\system32\ieaksie.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 160256 c:\windows\system32\ieakeng.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 135168 c:\windows\system32\IEAdvpack.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 282112 c:\windows\system32\dxtrans.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 452608 c:\windows\system32\dxtmsft.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 114176 c:\windows\system32\admparse.dll
+ 2011-10-21 21:57 . 2011-10-26 15:40 394404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1561732382-1320324981-2356204285-1001-12288.dat
+ 2010-03-18 17:16 . 2010-03-18 17:16 114520 c:\windows\Microsoft.NET\NETFXRepair.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 350592 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\UIAutomationClientsideProviders.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 163168 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\UIAutomationClient.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 675672 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Speech.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 335712 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\System.Printing.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 581464 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\ReachFramework.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 832856 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationUI.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 225640 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationHost_v0400.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 194424 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.Royale.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 478576 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.Luna.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 167288 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.Classic.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 232304 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.Aero.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 138592 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Linq.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 699224 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Xaml.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 857960 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.Services.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 288616 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Transactions.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 113512 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceProcess.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 129912 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Routing.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 390008 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Discovery.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 505208 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.Activities.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 261472 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Security.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 122264 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 291184 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Remoting.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 349568 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.DurableInstancing.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 231760 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Net.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 253280 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Messaging.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 134528 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Management.Instrumentation.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 378720 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Management.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 123736 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.IO.Log.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 125816 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.IdentityModel.Selectors.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 392552 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.IdentityModel.dll
+ 2010-03-18 09:46 . 2010-03-18 09:46 125440 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.EnterpriseServices.Wrapper.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 237424 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.EnterpriseServices.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 120152 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Dynamic.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 607064 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 182144 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.DirectoryServices.Protocols.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 395120 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.DirectoryServices.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 285072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.DirectoryServices.AccountManagement.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 829280 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Deployment.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 747360 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.SqlXml.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 436600 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Services.Client.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 683872 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Linq.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 409448 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.configuration.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 210816 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.ComponentModel.Composition.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 149848 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.AddIn.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 122248 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.DurableInstancing.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 525704 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.Core.Presentation.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 112976 c:\windows\Microsoft.NET\Framework64\v4.0.30319\sysglobl.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 597832 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 124240 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
+ 2009-08-31 10:44 . 2009-08-31 10:44 144416 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\sqmapi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 295248 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\SetupUi.dll
+ 2010-03-18 20:16 . 2010-03-18 20:16 807256 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\SetupEngine.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 235872 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelReg.exe
+ 2010-03-18 18:27 . 2010-03-18 18:27 130392 c:\windows\Microsoft.NET\Framework64\v4.0.30319\PerfCounter.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 168776 c:\windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
+ 2010-03-18 18:27 . 2010-03-18 18:27 138576 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
+ 2010-03-18 18:27 . 2010-03-18 18:27 543056 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvc.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 114520 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsecimpl.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 372560 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 183640 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 578896 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 661352 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 349576 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.Compatibility.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 187776 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 387960 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Transactions.Bridge.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 746336 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.JScript.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 505184 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.CSharp.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 794464 c:\windows\Microsoft.NET\Framework64\v4.0.30319\EventLogMessages.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 939864 c:\windows\Microsoft.NET\Framework64\v4.0.30319\diasymreader.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 123720 c:\windows\Microsoft.NET\Framework64\v4.0.30319\dfdll.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 138584 c:\windows\Microsoft.NET\Framework64\v4.0.30319\CORPerfMonExt.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 105296 c:\windows\Microsoft.NET\Framework64\v4.0.30319\AppLaunch.exe
+ 2010-03-18 18:27 . 2010-03-18 18:27 134984 c:\windows\Microsoft.NET\Framework64\v4.0.30319\alink.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 166224 c:\windows\Microsoft.NET\Framework64\v4.0.30319\AdoNetDiag.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 255304 c:\windows\Microsoft.NET\Framework64\v4.0.30319\1033\vbc7ui.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 255896 c:\windows\Microsoft.NET\Framework64\v4.0.30319\1033\Microsoft.VisualBasic.Activities.CompilerUI.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 182088 c:\windows\Microsoft.NET\Framework64\v4.0.30319\1033\cscui.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 350592 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClientsideProviders.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 163168 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\UIAutomationClient.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 675672 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Speech.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 334688 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\System.Printing.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 581464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\ReachFramework.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 832856 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationUI.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 801136 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 181096 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationHost_v0400.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 194424 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Royale.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 478576 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Luna.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 167288 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Classic.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 232304 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.Aero.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 807264 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NaturalLanguage6.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 138592 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Linq.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 699224 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Xaml.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 857960 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Web.Services.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 269672 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Transactions.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 113512 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceProcess.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 129912 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Routing.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 390008 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Discovery.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 505208 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.Activities.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 261472 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Security.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 122264 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 291184 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Remoting.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 349568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.DurableInstancing.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 231760 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Net.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 253280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Messaging.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 134528 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.Instrumentation.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 378720 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Management.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 123736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IO.Log.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 125816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.Selectors.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 392552 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.IdentityModel.dll
