Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.zeroaccess.b again!


  • This topic is locked This topic is locked
12 replies to this topic

#1 ljra101808

ljra101808

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 21 February 2012 - 11:38 PM

Hi, I ran a virus scan on MBAM and it said that I have no malware. But just to be sure I also ran my Norton 360 Premier Edition and it showed me that I had a threat by the name of trojan.zeroacess.b. This is actually not my first time asking for help and last time I thought that it disappeared from my computer forever. Is this a sign saying that my laptop is now hopeless or is there any way to be able to completely remove it?

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:45 AM

Posted 27 February 2012 - 10:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 ljra101808

ljra101808
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 27 February 2012 - 10:43 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by Loren Janina at 19:30:47 on 2012-02-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3964.2351 [GMT -7:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.4.0.12\ccSvcHst.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.4.0.12\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\windows\splwow64.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://www.toshiba.ca/welcome
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 0.0.0.0:80
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.4.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.4.0.12\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.4.0.12\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254 75.153.176.1
TCP: Interfaces\{F2DBCE5F-27E0-4B2E-9BD6-69FE163CCA4C} : DhcpNameServer = 192.168.1.254 75.153.176.1
TCP: Interfaces\{F2DBCE5F-27E0-4B2E-9BD6-69FE163CCA4C}\141313734444 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F2DBCE5F-27E0-4B2E-9BD6-69FE163CCA4C}\34C6F65746 : DhcpNameServer = 205.233.109.39 205.233.109.40
TCP: Interfaces\{F2DBCE5F-27E0-4B2E-9BD6-69FE163CCA4C}\4756C65737835454 : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.4.0.12\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.4.0.12\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.4.0.12\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Loren Janina\AppData\Roaming\Mozilla\Firefox\Profiles\ekvgdjv7.Loren Janina\
FF - prefs.js: browser.startup.homepage - www.odb.org
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS --> C:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS --> C:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2012-2-15 1157240]
R1 ccHP;Symantec Hash Provider;C:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys --> C:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120224.002\IDSviA64.sys [2012-2-24 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS --> C:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\windows\system32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS --> C:\windows\system32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-1 652360]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.4.0.12\ccsvchst.exe [2012-1-28 126400]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-4 138360]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-10-10 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 135664]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-02-25 23:47:06 -------- d-----w- C:\Users\Loren Janina\AppData\Local\{C360AEDA-2FB0-423D-B141-9696491ED86E}
2012-02-25 23:45:53 -------- d-----w- C:\Users\Loren Janina\AppData\Local\{DF98701C-AA5A-4B9C-929C-11FBF1FA8433}
2012-02-25 23:45:42 -------- d-----w- C:\Users\Loren Janina\AppData\Local\{F2AA3D41-8DB5-4834-AB44-11BD35D4A582}
2012-02-25 23:44:48 -------- d-----w- C:\Users\Loren Janina\AppData\Local\{573672AF-D7DF-442E-B236-31D9A545070F}
2012-02-25 23:44:36 -------- d-----w- C:\Users\Loren Janina\AppData\Local\{CA0B2D45-EE24-478F-BFB7-D8F24D573D53}
2012-02-25 23:32:20 -------- d-----w- C:\Users\Loren Janina\AppData\Local\{06BCC5CE-63A5-4AF5-AF8B-F59459B1076B}
2012-02-25 23:32:05 -------- d-----w- C:\Users\Loren Janina\AppData\Local\{B970AE6E-5B66-4200-B5AC-C088CF1DD931}
2012-02-25 23:31:36 -------- d-----w- C:\Users\Loren Janina\AppData\Local\{3AAABD37-02C6-4229-9A1F-B25688ABEED7}
2012-02-25 06:37:03 -------- d-----w- C:\Users\Loren Janina\AppData\Local\{697DD594-FDA6-488F-BA1C-E7C3604FCB02}
2012-02-25 06:36:49 -------- d-----w- C:\Users\Loren Janina\AppData\Local\{7BB79298-D90B-4B89-A893-6F34A131221F}
2012-02-15 01:17:07 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-02-15 01:17:07 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
2012-02-15 01:17:05 515584 ----a-w- C:\windows\System32\timedate.cpl
2012-02-15 01:17:05 478720 ----a-w- C:\windows\SysWow64\timedate.cpl
2012-02-15 01:17:04 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-02-15 01:17:03 498688 ----a-w- C:\windows\System32\drivers\afd.sys
2012-01-30 10:07:01 -------- d-----w- C:\Program Files\iTunes
2012-01-30 10:07:01 -------- d-----w- C:\Program Files\iPod
.
==================== Find3M ====================
.
2012-02-16 23:47:00 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-26 21:52:50 173104 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2012-01-04 00:48:42 354176 ----a-w- C:\windows\SysWow64\DivXControlPanelApplet.cpl
2012-01-03 11:45:34 54272 ----a-w- C:\windows\System32\consrv.dll
2011-12-16 08:47:38 1188864 ----a-w- C:\windows\System32\wininet.dll
2011-12-16 08:46:06 634880 ----a-w- C:\windows\System32\msvcrt.dll
2011-12-16 07:54:22 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2011-12-16 07:52:58 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll
2011-12-16 06:44:38 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-12-16 06:09:17 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-12-10 22:24:08 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
.
============= FINISH: 19:32:56.16 ===============