+ 2010-03-18 04:51 . 2010-03-18 04:51 109568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.Wrapper.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 246128 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.EnterpriseServices.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 120152 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Dynamic.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 607064 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 182144 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.Protocols.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 395120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 285072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.DirectoryServices.AccountManagement.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 829280 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Deployment.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 747360 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.SqlXml.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 436600 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Services.Client.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 683872 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Linq.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 409448 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.configuration.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 210816 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ComponentModel.Composition.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 149848 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.AddIn.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 122248 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.DurableInstancing.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 525704 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Core.Presentation.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 112976 c:\windows\Microsoft.NET\Framework\v4.0.30319\sysglobl.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 517448 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 124240 c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 173920 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 121688 c:\windows\Microsoft.NET\Framework\v4.0.30319\PerfCounter.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 150856 c:\windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 130384 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 335184 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 110936 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsecimpl.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 372048 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 145752 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorpehost.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 413008 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 955728 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 661352 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 349576 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Compatibility.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 170368 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.Dtc.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 387960 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Transactions.Bridge.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 746336 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.JScript.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 505184 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.CSharp.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 794464 c:\windows\Microsoft.NET\Framework\v4.0.30319\EventLogMessages.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 688472 c:\windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 129880 c:\windows\Microsoft.NET\Framework\v4.0.30319\CORPerfMonExt.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 385864 c:\windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 105808 c:\windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 105288 c:\windows\Microsoft.NET\Framework\v4.0.30319\alink.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 139088 c:\windows\Microsoft.NET\Framework\v4.0.30319\AdoNetDiag.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 255304 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\vbc7ui.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 255896 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\Microsoft.VisualBasic.Activities.CompilerUI.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 182088 c:\windows\Microsoft.NET\Framework\v4.0.30319\1033\cscui.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2011-10-26 15:37 . 2011-10-26 15:37 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2011-10-26 15:37 . 2011-10-26 15:37 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-10-26 15:37 . 2011-10-26 15:37 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2011-10-28 15:51 . 2011-10-28 15:51 314368 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\1c94b0dc0867d4028750c5efc3cb5edf\WindowsFormsIntegration.ni.dll
+ 2011-10-28 15:48 . 2011-10-28 15:48 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\61f2a7b20694daeb02f7de4931261fa4\UIAutomationTypes.ni.dll
+ 2011-10-28 15:48 . 2011-10-28 15:48 121344 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\17f02848e133014dab9270423d9dc916\UIAutomationProvider.ni.dll
+ 2011-10-28 15:51 . 2011-10-28 15:51 637952 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\3b9f689c1ba2a1875d5001ade2cc54e2\UIAutomationClient.ni.dll
+ 2011-10-28 15:47 . 2011-10-28 15:47 523264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\9d14b7bc969452800c0456286309d41d\System.Xml.Linq.ni.dll
+ 2011-10-28 15:48 . 2011-10-28 15:48 251904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\63310265c78b84ed848564e7b48fbdb4\System.Windows.Input.Manipulations.ni.dll
+ 2011-10-28 15:47 . 2011-10-28 15:47 900096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\122cea70c5d0d591f9af1f4316848fd1\System.Transactions.ni.dll
+ 2011-10-28 15:50 . 2011-10-28 15:50 275456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\7b167f31f23d4aed19dfa65ad3d29480\System.ServiceProcess.ni.dll
+ 2011-10-28 15:50 . 2011-10-28 15:50 504832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\71433975df10aad7d60d14f2a2e59ade\System.ServiceModel.Routing.ni.dll
+ 2011-10-28 15:50 . 2011-10-28 15:50 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\50c0039fed2761ebedbf30436cb26d4e\System.ServiceModel.Channels.ni.dll
+ 2011-10-28 15:45 . 2011-10-28 15:45 928768 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\1a32460874cc4452c740b86ff22ecdf1\System.Security.ni.dll
+ 2011-10-28 15:47 . 2011-10-28 15:47 374272 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\b468f9d8655e91b7a6aa11473eca4a97\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2011-10-28 15:47 . 2011-10-28 15:47 976896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\bfcee391af3b055588839ed4dcd0a93c\System.Runtime.Remoting.ni.dll
+ 2011-10-28 15:45 . 2011-10-28 15:45 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\215d813343ba0950ad6e148e2098018b\System.Numerics.ni.dll
+ 2011-10-28 15:50 . 2011-10-28 15:50 904704 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\e12639aa1d12f14e08d88dabb7d7aec2\System.Net.ni.dll
+ 2011-10-28 15:50 . 2011-10-28 15:50 767488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\e00e9887726be6523c6766d97563a5ce\System.Messaging.ni.dll
+ 2011-10-28 15:50 . 2011-10-28 15:50 509952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\0ed484f6ac7e052feab93c030580fe83\System.Management.Instrumentation.ni.dll
+ 2011-10-28 15:50 . 2011-10-28 15:50 520192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\858fcb90269ce9231b39c3c8fd773d18\System.IO.Log.ni.dll
+ 2011-10-28 15:50 . 2011-10-28 15:50 288256 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\2db9efed85653059a279145d180bc535\System.IdentityModel.Selectors.ni.dll
+ 2011-10-28 15:47 . 2011-10-28 15:47 338944 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\48264d6ad04173a3a82cc06b70c5cd28\System.EnterpriseServices.Wrapper.dll
+ 2011-10-28 15:45 . 2011-10-28 15:45 489984 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\898b578693d64daac6e604c9cc44fcea\System.Dynamic.ni.dll
+ 2011-10-28 15:49 . 2011-10-28 15:49 623104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\c2e9871975b94235b9e6ab192ecd1bf7\System.DirectoryServices.Protocols.ni.dll
+ 2011-10-28 15:49 . 2011-10-28 15:49 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\355f9ad8b3a2820986085f8194e46afd\System.Device.ni.dll
+ 2011-10-28 15:49 . 2011-10-28 15:49 175104 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\e21ef3f0466f3b32573b2054a8ec2756\System.Data.DataSetExtensions.ni.dll
+ 2011-10-28 15:49 . 2011-10-28 15:49 179712 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\c080a9ed31f78466f2400bba623af2f8\System.Configuration.Install.ni.dll
+ 2011-10-28 15:49 . 2011-10-28 15:49 252416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\209765cffc4869810e3dac2a63356adb\System.ComponentModel.DataAnnotations.ni.dll
+ 2011-10-28 15:49 . 2011-10-28 15:49 997888 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\041944016e311af997be348fdf7bf101\System.ComponentModel.Composition.ni.dll
+ 2011-10-28 15:48 . 2011-10-28 15:48 827392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\fb44540b59b268b7a681165b000da009\System.AddIn.ni.dll
+ 2011-10-28 15:48 . 2011-10-28 15:48 537600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\17de1d19c3443b70236762a493b51aa4\System.Activities.DurableInstancing.ni.dll
+ 2011-10-28 15:45 . 2011-10-28 15:45 424960 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\ef022a4092ef0a271b4dd7d12264dae8\SMSvcHost.ni.exe
+ 2011-10-28 15:47 . 2011-10-28 15:47 182272 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\ac74a156499a8303d5788ab299881d5d\SMDiagnostics.ni.dll
+ 2011-10-28 15:47 . 2011-10-28 15:47 330240 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\d63d1aeda73031944cb04496577630e3\PresentationFramework.Classic.ni.dll
+ 2011-10-28 15:47 . 2011-10-28 15:47 387072 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\a63e7b9a489aaa79e0708cd669469c72\PresentationFramework.Royale.ni.dll
+ 2011-10-28 15:47 . 2011-10-28 15:47 745472 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\8b726992b3b59fd5fb396feaa5697ee0\PresentationFramework.Luna.ni.dll
+ 2011-10-28 15:47 . 2011-10-28 15:47 553984 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\27fcc0e27b29a6518808712035f60f71\PresentationFramework.Aero.ni.dll
+ 2011-10-28 15:46 . 2011-10-28 15:46 417280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\bcc8e35d753ffccf339770189e254c1c\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2011-10-28 15:45 . 2011-10-28 15:45 595456 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\a4381928c37d4cf483070269f48326d2\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2011-10-28 15:45 . 2011-10-28 15:45 276992 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\484c3c0ed451c906dec30445553d8fc1\CustomMarshalers.ni.dll
+ 2011-10-26 15:40 . 2011-10-26 15:40 721920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\09a97525ae5583cc2685e2c39a3078bd\System.Security.ni.dll
+ 2011-10-26 15:39 . 2011-10-26 15:39 144896 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\b07f0d26a34ad53fc369248f289d1126\System.Numerics.ni.dll
+ 2011-10-26 15:40 . 2011-10-26 15:40 373248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\1331ee3a7146218388537aa7e41303af\System.Dynamic.ni.dll
+ 2011-10-26 15:40 . 2011-10-26 15:40 973312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll
+ 2011-10-26 15:40 . 2011-10-26 15:40 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\4a518b841f06ee4f07320159cf918a2c\System.ComponentModel.Composition.ni.dll
+ 2011-10-26 15:40 . 2011-10-26 15:40 283648 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f5e029e2215c95ab38a1eefef7b32ac9\PresentationFramework.Classic.ni.dll
+ 2011-10-26 15:40 . 2011-10-26 15:40 450048 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3555f5f74c56fa92c0ab7a635af91bfa\PresentationFramework.Aero.ni.dll
+ 2011-10-26 15:40 . 2011-10-26 15:40 327168 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\040571d65dc822e5df020d5e084f4b45\PresentationFramework.Royale.ni.dll
+ 2011-10-26 15:40 . 2011-10-26 15:40 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\016f9a150fce0e0a4c93532d8fa4c749\PresentationFramework.Luna.ni.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 1126912 c:\windows\SysWOW64\wininet.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 1102848 c:\windows\SysWOW64\urlmon.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 1798144 c:\windows\SysWOW64\jscript9.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 1791488 c:\windows\SysWOW64\iertutil.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 9704960 c:\windows\SysWOW64\ieframe.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 3695416 c:\windows\SysWOW64\ieapfltr.dat
+ 2011-10-21 19:48 . 2011-10-21 19:48 1389056 c:\windows\system32\wininet.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 1344512 c:\windows\system32\urlmon.dll
+ 2009-07-14 02:34 . 2011-10-21 19:51 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-10-12 11:55 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-10-21 19:48 . 2011-10-21 19:48 2309120 c:\windows\system32\jscript9.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 2143744 c:\windows\system32\iertutil.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 3695416 c:\windows\system32\ieapfltr.dat
+ 2009-07-14 04:45 . 2011-10-21 19:55 7185859 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-10-12 11:59 7185859 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-08-09 07:43 . 2011-10-28 16:18 4626232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-08-09 07:43 . 2011-10-19 02:51 4626232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-03-18 18:27 . 2010-03-18 18:27 2153816 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\wpfgfx_v0400.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1303896 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WindowsBase.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 1098096 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationNative_v0400.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 6346600 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationFramework.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 3453792 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\PresentationCore.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 2650464 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\NlsLexicons0009.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 6353752 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\NlsData0009.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 1367904 c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\NaturalLanguage6.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 3170632 c:\windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 2207568 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.XML.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 4982120 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1711496 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Windows.Forms.DataVisualization.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 6067048 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.ServiceModel.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1026936 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 3481928 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 4464480 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.Entity.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 3111768 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1339736 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Core.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1462648 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.Presentation.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1199968 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Activities.dll
+ 2010-03-18 21:41 . 2010-03-18 21:41 1901056 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\netfx_core_x64.msi
+ 2010-03-18 18:27 . 2010-03-18 18:27 4960080 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 1453392 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 1513304 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 3563408 c:\windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 2492232 c:\windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
+ 2010-03-18 18:27 . 2010-03-18 18:27 1524552 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
+ 2010-03-18 18:27 . 2010-03-18 18:27 9798472 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1663320 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1303896 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WindowsBase.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 6346600 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationFramework.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 3545952 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationCore.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 2650464 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsLexicons0009.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 4881752 c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\NlsData0009.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 2199880 c:\windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 2207568 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.XML.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 4982120 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1711496 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Windows.Forms.DataVisualization.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 6067048 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.ServiceModel.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1026936 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 3481928 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 4464480 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.Entity.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 2970968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Data.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1339736 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Core.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1462648 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.Presentation.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1199968 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Activities.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 5196112 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1141592 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 2989456 c:\windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2010-03-18 17:16 . 2010-03-18 17:16 1972552 c:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
+ 2010-03-18 17:16 . 2010-03-18 17:16 6730056 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 1303896 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 3481928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 4982120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 6067048 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 1339736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 6346600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 3111768 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 3453792 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 4960080 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-10-26 15:37 . 2011-10-26 15:37 2970968 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2011-10-26 15:38 . 2011-10-26 15:38 3545952 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2011-10-26 15:37 . 2011-10-26 15:37 5196112 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2011-10-26 15:37 . 2011-10-26 15:37 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2010-03-18 21:41 . 2010-03-18 21:41 1901056 c:\windows\Installer\34036f.msi
+ 2011-10-28 15:46 . 2011-10-28 15:46 5060608 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\38d48114cb19778e4bfdc338eb8adde2\WindowsBase.ni.dll
+ 2011-10-28 15:51 . 2011-10-28 15:51 1424896 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\9438a191056a09eab733771508954503\UIAutomationClientsideProviders.ni.dll
+ 2011-10-28 15:45 . 2011-10-28 15:45 6972928 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\5d9f385419332f14eaf937556199856f\System.Xml.ni.dll
+ 2011-10-28 15:47 . 2011-10-28 15:47 2406400 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\535e182d16212c61bc8b22e0309d3362\System.Xaml.ni.dll
+ 2011-10-28 15:51 . 2011-10-28 15:51 5587456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\c4b205eb68df08b6c0e3e2645f6653c5\System.Windows.Forms.DataVisualization.ni.dll
+ 2011-10-28 15:51 . 2011-10-28 15:51 2220032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\f417705d2257cd04cb9d11483ed38be8\System.Web.Services.ni.dll
+ 2011-10-28 15:51 . 2011-10-28 15:51 2653696 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\56deb12b13d969b72e250df440b3cd5f\System.Speech.ni.dll
+ 2011-10-28 15:50 . 2011-10-28 15:50 1885184 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\ab64e8f7c3bcb8d217c80c6b24a6e2d1\System.ServiceModel.Activities.ni.dll
+ 2011-10-28 15:50 . 2011-10-28 15:50 1547776 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\3d4a4c37891be698e4a6da84c70f9f74\System.ServiceModel.Discovery.ni.dll
+ 2011-10-28 15:47 . 2011-10-28 15:47 3375616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\08fba6b56d838ad48b4451c82e5728d4\System.Runtime.Serialization.ni.dll
+ 2011-10-28 15:47 . 2011-10-28 15:47 1327616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\2f02efd9ddb7417ffd5c06cfe6e865ca\System.Runtime.DurableInstancing.ni.dll
+ 2011-10-28 15:48 . 2011-10-28 15:48 1396224 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\0b4141cd5f9a1f9b5db2ed0d53c2aafa\System.Printing.ni.dll
+ 2011-10-28 15:50 . 2011-10-28 15:50 1438720 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\da51604aa808b94c181181b37c727078\System.Management.ni.dll
+ 2011-10-28 15:49 . 2011-10-28 15:49 1401856 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\33ac21194152cf9a89b82d9cd38b398d\System.IdentityModel.ni.dll
+ 2011-10-28 15:47 . 2011-10-28 15:47 1051136 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\48264d6ad04173a3a82cc06b70c5cd28\System.EnterpriseServices.ni.dll
+ 2011-10-28 15:47 . 2011-10-28 15:47 2248192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\1266d26c7b7843d308e2705cb8239d55\System.Drawing.ni.dll
+ 2011-10-28 15:49 . 2011-10-28 15:49 1193472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\4e646b87f86fb1349f132c16106281ee\System.DirectoryServices.AccountManagement.ni.dll
+ 2011-10-28 15:47 . 2011-10-28 15:47 1587200 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\1e6d600cb8881ea39ba9321e27665bcd\System.DirectoryServices.ni.dll
+ 2011-10-28 15:48 . 2011-10-28 15:48 2353152 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\b02f2fc896c45ef188c8fcc62bb78622\System.Deployment.ni.dll
+ 2011-10-28 15:48 . 2011-10-28 15:48 8485376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\5a47dfd0b200a502a4d5d27ee99bcc3c\System.Data.ni.dll
+ 2011-10-28 15:45 . 2011-10-28 15:45 3323392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\eda698e4f33bbc7f6824512b1af768b4\System.Data.SqlXml.ni.dll
+ 2011-10-28 15:49 . 2011-10-28 15:49 1750016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\5ac492f703d6d741140f7cd45ef3c746\System.Data.Services.Client.ni.dll
+ 2011-10-28 15:49 . 2011-10-28 15:49 3320832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\8b5e92d8d715887140ae692251667d2a\System.Data.Linq.ni.dll
+ 2011-10-28 15:45 . 2011-10-28 15:45 1247232 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\11581b5eba4b3ff58441c638ab66c742\System.Configuration.ni.dll
+ 2011-10-28 15:48 . 2011-10-28 15:48 5633536 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\8a7112ce783f048fabd7c0ae1102f282\System.Activities.ni.dll
+ 2011-10-28 15:48 . 2011-10-28 15:48 4817408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\d6f957aff5d1d2adbae373ba2c895fc7\System.Activities.Presentation.ni.dll
+ 2011-10-28 15:48 . 2011-10-28 15:48 1948160 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\8ec6b52230006060fd8e0ae4ee5a6078\System.Activities.Core.Presentation.ni.dll
+ 2011-10-28 15:48 . 2011-10-28 15:48 3910656 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\c8777929815906c78c1cd0fd6003eb9c\ReachFramework.ni.dll
+ 2011-10-28 15:47 . 2011-10-28 15:47 1987584 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\b3fcf4290c9ba947d8dcb293442eacb1\PresentationUI.ni.dll
+ 2011-10-28 15:46 . 2011-10-28 15:46 1612800 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\b37e1ae66271b1dd2b7879febc9eac93\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2011-10-28 15:46 . 2011-10-28 15:46 2269696 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\af08f116e2c31d2c65bd492804fb2fef\Microsoft.VisualBasic.ni.dll
+ 2011-10-28 15:46 . 2011-10-28 15:46 1836544 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\9ab28551ad65eca3a0aab11adbe15649\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2011-10-28 15:45 . 2011-10-28 15:45 1490944 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\0fb7cbd4c3fcf73f8860bd91497e8f66\Microsoft.Transactions.Bridge.ni.dll
+ 2011-10-28 15:50 . 2011-10-28 15:50 3288064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\0ec582085325e7acf33b004c484be1de\Microsoft.JScript.ni.dll
+ 2011-10-28 15:45 . 2011-10-28 15:45 1968640 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\4e7049d81f575a6e0652f7af80040a17\Microsoft.CSharp.ni.dll
+ 2011-10-26 15:40 . 2011-10-26 15:40 3779072 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
+ 2011-10-26 15:39 . 2011-10-26 15:39 9000960 c:\windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
+ 2011-10-26 15:40 . 2011-10-26 15:40 5571584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
+ 2011-10-26 15:40 . 2011-10-26 15:40 1651200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
+ 2011-10-26 15:40 . 2011-10-26 15:40 6754816 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\92cccedc7cda413ff6fc6492cb256b58\System.Data.ni.dll
+ 2011-10-26 15:40 . 2011-10-26 15:40 2538496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\1fdd0961d8d07ef4d1fcaf30f0050c0a\System.Data.SqlXml.ni.dll
+ 2011-10-26 15:40 . 2011-10-26 15:40 2499072 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\87a713cee613d08ee04ae9483a9d4716\System.Data.Linq.ni.dll
+ 2011-10-26 15:40 . 2011-10-26 15:40 7025664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
+ 2011-10-26 15:40 . 2011-10-26 15:40 1612288 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\05503f37aef5261d80ccca19f8078679\Microsoft.CSharp.ni.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 12275200 c:\windows\SysWOW64\mshtml.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 17781760 c:\windows\system32\mshtml.dll
+ 2011-10-21 19:48 . 2011-10-21 19:48 10886144 c:\windows\system32\ieframe.dll
+ 2011-10-26 15:39 . 2011-10-26 15:39 11722240 c:\windows\assembly\NativeImages_v4.0.30319_64\System\0f8f78b729ce16dd078f5d5f734a1110\System.ni.dll
+ 2011-10-28 15:48 . 2011-10-28 15:48 17046528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\f0acb5c0e7dc2c42c6c61f3aa1278338\System.Windows.Forms.ni.dll
+ 2011-10-28 15:50 . 2011-10-28 15:50 24146944 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\d072039db89cac96d9e0b1ae9b3a94f4\System.ServiceModel.ni.dll
+ 2011-10-28 15:49 . 2011-10-28 15:49 18089472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\c41b30de7215a62c8ca5bfe6e04ea763\System.Data.Entity.ni.dll
+ 2011-10-28 15:45 . 2011-10-28 15:45 10199552 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\7a93c267da35a5f16b6fa5a10482eb4e\System.Core.ni.dll
+ 2011-10-28 15:47 . 2011-10-28 15:47 22967808 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\33e1103724b1b63ae539a292b56355fe\PresentationFramework.ni.dll
+ 2011-10-28 15:46 . 2011-10-28 15:46 14810112 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\f3bf2b87e57d986369366c34f520a41b\PresentationCore.ni.dll
+ 2011-10-26 15:39 . 2011-10-26 15:39 19348992 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\bc19222db4406c472d9aa1f8b6e0f470\mscorlib.ni.dll
+ 2011-10-26 15:40 . 2011-10-26 15:40 13006336 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
+ 2011-10-26 15:40 . 2011-10-26 15:40 17629184 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll
+ 2011-10-26 15:40 . 2011-10-26 15:40 11057664 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
+ 2011-10-26 15:39 . 2011-10-26 15:39 14415872 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-02-22 1497352]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-09-24 1486392]
.
c:\users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Steven\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-4-5 1149440]
WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 4221840]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 MOBK755Filter;MOBK755Filter;c:\windows\system32\DRIVERS\MOBK755.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MOBK755backup;McAfee Online Backup Service;c:\program files (x86)\McAfee Online Backup\MOBK755backup.exe [2010-09-20 207672]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 317328]
S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1978256]
S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1338256]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 21:58]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-17 21:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Steven\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK755]
@="{f378ff85-8d0a-cbe6-4735-3a67760db6bb}"
[HKEY_CLASSES_ROOT\CLSID\{f378ff85-8d0a-cbe6-4735-3a67760db6bb}]
2010-09-20 07:27 4718392 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK755shell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK7552]
@="{8406002f-3c7e-565d-de02-414c2856a50b}"
[HKEY_CLASSES_ROOT\CLSID\{8406002f-3c7e-565d-de02-414c2856a50b}]
2010-09-20 07:27 4718392 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK755shell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK7553]
@="{cb5494dd-88ee-383e-88d7-bbd79c7c52d4}"
[HKEY_CLASSES_ROOT\CLSID\{cb5494dd-88ee-383e-88d7-bbd79c7c52d4}]
2010-09-20 07:27 4718392 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK755shell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/g/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Google\Update\1.3.21.79\GoogleCrashHandler.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
c:\program files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
.
**************************************************************************
.
Completion time: 2011-10-28 12:40:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-28 16:39
ComboFix2.txt 2011-10-19 04:36
ComboFix3.txt 2011-10-19 03:14
.
Pre-Run: 224,734,748,672 bytes free
Post-Run: 225,026,449,408 bytes free
.
- - End Of File - - EA5955B1575B41EE017B4DC3BBFE69A0