19:37:27.0163 6692 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
19:37:28.0971 6692 ============================================================
19:37:28.0971 6692 Current date / time: 2012/02/27 19:37:28.0971
19:37:28.0971 6692 SystemInfo:
19:37:28.0971 6692
19:37:28.0971 6692 OS Version: 6.1.7601 ServicePack: 1.0
19:37:28.0971 6692 Product type: Workstation
19:37:28.0972 6692 ComputerName: LORENJANINA-PC
19:37:28.0972 6692 UserName: Loren Janina
19:37:28.0972 6692 Windows directory: C:\windows
19:37:28.0972 6692 System windows directory: C:\windows
19:37:28.0972 6692 Running under WOW64
19:37:28.0972 6692 Processor architecture: Intel x64
19:37:28.0972 6692 Number of processors: 2
19:37:28.0972 6692 Page size: 0x1000
19:37:28.0972 6692 Boot type: Normal boot
19:37:28.0972 6692 ============================================================
19:37:30.0222 6692 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:37:30.0234 6692 \Device\Harddisk0\DR0:
19:37:30.0234 6692 MBR used
19:37:30.0234 6692 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38B54800
19:37:30.0266 6692 Initialize success
19:37:30.0266 6692 ============================================================
19:37:32.0761 5296 ============================================================
19:37:32.0761 5296 Scan started
19:37:32.0761 5296 Mode: Manual;
19:37:32.0761 5296 ============================================================
19:37:33.0560 5296 Scan interrupted by user!
19:37:33.0561 5296 Scan interrupted by user!
19:37:33.0561 5296 Scan interrupted by user!
19:37:33.0561 5296 ============================================================
19:37:33.0561 5296 Scan finished
19:37:33.0561 5296 ============================================================
19:37:33.0576 6628 Detected object count: 0
19:37:33.0576 6628 Actual detected object count: 0
19:37:39.0890 5352 ============================================================
19:37:39.0890 5352 Scan started
19:37:39.0890 5352 Mode: Manual;
19:37:39.0890 5352 ============================================================
19:37:41.0281 5352 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
19:37:41.0285 5352 1394ohci - ok
19:37:41.0394 5352 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
19:37:41.0399 5352 ACPI - ok
19:37:41.0498 5352 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
19:37:41.0500 5352 AcpiPmi - ok
19:37:41.0603 5352 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
19:37:41.0611 5352 adp94xx - ok
19:37:41.0711 5352 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
19:37:41.0718 5352 adpahci - ok
19:37:41.0826 5352 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
19:37:41.0831 5352 adpu320 - ok
19:37:41.0956 5352 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
19:37:41.0964 5352 AFD - ok
19:37:42.0059 5352 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
19:37:42.0062 5352 agp440 - ok
19:37:42.0173 5352 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
19:37:42.0175 5352 aliide - ok
19:37:42.0278 5352 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
19:37:42.0280 5352 amdide - ok
19:37:42.0386 5352 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
19:37:42.0388 5352 AmdK8 - ok
19:37:42.0468 5352 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
19:37:42.0470 5352 AmdPPM - ok
19:37:42.0574 5352 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
19:37:42.0577 5352 amdsata - ok
19:37:42.0677 5352 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
19:37:42.0681 5352 amdsbs - ok
19:37:42.0797 5352 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
19:37:42.0799 5352 amdxata - ok
19:37:44.0150 5352 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
19:37:44.0152 5352 AppID - ok
19:37:44.0301 5352 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
19:37:44.0304 5352 arc - ok
19:37:44.0403 5352 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
19:37:44.0406 5352 arcsas - ok
19:37:44.0488 5352 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:37:44.0490 5352 AsyncMac - ok
19:37:44.0591 5352 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
19:37:44.0593 5352 atapi - ok
19:37:44.0709 5352 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\windows\system32\DRIVERS\athrx.sys
19:37:44.0731 5352 athr - ok
19:37:44.0845 5352 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
19:37:44.0853 5352 b06bdrv - ok
19:37:44.0950 5352 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:37:44.0955 5352 b57nd60a - ok
19:37:45.0055 5352 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:37:45.0056 5352 Beep - ok
19:37:45.0292 5352 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120215.001\BHDrvx64.sys
19:37:45.0310 5352 BHDrvx64 - ok
19:37:45.0413 5352 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
19:37:45.0416 5352 blbdrive - ok
19:37:45.0543 5352 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
19:37:45.0546 5352 bowser - ok
19:37:45.0627 5352 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
19:37:45.0628 5352 BrFiltLo - ok
19:37:45.0703 5352 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
19:37:45.0705 5352 BrFiltUp - ok
19:37:46.0985 5352 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
19:37:46.0988 5352 BridgeMP - ok
19:37:47.0084 5352 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:37:47.0089 5352 Brserid - ok
19:37:47.0171 5352 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:37:47.0173 5352 BrSerWdm - ok
19:37:47.0260 5352 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:37:47.0261 5352 BrUsbMdm - ok
19:37:47.0349 5352 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:37:47.0351 5352 BrUsbSer - ok
19:37:47.0437 5352 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
19:37:47.0440 5352 BTHMODEM - ok
19:37:47.0606 5352 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys
19:37:47.0616 5352 ccHP - ok
19:37:47.0707 5352 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:37:47.0710 5352 cdfs - ok
19:37:47.0813 5352 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
19:37:47.0817 5352 cdrom - ok
19:37:47.0947 5352 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
19:37:47.0950 5352 circlass - ok
19:37:48.0041 5352 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:37:48.0048 5352 CLFS - ok
19:37:48.0175 5352 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:37:48.0177 5352 CmBatt - ok
19:37:48.0261 5352 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
19:37:48.0263 5352 cmdide - ok
19:37:48.0357 5352 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
19:37:48.0365 5352 CNG - ok
19:37:48.0470 5352 CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\windows\system32\drivers\CHDRT64.sys
19:37:48.0482 5352 CnxtHdAudService - ok
19:37:48.0575 5352 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
19:37:48.0577 5352 Compbatt - ok
19:37:49.0870 5352 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
19:37:49.0872 5352 CompositeBus - ok
19:37:49.0975 5352 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
19:37:49.0977 5352 crcdisk - ok
19:37:50.0108 5352 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
19:37:50.0111 5352 DfsC - ok
19:37:50.0203 5352 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:37:50.0204 5352 discache - ok
19:37:50.0296 5352 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
19:37:50.0299 5352 Disk - ok
19:37:50.0398 5352 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:37:50.0399 5352 drmkaud - ok
19:37:50.0512 5352 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
19:37:50.0528 5352 DXGKrnl - ok
19:37:50.0680 5352 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
19:37:50.0726 5352 ebdrv - ok
19:37:50.0818 5352 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:37:50.0825 5352 eeCtrl - ok
19:37:50.0939 5352 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
19:37:50.0947 5352 elxstor - ok
19:37:51.0069 5352 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:37:51.0072 5352 EraserUtilRebootDrv - ok
19:37:51.0158 5352 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
19:37:51.0160 5352 ErrDev - ok
19:37:51.0255 5352 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:37:51.0257 5352 exfat - ok
19:37:51.0344 5352 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:37:51.0346 5352 fastfat - ok
19:37:51.0429 5352 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
19:37:51.0431 5352 fdc - ok
19:37:51.0525 5352 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:37:51.0528 5352 FileInfo - ok
19:37:52.0865 5352 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:37:52.0867 5352 Filetrace - ok
19:37:52.0944 5352 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
19:37:52.0946 5352 flpydisk - ok
19:37:53.0047 5352 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
19:37:53.0052 5352 FltMgr - ok
19:37:53.0146 5352 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:37:53.0149 5352 FsDepends - ok
19:37:53.0238 5352 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\windows\system32\DRIVERS\fssfltr.sys
19:37:53.0240 5352 fssfltr - ok
19:37:53.0330 5352 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
19:37:53.0357 5352 Fs_Rec - ok
19:37:53.0464 5352 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
19:37:53.0467 5352 fvevol - ok
19:37:53.0562 5352 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
19:37:53.0563 5352 FwLnk - ok
19:37:53.0656 5352 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
19:37:53.0658 5352 gagp30kx - ok
19:37:53.0738 5352 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:37:53.0741 5352 GEARAspiWDM - ok
19:37:53.0894 5352 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:37:53.0896 5352 hcw85cir - ok
19:37:54.0001 5352 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
19:37:54.0008 5352 HdAudAddService - ok
19:37:54.0108 5352 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
19:37:54.0110 5352 HDAudBus - ok
19:37:54.0193 5352 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
19:37:54.0196 5352 HidBatt - ok
19:37:54.0275 5352 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
19:37:54.0277 5352 HidBth - ok
19:37:54.0356 5352 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
19:37:54.0358 5352 HidIr - ok
19:37:55.0601 5352 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
19:37:55.0603 5352 HidUsb - ok
19:37:55.0719 5352 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
19:37:55.0721 5352 HpSAMD - ok
19:37:55.0829 5352 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
19:37:55.0840 5352 HTTP - ok
19:37:55.0928 5352 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
19:37:55.0929 5352 hwpolicy - ok
19:37:56.0023 5352 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
19:37:56.0026 5352 i8042prt - ok
19:37:56.0127 5352 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\windows\system32\DRIVERS\iaStor.sys
19:37:56.0131 5352 iaStor - ok
19:37:56.0239 5352 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
19:37:56.0246 5352 iaStorV - ok
19:37:56.0458 5352 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120224.002\IDSvia64.sys
19:37:56.0466 5352 IDSVia64 - ok
19:37:56.0741 5352 igfx (898ab5bfed7040d7ab07af01885eb944) C:\windows\system32\DRIVERS\igdkmd64.sys
19:37:56.0961 5352 igfx - ok
19:37:57.0059 5352 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
19:37:57.0062 5352 iirsp - ok
19:37:57.0200 5352 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
19:37:57.0201 5352 intelide - ok
19:37:57.0302 5352 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
19:37:57.0547 5352 intelppm - ok
19:37:58.0546 5352 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:37:58.0549 5352 IpFilterDriver - ok
19:37:58.0637 5352 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
19:37:58.0640 5352 IPMIDRV - ok
19:37:58.0733 5352 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:37:58.0736 5352 IPNAT - ok
19:37:58.0849 5352 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:37:58.0850 5352 IRENUM - ok
19:37:58.0941 5352 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
19:37:58.0943 5352 isapnp - ok
19:37:59.0034 5352 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
19:37:59.0039 5352 iScsiPrt - ok