#6 That_Steve_Guy

That_Steve_Guy
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 28 October 2011 - 01:08 PM

That didn't take long I had music start and once i killed "iexplore.exe *32" it went away (along with the explorer window). This is not always the case as often I don't see any window open during this music/ad starting, but do still find iexplore.exe *32 running. Upon re-opening this window to post it started again while writing to you.

Thanks,

Steve

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 AM

Posted 28 October 2011 - 04:07 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 That_Steve_Guy

That_Steve_Guy
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 28 October 2011 - 05:36 PM

Ran TDSkiller: didn't seem to find anything. Report is below.

18:34:07.0276 6464 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
18:34:07.0713 6464 ============================================================
18:34:07.0713 6464 Current date / time: 2011/10/28 18:34:07.0713
18:34:07.0713 6464 SystemInfo:
18:34:07.0713 6464
18:34:07.0713 6464 OS Version: 6.1.7601 ServicePack: 1.0
18:34:07.0713 6464 Product type: Workstation
18:34:07.0713 6464 ComputerName: STEVEN-PC
18:34:07.0714 6464 UserName: Steven
18:34:07.0714 6464 Windows directory: C:\windows
18:34:07.0714 6464 System windows directory: C:\windows
18:34:07.0714 6464 Running under WOW64
18:34:07.0714 6464 Processor architecture: Intel x64
18:34:07.0714 6464 Number of processors: 4
18:34:07.0714 6464 Page size: 0x1000
18:34:07.0714 6464 Boot type: Normal boot
18:34:07.0714 6464 ============================================================
18:34:08.0155 6464 Initialize success
18:34:37.0826 6216 ============================================================
18:34:37.0826 6216 Scan started
18:34:37.0826 6216 Mode: Manual;
18:34:37.0827 6216 ============================================================
18:34:40.0409 6216 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
18:34:40.0412 6216 1394ohci - ok
18:34:40.0514 6216 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
18:34:40.0518 6216 ACPI - ok
18:34:40.0619 6216 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
18:34:40.0620 6216 AcpiPmi - ok
18:34:40.0773 6216 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
18:34:40.0782 6216 adp94xx - ok
18:34:40.0891 6216 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
18:34:40.0896 6216 adpahci - ok
18:34:41.0012 6216 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
18:34:41.0016 6216 adpu320 - ok
18:34:41.0105 6216 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
18:34:41.0112 6216 AFD - ok
18:34:41.0223 6216 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
18:34:41.0224 6216 agp440 - ok
18:34:41.0328 6216 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
18:34:41.0331 6216 aliide - ok
18:34:41.0418 6216 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
18:34:41.0419 6216 amdide - ok
18:34:41.0516 6216 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
18:34:41.0518 6216 AmdK8 - ok
18:34:41.0541 6216 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
18:34:41.0544 6216 AmdPPM - ok
18:34:41.0648 6216 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
18:34:41.0651 6216 amdsata - ok
18:34:41.0760 6216 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
18:34:41.0764 6216 amdsbs - ok
18:34:41.0861 6216 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
18:34:41.0863 6216 amdxata - ok
18:34:41.0961 6216 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
18:34:41.0963 6216 AppID - ok
18:34:42.0091 6216 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
18:34:42.0093 6216 arc - ok
18:34:42.0189 6216 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
18:34:42.0192 6216 arcsas - ok
18:34:42.0286 6216 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
18:34:42.0288 6216 AsyncMac - ok
18:34:42.0393 6216 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
18:34:42.0395 6216 atapi - ok
18:34:42.0517 6216 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
18:34:42.0523 6216 b06bdrv - ok
18:34:42.0593 6216 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
18:34:42.0598 6216 b57nd60a - ok
18:34:42.0693 6216 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
18:34:42.0694 6216 Beep - ok
18:34:42.0825 6216 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
18:34:42.0828 6216 blbdrive - ok
18:34:42.0857 6216 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
18:34:42.0859 6216 bowser - ok
18:34:42.0951 6216 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
18:34:42.0953 6216 BrFiltLo - ok
18:34:42.0976 6216 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
18:34:42.0977 6216 BrFiltUp - ok
18:34:43.0074 6216 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
18:34:43.0078 6216 Brserid - ok
18:34:43.0180 6216 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
18:34:43.0181 6216 BrSerWdm - ok
18:34:43.0272 6216 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
18:34:43.0273 6216 BrUsbMdm - ok
18:34:43.0369 6216 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
18:34:43.0370 6216 BrUsbSer - ok
18:34:43.0394 6216 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
18:34:43.0396 6216 BTHMODEM - ok
18:34:43.0431 6216 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
18:34:43.0433 6216 cdfs - ok
18:34:43.0542 6216 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
18:34:43.0544 6216 cdrom - ok
18:34:43.0650 6216 cfwids (676535b3156fecf7133cf80b4d2f6cf7) C:\windows\system32\drivers\cfwids.sys
18:34:43.0652 6216 cfwids - ok
18:34:43.0744 6216 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
18:34:43.0745 6216 circlass - ok
18:34:43.0807 6216 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
18:34:43.0811 6216 CLFS - ok
18:34:43.0942 6216 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
18:34:43.0944 6216 CmBatt - ok
18:34:44.0002 6216 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
18:34:44.0003 6216 cmdide - ok
18:34:44.0045 6216 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
18:34:44.0052 6216 CNG - ok
18:34:44.0193 6216 CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\windows\system32\drivers\CHDRT64.sys
18:34:44.0212 6216 CnxtHdAudService - ok
18:34:44.0315 6216 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
18:34:44.0316 6216 Compbatt - ok
18:34:44.0404 6216 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
18:34:44.0406 6216 CompositeBus - ok
18:34:44.0503 6216 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
18:34:44.0504 6216 crcdisk - ok
18:34:44.0615 6216 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
18:34:44.0617 6216 DfsC - ok
18:34:44.0716 6216 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
18:34:44.0717 6216 discache - ok
18:34:44.0787 6216 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
18:34:44.0789 6216 Disk - ok
18:34:44.0889 6216 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
18:34:44.0890 6216 drmkaud - ok
18:34:44.0971 6216 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
18:34:44.0982 6216 DXGKrnl - ok
18:34:45.0104 6216 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
18:34:45.0148 6216 ebdrv - ok
18:34:45.0264 6216 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
18:34:45.0270 6216 elxstor - ok
18:34:45.0334 6216 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
18:34:45.0335 6216 ErrDev - ok
18:34:45.0459 6216 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
18:34:45.0462 6216 exfat - ok
18:34:45.0538 6216 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
18:34:45.0541 6216 fastfat - ok
18:34:45.0652 6216 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
18:34:45.0653 6216 fdc - ok
18:34:45.0801 6216 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
18:34:45.0803 6216 FileInfo - ok
18:34:45.0881 6216 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
18:34:45.0882 6216 Filetrace - ok
18:34:45.0972 6216 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
18:34:45.0974 6216 flpydisk - ok
18:34:46.0076 6216 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
18:34:46.0081 6216 FltMgr - ok
18:34:46.0114 6216 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
18:34:46.0116 6216 FsDepends - ok
18:34:46.0200 6216 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
18:34:46.0202 6216 Fs_Rec - ok
18:34:46.0301 6216 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
18:34:46.0305 6216 fvevol - ok
18:34:46.0410 6216 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
18:34:46.0412 6216 FwLnk - ok
18:34:46.0486 6216 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
18:34:46.0487 6216 gagp30kx - ok
18:34:46.0620 6216 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
18:34:46.0622 6216 hcw85cir - ok
18:34:46.0723 6216 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
18:34:46.0728 6216 HdAudAddService - ok
18:34:46.0814 6216 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
18:34:46.0815 6216 HDAudBus - ok
18:34:46.0838 6216 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
18:34:46.0839 6216 HidBatt - ok
18:34:46.0914 6216 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
18:34:46.0916 6216 HidBth - ok
18:34:47.0004 6216 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
18:34:47.0005 6216 HidIr - ok
18:34:47.0125 6216 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
18:34:47.0126 6216 HidUsb - ok
18:34:47.0232 6216 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
18:34:47.0234 6216 HpSAMD - ok
18:34:47.0377 6216 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
18:34:47.0387 6216 HTTP - ok
18:34:47.0462 6216 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
18:34:47.0463 6216 hwpolicy - ok
18:34:47.0492 6216 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
18:34:47.0494 6216 i8042prt - ok
18:34:47.0591 6216 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys
18:34:47.0594 6216 iaStor - ok
18:34:47.0692 6216 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
18:34:47.0697 6216 iaStorV - ok
18:34:48.0062 6216 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys
18:34:48.0287 6216 igfx - ok
18:34:48.0397 6216 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
18:34:48.0399 6216 iirsp - ok
18:34:48.0474 6216 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
18:34:48.0475 6216 intelide - ok
18:34:48.0599 6216 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
18:34:48.0600 6216 intelppm - ok
18:34:48.0715 6216 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
18:34:48.0717 6216 IpFilterDriver - ok
18:34:48.0822 6216 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
18:34:48.0824 6216 IPMIDRV - ok
18:34:48.0904 6216 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
18:34:48.0906 6216 IPNAT - ok
18:34:49.0005 6216 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
18:34:49.0006 6216 IRENUM - ok
18:34:49.0106 6216 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
18:34:49.0107 6216 isapnp - ok
18:34:49.0174 6216 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
18:34:49.0178 6216 iScsiPrt - ok
18:34:49.0276 6216 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
18:34:49.0277 6216 kbdclass - ok
18:34:49.0380 6216 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
18:34:49.0381 6216 kbdhid - ok
18:34:49.0464 6216 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
18:34:49.0466 6216 KSecDD - ok
18:34:49.0539 6216 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
18:34:49.0541 6216 KSecPkg - ok
18:34:49.0641 6216 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
18:34:49.0643 6216 ksthunk - ok
18:34:49.0754 6216 L1C (045fb70bc993b691517ce309045ff02d) C:\windows\system32\DRIVERS\L1C62x64.sys
18:34:49.0756 6216 L1C - ok
18:34:49.0865 6216 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
18:34:49.0867 6216 lltdio - ok
18:34:49.0992 6216 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
18:34:49.0994 6216 LSI_FC - ok
18:34:50.0090 6216 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
18:34:50.0092 6216 LSI_SAS - ok
18:34:50.0161 6216 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
18:34:50.0163 6216 LSI_SAS2 - ok
18:34:50.0238 6216 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
18:34:50.0241 6216 LSI_SCSI - ok
18:34:50.0372 6216 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
18:34:50.0374 6216 luafv - ok
18:34:50.0469 6216 MBAMProtector - ok
18:34:50.0683 6216 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
18:34:50.0685 6216 megasas - ok
18:34:50.0798 6216 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
18:34:50.0802 6216 MegaSR - ok
18:34:50.0901 6216 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
18:34:50.0902 6216 MEIx64 - ok
18:34:51.0060 6216 mfeapfk (31338e489314ae2a29534fbaa7ad2f1b) C:\windows\system32\drivers\mfeapfk.sys
18:34:51.0062 6216 mfeapfk - ok
18:34:51.0210 6216 mfeavfk (5822e70233218bcf22a65fcea74d012d) C:\windows\system32\drivers\mfeavfk.sys
18:34:51.0213 6216 mfeavfk - ok
18:34:51.0312 6216 mfeavfk01 - ok
18:34:51.0443 6216 mfefirek (5a24e7c834576313d8c5eaf0825da844) C:\windows\system32\drivers\mfefirek.sys
18:34:51.0449 6216 mfefirek - ok
18:34:51.0586 6216 mfehidk (a2607740bb18d631da01e01dcb81843b) C:\windows\system32\drivers\mfehidk.sys
18:34:51.0593 6216 mfehidk - ok
18:34:51.0716 6216 mfenlfk (50c3a9d7465d385061c0601deefb5a8e) C:\windows\system32\DRIVERS\mfenlfk.sys
18:34:51.0718 6216 mfenlfk - ok
18:34:51.0853 6216 mferkdet (edf5ee799a0b3ed6dce8bb16a51f3d1f) C:\windows\system32\drivers\mferkdet.sys
18:34:51.0855 6216 mferkdet - ok
18:34:51.0996 6216 mfewfpk (9182faf9addd5ea6308d155ceb502c6f) C:\windows\system32\drivers\mfewfpk.sys
18:34:52.0002 6216 mfewfpk - ok
18:34:52.0161 6216 MOBK755Filter (3c69aa906ee867ade4437acd8460b43d) C:\windows\system32\DRIVERS\MOBK755.sys
18:34:52.0163 6216 MOBK755Filter - ok
18:34:52.0246 6216 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
18:34:52.0248 6216 Modem - ok
18:34:52.0340 6216 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
18:34:52.0341 6216 monitor - ok
18:34:52.0428 6216 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
18:34:52.0430 6216 mouclass - ok
18:34:52.0538 6216 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
18:34:52.0540 6216 mouhid - ok
18:34:52.0611 6216 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
18:34:52.0613 6216 mountmgr - ok
18:34:52.0675 6216 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
18:34:52.0677 6216 mpio - ok
18:34:52.0709 6216 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
18:34:52.0711 6216 mpsdrv - ok
18:34:52.0745 6216 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
18:34:52.0768 6216 MRxDAV - ok
18:34:52.0850 6216 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
18:34:52.0853 6216 mrxsmb - ok
18:34:52.0935 6216 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
18:34:52.0940 6216 mrxsmb10 - ok
18:34:53.0090 6216 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
18:34:53.0093 6216 mrxsmb20 - ok
18:34:53.0181 6216 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
18:34:53.0183 6216 msahci - ok
18:34:53.0265 6216 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
18:34:53.0267 6216 msdsm - ok
18:34:53.0365 6216 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
18:34:53.0366 6216 Msfs - ok
18:34:53.0429 6216 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
18:34:53.0431 6216 mshidkmdf - ok
18:34:53.0499 6216 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
18:34:53.0500 6216 msisadrv - ok
18:34:53.0626 6216 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
18:34:53.0627 6216 MSKSSRV - ok
18:34:53.0720 6216 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
18:34:53.0722 6216 MSPCLOCK - ok
18:34:53.0809 6216 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
18:34:53.0811 6216 MSPQM - ok
18:34:53.0867 6216 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
18:34:53.0872 6216 MsRPC - ok
18:34:53.0930 6216 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
18:34:53.0932 6216 mssmbios - ok
18:34:54.0027 6216 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
18:34:54.0029 6216 MSTEE - ok
18:34:54.0045 6216 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
18:34:54.0047 6216 MTConfig - ok
18:34:54.0121 6216 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
18:34:54.0144 6216 Mup - ok
18:34:54.0258 6216 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
18:34:54.0263 6216 NativeWifiP - ok
18:34:54.0382 6216 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
18:34:54.0393 6216 NDIS - ok
18:34:54.0487 6216 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
18:34:54.0489 6216 NdisCap - ok
18:34:54.0589 6216 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
18:34:54.0590 6216 NdisTapi - ok
18:34:54.0697 6216 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
18:34:54.0699 6216 Ndisuio - ok
18:34:54.0728 6216 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
18:34:54.0731 6216 NdisWan - ok
18:34:54.0833 6216 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
18:34:54.0835 6216 NDProxy - ok
18:34:54.0947 6216 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
18:34:54.0949 6216 NetBIOS - ok
18:34:54.0978 6216 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
18:34:54.0982 6216 NetBT - ok
18:34:55.0096 6216 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
18:34:55.0097 6216 nfrd960 - ok
18:34:55.0207 6216 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
18:34:55.0209 6216 Npfs - ok
18:34:55.0280 6216 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
18:34:55.0282 6216 nsiproxy - ok
18:34:55.0405 6216 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
18:34:55.0424 6216 Ntfs - ok
18:34:55.0506 6216 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
18:34:55.0511 6216 Null - ok
18:34:55.0554 6216 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
18:34:55.0556 6216 nvraid - ok
18:34:55.0642 6216 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
18:34:55.0644 6216 nvstor - ok
18:34:55.0744 6216 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
18:34:55.0746 6216 nv_agp - ok
18:34:55.0823 6216 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
18:34:55.0825 6216 ohci1394 - ok
18:34:55.0961 6216 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
18:34:55.0963 6216 Parport - ok
18:34:55.0987 6216 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
18:34:55.0989 6216 partmgr - ok
18:34:56.0063 6216 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
18:34:56.0066 6216 pci - ok
18:34:56.0130 6216 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
18:34:56.0132 6216 pciide - ok
18:34:56.0201 6216 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
18:34:56.0204 6216 pcmcia - ok
18:34:56.0225 6216 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
18:34:56.0227 6216 pcw - ok
18:34:56.0314 6216 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
18:34:56.0323 6216 PEAUTH - ok
18:34:56.0479 6216 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
18:34:56.0481 6216 PGEffect - ok
18:34:56.0621 6216 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
18:34:56.0624 6216 PptpMiniport - ok
18:34:56.0694 6216 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
18:34:56.0696 6216 Processor - ok
18:34:56.0808 6216 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
18:34:56.0811 6216 Psched - ok
18:34:56.0957 6216 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
18:34:56.0975 6216 ql2300 - ok
18:34:57.0055 6216 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
18:34:57.0057 6216 ql40xx - ok
18:34:57.0127 6216 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
18:34:57.0129 6216 QWAVEdrv - ok
18:34:57.0230 6216 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
18:34:57.0231 6216 RasAcd - ok