19:37:59.0140 5352 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
19:37:59.0142 5352 kbdclass - ok
19:37:59.0299 5352 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
19:37:59.0301 5352 kbdhid - ok
19:37:59.0386 5352 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
19:37:59.0389 5352 KSecDD - ok
19:37:59.0468 5352 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
19:37:59.0472 5352 KSecPkg - ok
19:37:59.0560 5352 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:37:59.0561 5352 ksthunk - ok
19:37:59.0669 5352 L1C (655a5d8e80869781cce23760ada7e695) C:\windows\system32\DRIVERS\L1C62x64.sys
19:37:59.0673 5352 L1C - ok
19:37:59.0788 5352 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:37:59.0790 5352 lltdio - ok
19:37:59.0896 5352 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
19:37:59.0900 5352 LSI_FC - ok
19:37:59.0995 5352 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
19:37:59.0998 5352 LSI_SAS - ok
19:38:00.0084 5352 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
19:38:00.0087 5352 LSI_SAS2 - ok
19:38:00.0181 5352 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
19:38:00.0185 5352 LSI_SCSI - ok
19:38:01.0557 5352 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:38:01.0560 5352 luafv - ok
19:38:01.0670 5352 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
19:38:01.0671 5352 MBAMProtector - ok
19:38:01.0769 5352 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
19:38:01.0771 5352 megasas - ok
19:38:01.0856 5352 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
19:38:01.0862 5352 MegaSR - ok
19:38:01.0983 5352 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:38:01.0985 5352 Modem - ok
19:38:02.0066 5352 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:38:02.0067 5352 monitor - ok
19:38:02.0163 5352 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
19:38:02.0166 5352 mouclass - ok
19:38:02.0251 5352 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
19:38:02.0253 5352 mouhid - ok
19:38:02.0340 5352 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
19:38:02.0342 5352 mountmgr - ok
19:38:02.0434 5352 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
19:38:02.0438 5352 mpio - ok
19:38:02.0567 5352 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:38:02.0569 5352 mpsdrv - ok
19:38:02.0690 5352 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
19:38:02.0693 5352 MRxDAV - ok
19:38:02.0785 5352 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
19:38:02.0789 5352 mrxsmb - ok
19:38:02.0875 5352 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:38:02.0881 5352 mrxsmb10 - ok
19:38:02.0976 5352 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:38:02.0980 5352 mrxsmb20 - ok
19:38:03.0070 5352 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
19:38:03.0072 5352 msahci - ok
19:38:04.0385 5352 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
19:38:04.0389 5352 msdsm - ok
19:38:04.0538 5352 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:38:04.0539 5352 Msfs - ok
19:38:04.0619 5352 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:38:04.0620 5352 mshidkmdf - ok
19:38:04.0707 5352 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
19:38:04.0710 5352 msisadrv - ok
19:38:04.0815 5352 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:38:04.0817 5352 MSKSSRV - ok
19:38:04.0899 5352 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:38:04.0901 5352 MSPCLOCK - ok
19:38:04.0988 5352 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:38:04.0990 5352 MSPQM - ok
19:38:05.0088 5352 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
19:38:05.0092 5352 MsRPC - ok
19:38:05.0221 5352 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
19:38:05.0222 5352 mssmbios - ok
19:38:05.0315 5352 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:38:05.0317 5352 MSTEE - ok
19:38:05.0395 5352 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
19:38:05.0397 5352 MTConfig - ok
19:38:05.0492 5352 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:38:05.0494 5352 Mup - ok
19:38:05.0629 5352 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:38:05.0634 5352 NativeWifiP - ok
19:38:05.0820 5352 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120226.016\ENG64.SYS
19:38:05.0822 5352 NAVENG - ok
19:38:06.0031 5352 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120226.016\EX64.SYS
19:38:06.0050 5352 NAVEX15 - ok
19:38:07.0383 5352 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
19:38:07.0397 5352 NDIS - ok
19:38:07.0487 5352 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:38:07.0489 5352 NdisCap - ok
19:38:07.0575 5352 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:38:07.0577 5352 NdisTapi - ok
19:38:07.0666 5352 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
19:38:07.0668 5352 Ndisuio - ok
19:38:07.0755 5352 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
19:38:07.0759 5352 NdisWan - ok
19:38:07.0860 5352 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
19:38:07.0861 5352 NDProxy - ok
19:38:07.0951 5352 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:38:07.0953 5352 NetBIOS - ok
19:38:08.0039 5352 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
19:38:08.0044 5352 NetBT - ok
19:38:08.0199 5352 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
19:38:08.0201 5352 nfrd960 - ok
19:38:08.0301 5352 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:38:08.0303 5352 Npfs - ok
19:38:08.0390 5352 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:38:08.0391 5352 nsiproxy - ok
19:38:08.0511 5352 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
19:38:08.0528 5352 Ntfs - ok
19:38:08.0613 5352 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:38:08.0613 5352 Null - ok
19:38:08.0706 5352 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
19:38:08.0710 5352 nvraid - ok
19:38:08.0795 5352 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
19:38:08.0799 5352 nvstor - ok
19:38:08.0902 5352 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
19:38:08.0906 5352 nv_agp - ok
19:38:10.0261 5352 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