18:34:57.0312 6216 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
18:34:57.0313 6216 RasAgileVpn - ok
18:34:57.0412 6216 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
18:34:57.0415 6216 Rasl2tp - ok
18:34:57.0534 6216 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
18:34:57.0536 6216 RasPppoe - ok
18:34:57.0633 6216 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
18:34:57.0635 6216 RasSstp - ok
18:34:57.0720 6216 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
18:34:57.0724 6216 rdbss - ok
18:34:57.0798 6216 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
18:34:57.0799 6216 rdpbus - ok
18:34:57.0899 6216 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
18:34:57.0900 6216 RDPCDD - ok
18:34:57.0998 6216 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
18:34:57.0999 6216 RDPENCDD - ok
18:34:58.0094 6216 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
18:34:58.0095 6216 RDPREFMP - ok
18:34:58.0116 6216 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
18:34:58.0120 6216 RDPWD - ok
18:34:58.0237 6216 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
18:34:58.0241 6216 rdyboost - ok
18:34:58.0417 6216 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
18:34:58.0419 6216 rspndr - ok
18:34:58.0535 6216 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
18:34:58.0539 6216 RSUSBSTOR - ok
18:34:58.0656 6216 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
18:34:58.0670 6216 RTL8192Ce - ok
18:34:58.0794 6216 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:34:58.0795 6216 SASDIFSV - ok
18:34:58.0909 6216 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:34:58.0911 6216 SASKUTIL - ok
18:34:58.0984 6216 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
18:34:58.0986 6216 sbp2port - ok
18:34:59.0060 6216 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
18:34:59.0062 6216 scfilter - ok
18:34:59.0183 6216 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
18:34:59.0184 6216 secdrv - ok
18:34:59.0289 6216 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
18:34:59.0290 6216 Serenum - ok
18:34:59.0391 6216 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
18:34:59.0393 6216 Serial - ok
18:34:59.0461 6216 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
18:34:59.0462 6216 sermouse - ok
18:34:59.0490 6216 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
18:34:59.0491 6216 sffdisk - ok
18:34:59.0563 6216 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
18:34:59.0564 6216 sffp_mmc - ok
18:34:59.0637 6216 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
18:34:59.0638 6216 sffp_sd - ok
18:34:59.0706 6216 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
18:34:59.0707 6216 sfloppy - ok
18:34:59.0793 6216 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
18:34:59.0795 6216 SiSRaid2 - ok
18:34:59.0868 6216 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
18:34:59.0869 6216 SiSRaid4 - ok
18:34:59.0969 6216 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
18:34:59.0971 6216 Smb - ok
18:35:00.0108 6216 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
18:35:00.0110 6216 spldr - ok
18:35:00.0207 6216 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
18:35:00.0214 6216 srv - ok
18:35:00.0245 6216 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
18:35:00.0250 6216 srv2 - ok
18:35:00.0359 6216 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
18:35:00.0362 6216 srvnet - ok
18:35:00.0488 6216 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
18:35:00.0490 6216 stexstor - ok
18:35:00.0589 6216 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
18:35:00.0590 6216 StillCam - ok
18:35:00.0703 6216 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
18:35:00.0705 6216 swenum - ok
18:35:00.0805 6216 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
18:35:00.0809 6216 SynTP - ok
18:35:00.0959 6216 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\windows\system32\drivers\tcpip.sys
18:35:00.0980 6216 Tcpip - ok
18:35:01.0114 6216 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\windows\system32\DRIVERS\tcpip.sys
18:35:01.0126 6216 TCPIP6 - ok
18:35:01.0210 6216 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
18:35:01.0212 6216 tcpipreg - ok
18:35:01.0326 6216 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
18:35:01.0327 6216 tdcmdpst - ok
18:35:01.0394 6216 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
18:35:01.0395 6216 TDPIPE - ok
18:35:01.0416 6216 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
18:35:01.0418 6216 TDTCP - ok
18:35:01.0513 6216 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
18:35:01.0515 6216 tdx - ok
18:35:01.0590 6216 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
18:35:01.0592 6216 TermDD - ok
18:35:01.0767 6216 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
18:35:01.0773 6216 tos_sps64 - ok
18:35:01.0852 6216 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
18:35:01.0853 6216 tssecsrv - ok
18:35:01.0951 6216 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
18:35:01.0953 6216 TsUsbFlt - ok
18:35:01.0974 6216 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
18:35:01.0976 6216 TsUsbGD - ok
18:35:02.0087 6216 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
18:35:02.0090 6216 tunnel - ok
18:35:02.0183 6216 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
18:35:02.0184 6216 TVALZ - ok
18:35:02.0256 6216 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
18:35:02.0258 6216 uagp35 - ok
18:35:02.0341 6216 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
18:35:02.0345 6216 udfs - ok
18:35:02.0467 6216 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
18:35:02.0469 6216 uliagpkx - ok
18:35:02.0572 6216 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
18:35:02.0573 6216 umbus - ok
18:35:02.0661 6216 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
18:35:02.0662 6216 UmPass - ok
18:35:02.0707 6216 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
18:35:02.0709 6216 usbccgp - ok
18:35:02.0810 6216 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
18:35:02.0812 6216 usbcir - ok
18:35:02.0894 6216 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
18:35:02.0896 6216 usbehci - ok
18:35:03.0013 6216 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
18:35:03.0018 6216 usbhub - ok
18:35:03.0083 6216 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
18:35:03.0085 6216 usbohci - ok
18:35:03.0165 6216 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
18:35:03.0167 6216 usbprint - ok
18:35:03.0248 6216 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
18:35:03.0250 6216 USBSTOR - ok
18:35:03.0327 6216 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
18:35:03.0328 6216 usbuhci - ok
18:35:03.0428 6216 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
18:35:03.0430 6216 usbvideo - ok
18:35:03.0531 6216 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
18:35:03.0532 6216 vdrvroot - ok
18:35:03.0614 6216 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
18:35:03.0615 6216 vga - ok
18:35:03.0683 6216 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
18:35:03.0685 6216 VgaSave - ok
18:35:03.0764 6216 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
18:35:03.0767 6216 vhdmp - ok
18:35:03.0843 6216 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
18:35:03.0844 6216 viaide - ok
18:35:03.0924 6216 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
18:35:03.0925 6216 volmgr - ok
18:35:04.0006 6216 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
18:35:04.0011 6216 volmgrx - ok
18:35:04.0111 6216 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
18:35:04.0116 6216 volsnap - ok
18:35:04.0192 6216 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
18:35:04.0195 6216 vsmraid - ok
18:35:04.0448 6216 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
18:35:04.0449 6216 vwifibus - ok
18:35:04.0757 6216 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
18:35:04.0759 6216 vwififlt - ok
18:35:04.0886 6216 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
18:35:04.0887 6216 WacomPen - ok
18:35:05.0068 6216 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
18:35:05.0070 6216 WANARP - ok
18:35:05.0119 6216 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
18:35:05.0121 6216 Wanarpv6 - ok
18:35:05.0252 6216 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
18:35:05.0253 6216 Wd - ok
18:35:05.0307 6216 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\windows\system32\DRIVERS\wdcsam64.sys
18:35:05.0309 6216 WDC_SAM - ok
18:35:05.0439 6216 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
18:35:05.0447 6216 Wdf01000 - ok
18:35:05.0623 6216 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
18:35:05.0624 6216 WfpLwf - ok
18:35:05.0722 6216 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
18:35:05.0724 6216 WIMMount - ok
18:35:05.0899 6216 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
18:35:05.0901 6216 WmiAcpi - ok
18:35:06.0051 6216 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
18:35:06.0053 6216 ws2ifsl - ok
18:35:06.0091 6216 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
18:35:06.0093 6216 WudfPf - ok
18:35:06.0182 6216 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
18:35:06.0185 6216 WUDFRd - ok
18:35:06.0239 6216 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
18:35:06.0253 6216 \Device\Harddisk0\DR0 - ok
18:35:06.0267 6216 Boot (0x1200) (92bbbc1db7b1474e117f235d958f049f) \Device\Harddisk0\DR0\Partition0
18:35:06.0268 6216 \Device\Harddisk0\DR0\Partition0 - ok
18:35:06.0269 6216 ============================================================
18:35:06.0269 6216 Scan finished
18:35:06.0269 6216 ============================================================
18:35:06.0281 6676 Detected object count: 0
18:35:06.0281 6676 Actual detected object count: 0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 AM

Posted 28 October 2011 - 06:19 PM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Link 1
Link 2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
explorer.exe
wininit.exe
winlogon.exe
iexplore.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Edited by gringo_pr, 28 October 2011 - 06:20 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 That_Steve_Guy

That_Steve_Guy
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 29 October 2011 - 01:41 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 02:39 on 29/10/2011 by Steven
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"
C:\Windows\explorer.exe --a---- 2871808 bytes [17:17 08/08/2011] [06:19 25/02/2011] 332FEAB1435662FC6C672E25BEB37BE3
C:\Windows\ERDNT\cache86\explorer.exe --a---- 2871808 bytes [02:59 19/10/2011] [06:19 25/02/2011] 332FEAB1435662FC6C672E25BEB37BE3
C:\Windows\SysWOW64\explorer.exe --a---- 2616320 bytes [17:17 08/08/2011] [05:30 25/02/2011] 8B88EBBB05A0E56B7DCC708498C02B3E
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe --a---- 2872320 bytes [03:24 21/11/2010] [03:24 21/11/2010] AC4C51EB24AA95B77F705AB159189E24
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe --a---- 2871808 bytes [17:17 08/08/2011] [06:19 25/02/2011] 332FEAB1435662FC6C672E25BEB37BE3
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe --a---- 2871808 bytes [17:17 08/08/2011] [06:14 26/02/2011] 3B69712041F3D63605529BD66DC00C48
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe --a---- 2616320 bytes [03:24 21/11/2010] [03:24 21/11/2010] 40D777B7A95E00593EB1568C68514493
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe --a---- 2616320 bytes [17:17 08/08/2011] [05:30 25/02/2011] 8B88EBBB05A0E56B7DCC708498C02B3E
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe --a---- 2616320 bytes [17:17 08/08/2011] [05:19 26/02/2011] 0FB9C74046656D1579A64660AD67B746