19:38:10.0264 5352 ohci1394 - ok
19:38:10.0437 5352 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
19:38:10.0439 5352 Parport - ok
19:38:10.0528 5352 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
19:38:10.0530 5352 partmgr - ok
19:38:10.0622 5352 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
19:38:10.0626 5352 pci - ok
19:38:10.0720 5352 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
19:38:10.0722 5352 pciide - ok
19:38:10.0805 5352 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
19:38:10.0810 5352 pcmcia - ok
19:38:10.0890 5352 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:38:10.0892 5352 pcw - ok
19:38:10.0988 5352 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:38:10.0998 5352 PEAUTH - ok
19:38:11.0098 5352 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
19:38:11.0100 5352 PGEffect - ok
19:38:11.0247 5352 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
19:38:11.0250 5352 PptpMiniport - ok
19:38:11.0352 5352 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
19:38:11.0355 5352 Processor - ok
19:38:11.0446 5352 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
19:38:11.0448 5352 Psched - ok
19:38:11.0565 5352 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
19:38:11.0587 5352 ql2300 - ok
19:38:11.0667 5352 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
19:38:11.0671 5352 ql40xx - ok
19:38:11.0757 5352 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:38:11.0760 5352 QWAVEdrv - ok
19:38:11.0845 5352 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:38:11.0847 5352 RasAcd - ok
19:38:13.0041 5352 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:38:13.0044 5352 RasAgileVpn - ok
19:38:13.0200 5352 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
19:38:13.0203 5352 Rasl2tp - ok
19:38:13.0305 5352 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:38:13.0307 5352 RasPppoe - ok
19:38:13.0404 5352 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:38:13.0407 5352 RasSstp - ok
19:38:13.0503 5352 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
19:38:13.0509 5352 rdbss - ok
19:38:13.0593 5352 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
19:38:13.0595 5352 rdpbus - ok
19:38:13.0678 5352 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:38:13.0679 5352 RDPCDD - ok
19:38:13.0781 5352 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:38:13.0782 5352 RDPENCDD - ok
19:38:13.0872 5352 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:38:13.0873 5352 RDPREFMP - ok
19:38:13.0980 5352 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
19:38:13.0982 5352 RDPWD - ok
19:38:14.0094 5352 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
19:38:14.0098 5352 rdyboost - ok
19:38:14.0214 5352 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\windows\system32\Drivers\RimUsb_AMD64.sys
19:38:14.0216 5352 RimUsb - ok
19:38:14.0332 5352 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
19:38:14.0334 5352 RimVSerPort - ok
19:38:14.0464 5352 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\windows\system32\Drivers\RootMdm.sys
19:38:14.0465 5352 ROOTMODEM - ok
19:38:14.0572 5352 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:38:14.0575 5352 rspndr - ok
19:38:14.0669 5352 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\windows\system32\Drivers\RtsUStor.sys
19:38:14.0672 5352 RSUSBSTOR - ok
19:38:15.0955 5352 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
19:38:15.0958 5352 sbp2port - ok
19:38:16.0044 5352 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
19:38:16.0046 5352 scfilter - ok
19:38:16.0190 5352 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:38:16.0191 5352 secdrv - ok
19:38:16.0291 5352 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
19:38:16.0293 5352 Serenum - ok
19:38:16.0382 5352 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
19:38:16.0385 5352 Serial - ok
19:38:16.0469 5352 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
19:38:16.0471 5352 sermouse - ok
19:38:16.0575 5352 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
19:38:16.0577 5352 sffdisk - ok
19:38:16.0661 5352 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
19:38:16.0663 5352 sffp_mmc - ok
19:38:16.0753 5352 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
19:38:16.0754 5352 sffp_sd - ok
19:38:16.0837 5352 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
19:38:16.0839 5352 sfloppy - ok
19:38:16.0946 5352 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
19:38:16.0948 5352 SiSRaid2 - ok
19:38:17.0042 5352 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
19:38:17.0045 5352 SiSRaid4 - ok
19:38:17.0139 5352 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:38:17.0142 5352 Smb - ok
19:38:17.0292 5352 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:38:17.0293 5352 spldr - ok
19:38:17.0449 5352 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS
19:38:17.0456 5352 SRTSP - ok
19:38:17.0571 5352 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS
19:38:17.0573 5352 SRTSPX - ok
19:38:18.0949 5352 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
19:38:18.0957 5352 srv - ok
19:38:19.0048 5352 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
19:38:19.0055 5352 srv2 - ok
19:38:19.0157 5352 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
19:38:19.0162 5352 srvnet - ok
19:38:19.0261 5352 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
19:38:19.0263 5352 stexstor - ok
19:38:19.0388 5352 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
19:38:19.0389 5352 swenum - ok
19:38:19.0541 5352 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS
19:38:19.0549 5352 SymDS - ok
19:38:19.0732 5352 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS
19:38:19.0737 5352 SymEFA - ok
19:38:19.0837 5352 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
19:38:19.0839 5352 SymEvent - ok
19:38:19.0966 5352 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS
19:38:19.0970 5352 SymIRON - ok
19:38:20.0097 5352 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS
19:38:20.0106 5352 SYMTDIv - ok
19:38:20.0236 5352 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
19:38:20.0242 5352 SynTP - ok
19:38:20.0408 5352 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
19:38:20.0428 5352 Tcpip - ok
19:38:21.0787 5352 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
19:38:21.0803 5352 TCPIP6 - ok
19:38:21.0896 5352 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
19:38:21.0899 5352 tcpipreg - ok
19:38:21.0996 5352 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
19:38:21.0998 5352 tdcmdpst - ok
19:38:22.0081 5352 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:38:22.0083 5352 TDPIPE - ok
19:38:22.0173 5352 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
19:38:22.0175 5352 TDTCP - ok
19:38:22.0267 5352 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
19:38:22.0270 5352 tdx - ok
19:38:22.0362 5352 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
19:38:22.0365 5352 TermDD - ok
19:38:22.0520 5352 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
19:38:22.0522 5352 tssecsrv - ok
19:38:22.0673 5352 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
19:38:22.0675 5352 TsUsbFlt - ok
19:38:22.0775 5352 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
19:38:22.0778 5352 tunnel - ok
19:38:22.0883 5352 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
19:38:22.0885 5352 TVALZ - ok
19:38:22.0969 5352 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
19:38:22.0972 5352 uagp35 - ok
19:38:23.0074 5352 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
19:38:23.0081 5352 udfs - ok
19:38:23.0268 5352 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
19:38:23.0271 5352 uliagpkx - ok
19:38:23.0417 5352 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
19:38:23.0419 5352 umbus - ok
19:38:24.0797 5352 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
19:38:24.0799 5352 UmPass - ok
19:38:24.0927 5352 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
19:38:24.0929 5352 USBAAPL64 - ok
19:38:25.0120 5352 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
19:38:25.0123 5352 usbccgp - ok
19:38:25.0438 5352 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
19:38:25.0441 5352 usbcir - ok
19:38:25.0680 5352 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
19:38:25.0683 5352 usbehci - ok
19:38:25.0876 5352 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
19:38:25.0882 5352 usbhub - ok
19:38:26.0092 5352 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
19:38:26.0094 5352 usbohci - ok
19:38:26.0253 5352 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
19:38:26.0255 5352 usbprint - ok
19:38:26.0439 5352 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
19:38:26.0442 5352 usbscan - ok
19:38:26.0573 5352 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:38:26.0576 5352 USBSTOR - ok
19:38:28.0051 5352 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys
19:38:28.0053 5352 usbuhci - ok
19:38:28.0520 5352 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
19:38:28.0523 5352 usbvideo - ok
19:38:28.0644 5352 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
19:38:28.0645 5352 vdrvroot - ok
19:38:28.0754 5352 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:38:28.0757 5352 vga - ok
19:38:28.0864 5352 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:38:28.0866 5352 VgaSave - ok
19:38:28.0982 5352 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
19:38:28.0986 5352 vhdmp - ok
19:38:29.0100 5352 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
19:38:29.0102 5352 viaide - ok
19:38:29.0218 5352 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
19:38:29.0220 5352 volmgr - ok
19:38:29.0344 5352 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
19:38:29.0350 5352 volmgrx - ok
19:38:29.0469 5352 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
19:38:29.0475 5352 volsnap - ok
19:38:29.0598 5352 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
19:38:29.0602 5352 vsmraid - ok
19:38:29.0697 5352 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
19:38:29.0699 5352 vwifibus - ok
19:38:29.0791 5352 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
19:38:29.0794 5352 vwififlt - ok
19:38:29.0913 5352 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
19:38:29.0915 5352 vwifimp - ok
19:38:31.0277 5352 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
19:38:31.0279 5352 WacomPen - ok
19:38:31.0376 5352 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:38:31.0379 5352 WANARP - ok
19:38:31.0390 5352 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:38:31.0393 5352 Wanarpv6 - ok
19:38:31.0517 5352 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
19:38:31.0519 5352 Wd - ok
19:38:31.0613 5352 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:38:31.0623 5352 Wdf01000 - ok
19:38:31.0751 5352 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:38:31.0753 5352 WfpLwf - ok
19:38:31.0844 5352 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:38:31.0846 5352 WIMMount - ok
19:38:31.0988 5352 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
19:38:31.0990 5352 WinUsb - ok
19:38:32.0103 5352 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
19:38:32.0105 5352 WmiAcpi - ok
19:38:32.0210 5352 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:38:32.0211 5352 ws2ifsl - ok
19:38:32.0323 5352 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
19:38:32.0326 5352 WudfPf - ok
19:38:32.0418 5352 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
19:38:32.0422 5352 WUDFRd - ok
19:38:32.0479 5352 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
19:38:32.0540 5352 \Device\Harddisk0\DR0 - ok
19:38:32.0553 5352 Boot (0x1200) (8c0f726bbb61dcb9c75ebbeb93e7b670) \Device\Harddisk0\DR0\Partition0
19:38:32.0555 5352 \Device\Harddisk0\DR0\Partition0 - ok
19:38:32.0555 5352 ============================================================
19:38:32.0555 5352 Scan finished
19:38:32.0555 5352 ============================================================
19:38:32.0573 3196 Detected object count: 0
19:38:32.0573 3196 Actual detected object count: 0