Searching for "wininit.exe"
C:\Windows\ERDNT\cache64\wininit.exe --a---- 129024 bytes [02:58 19/10/2011] [01:39 14/07/2009] 94355C28C1970635A31B3FE52EB7CEBA
C:\Windows\ERDNT\cache86\wininit.exe --a---- 96256 bytes [02:59 19/10/2011] [01:14 14/07/2009] B5C5DCAD3899512020D135600129D665
C:\Windows\System32\wininit.exe --a---- 129024 bytes [23:52 13/07/2009] [01:39 14/07/2009] 94355C28C1970635A31B3FE52EB7CEBA
C:\Windows\SysWOW64\wininit.exe --a---- 96256 bytes [23:36 13/07/2009] [01:14 14/07/2009] B5C5DCAD3899512020D135600129D665
C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe --a---- 129024 bytes [23:52 13/07/2009] [01:39 14/07/2009] 94355C28C1970635A31B3FE52EB7CEBA
C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe --a---- 96256 bytes [23:36 13/07/2009] [01:14 14/07/2009] B5C5DCAD3899512020D135600129D665

Searching for "winlogon.exe"
C:\Windows\ERDNT\cache64\winlogon.exe --a---- 390656 bytes [02:58 19/10/2011] [03:24 21/11/2010] 1151B1BAA6F350B1DB6598E0FEA7C457
C:\Windows\System32\winlogon.exe --a---- 390656 bytes [03:24 21/11/2010] [03:24 21/11/2010] 1151B1BAA6F350B1DB6598E0FEA7C457
C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe --a---- 390656 bytes [03:24 21/11/2010] [03:24 21/11/2010] 1151B1BAA6F350B1DB6598E0FEA7C457

Searching for "iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe --a---- 754480 bytes [19:48 21/10/2011] [19:48 21/10/2011] F1424C1B9B1813BF825E45DF3790BC8A
C:\Program Files (x86)\Internet Explorer\iexplore.exe --a---- 748336 bytes [19:48 21/10/2011] [19:48 21/10/2011] 904E13BA41AF2E353A32CF351CA53639
C:\Windows\ERDNT\cache86\iexplore.exe --a---- 748336 bytes [02:59 19/10/2011] [19:48 21/10/2011] 904E13BA41AF2E353A32CF351CA53639
C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe --a---- 695056 bytes [03:24 21/11/2010] [03:24 21/11/2010] 86257731DDB311FBC283534CC0091634
C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe --a---- 754480 bytes [19:48 21/10/2011] [19:48 21/10/2011] F1424C1B9B1813BF825E45DF3790BC8A
C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe --a---- 673040 bytes [03:25 21/11/2010] [03:25 21/11/2010] C613E69C3B191BB02C7A191741A1D024
C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe --a---- 748336 bytes [19:48 21/10/2011] [19:48 21/10/2011] 904E13BA41AF2E353A32CF351CA53639

-= EOF =-

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 AM

Posted 29 October 2011 - 07:30 AM

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
CopyFile:
C:\Windows\ERDNT\cache86\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe
  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 That_Steve_Guy

That_Steve_Guy
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 29 October 2011 - 09:37 AM

tried to run got syntax error, so i used the designer to recreate your script (missing quotes).


CopyFile:
C:\Windows\ERDNT\cache86\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"

Here is the log:

BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
CopyFileOnReboot: sourceFile = "\??\c:\windows\erdnt\cache86\iexplore.exe", destinationFile = "\??\c:\program files\internet explorer\iexplore.exe"CopyFile: ZwCreateFile failed: status = c0000022

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 AM

Posted 29 October 2011 - 09:53 AM

how are things doing now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 That_Steve_Guy

That_Steve_Guy
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 29 October 2011 - 10:01 AM

RUnning with the same issues.

It seems you have come to the same deterimination i have which is that executibles have been replaced with bad ones.

Is it time to do a system whipe and restore to teh laptops original condition?

steve

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 AM

Posted 29 October 2011 - 10:08 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users