-----------------

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-27 19:42:37
-----------------------------
19:42:37.705 OS Version: Windows x64 6.1.7601 Service Pack 1
19:42:37.706 Number of processors: 2 586 0x170A
19:42:37.707 ComputerName: LORENJANINA-PC UserName: Loren Janina
19:42:39.692 Initialize success
19:43:37.423 AVAST engine defs: 12022701
19:43:50.320 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:43:50.324 Disk 0 Vendor: TOSHIBA_ GH01 Size: 476940MB BusType: 3
19:43:50.387 Disk 0 MBR read successfully
19:43:50.392 Disk 0 MBR scan
19:43:50.407 Disk 0 Windows VISTA default MBR code
19:43:50.418 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:43:50.438 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464553 MB offset 3074048
19:43:50.475 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10886 MB offset 954478592
19:43:50.534 Disk 0 scanning C:\windows\system32\drivers
19:44:15.365 Service scanning
19:45:45.254 Modules scanning
19:45:45.268 Disk 0 trace - called modules:
19:45:45.323 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:45:45.333 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005049060]
19:45:45.342 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046ce050]
19:45:46.541 AVAST engine scan C:\windows
19:45:51.675 AVAST engine scan C:\windows\system32
19:53:54.901 AVAST engine scan C:\windows\system32\drivers
19:54:38.268 AVAST engine scan C:\Users\Loren Janina
20:14:48.196 AVAST engine scan C:\ProgramData
20:21:19.755 Scan finished successfully
20:41:26.433 Disk 0 MBR has been saved successfully to "C:\Users\Loren Janina\Desktop\MBR.dat"
20:41:26.440 The log file has been saved successfully to "C:\Users\Loren Janina\Desktop\aswMBR.txt"

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:45 AM

Posted 28 February 2012 - 10:09 AM

Please download this ListPart.exe to a folder of you choice.

Select the proper tool for your system.

For x86 (x32) bit systems please download Listparts
For x64 bit systems please download Listparts64
Run the tool as an Administrator , click Scan and copy and post the log (Result.txt) in your next reply.

#5 ljra101808

ljra101808
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 28 February 2012 - 08:44 PM

ListParts by Farbar
Ran by Loren Janina (administrator) on 28-02-2012 at 18:43:20
Windows 7 (X64)
Running From: C:\Users\Loren Janina\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 52%
Total physical RAM: 3963.97 MB
Available physical RAM: 1869.12 MB
Total Pagefile: 7926.13 MB
Available Pagefile: 5928.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (S3A8944D003) (Fixed) (Total:453.67 GB) (Free:131.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 453 GB 1501 MB
Partition 3 Primary 10 GB 455 GB

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 System NTFS Partition 1500 MB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C S3A8944D003 NTFS Partition 453 GB Healthy Boot

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.



****** End Of Log ******

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:45 AM

Posted 29 February 2012 - 09:51 AM

The partition is good.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Edited by nasdaq, 29 February 2012 - 02:40 PM.


#7 ljra101808

ljra101808
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 29 February 2012 - 10:01 PM

Hi, ComboFix restarted the computer and so restarted again. When I checked in again on the computer it showed the log, but when I went to go on Mozilla, it said, "Illegal operation attempted on a registry key that has been marked for deletion." I tried clicking on anything like Internet Explorer and Notepad but it showed the same box.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:45 AM

Posted 01 March 2012 - 09:49 AM

Restart the computer normally.

You should now be able to copy and post the ComboFix log.

#9 ljra101808

ljra101808
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 01 March 2012 - 11:12 PM

Thank you for the tip. Here's the log.

ComboFix 12-02-29.01 - Loren Janina 01/03/2012 20:41:57.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3964.1991 [GMT -7:00]
Running from: c:\users\Loren Janina\Desktop\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 )))))))))))))))))))))))))))))))
.
.
2012-03-02 03:56 . 2012-03-02 03:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-02 03:56 . 2012-03-02 03:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-26 20:46 . 2012-02-26 20:46 -------- d-----w- c:\users\Lois Jeremi\AppData\Roaming\Foxit Software
2012-02-15 01:17 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 01:17 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 01:17 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 01:17 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 01:17 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 01:17 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 23:47 . 2011-11-26 05:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-26 21:52 . 2012-01-26 21:53 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-01-11 17:21 . 2012-01-11 17:21 388096 ----a-r- c:\users\Loren Janina\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2012-01-03 11:45 . 2009-07-13 23:31 54272 ----a-w- c:\windows\system32\consrv.dll
2011-12-10 22:24 . 2012-01-05 21:44 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-01_02.49.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-03-01 02:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-25 05:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-02-25 05:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-01 02:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-25 05:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-01 02:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-23 06:03 . 2012-03-02 00:22 55818 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-02-29 00:06 45926 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-02 00:22 45926 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-03 22:34 . 2012-03-02 00:22 13278 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3017790401-2291089053-199566039-1003_UserData.bin
+ 2010-12-25 20:56 . 2012-03-01 02:50 17382 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3017790401-2291089053-199566039-1001_UserData.bin
+ 2010-12-25 23:49 . 2012-03-02 03:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-25 23:49 . 2012-03-01 02:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-11 17:09 . 2012-03-02 03:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-11 17:09 . 2012-03-01 02:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-02 03:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-01 02:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-25 20:57 . 2012-03-01 02:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-25 20:57 . 2012-03-02 00:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-25 20:57 . 2012-03-01 02:51 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-25 20:57 . 2012-03-02 00:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-25 20:57 . 2012-03-01 02:51 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-25 20:57 . 2012-03-02 00:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-25 20:58 . 2012-03-01 02:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-25 20:58 . 2012-03-02 01:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-25 20:58 . 2012-03-02 01:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-25 20:58 . 2012-03-01 02:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-22 06:57 . 2011-11-22 06:57 68880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
+ 2011-11-22 05:31 . 2011-11-22 05:31 57616 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-02-15 08:22 . 2012-02-15 08:22 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-02-15 08:22 . 2012-02-15 08:22 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-03-02 03:53 . 2012-03-02 03:53 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\a4e98103e5d36bf22ef19c64442543f2\Microsoft.VisualC.ni.dll
+ 2012-03-02 01:08 . 2012-03-02 01:08 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\cbd21f19057f07ec2cb55b2bef91f344\dfsvc.ni.exe
+ 2012-03-02 01:08 . 2012-03-02 01:08 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\52890eb2a4f8d822bff7e9cddc713fb5\Accessibility.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\9a3f2f7233160bfcb2fd278d05da630c\UIAutomationProvider.ni.dll
+ 2012-03-02 01:06 . 2012-03-02 01:06 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\931e299528cf8cb4c1b7321e5be5fb1e\System.Windows.Presentation.ni.dll
+ 2012-03-02 01:06 . 2012-03-02 01:06 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\89383b658e1538a95c9004e5b30fff39\System.Web.ApplicationServices.ni.dll
+ 2012-03-02 01:06 . 2012-03-02 01:06 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5173df5175ccade890b8e0117297fdae\System.ServiceModel.Channels.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\541d664486e505282e6805462b288507\System.AddIn.Contract.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\bf2bfecb57a7987d05968d7494512ce8\Microsoft.VisualC.ni.dll
+ 2012-03-02 01:03 . 2012-03-02 01:03 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\cbc5e9834f47c0aaa4808764ac2afd11\Accessibility.ni.dll
+ 2012-03-02 03:57 . 2012-03-02 03:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-01 02:48 . 2012-03-01 02:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-02 03:57 . 2012-03-02 03:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-01 02:48 . 2012-03-01 02:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-02 01:06 . 2012-03-02 01:06 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\1d9f36e98e17e1f594b25f42269801ac\System.Xml.Serialization.ni.dll
+ 2012-03-02 01:03 . 2012-03-02 01:03 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\ae8a2abe6e9b5931480460c20967b216\dfsvc.ni.exe
+ 2010-12-26 01:06 . 2012-03-02 03:15 316100 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2010-12-26 01:06 . 2012-02-29 03:19 316100 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-03-02 03:17 628874 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-01 02:03 628874 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-02 03:17 111026 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-01 02:03 111026 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-03-01 02:47 394284 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-02 03:56 394284 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-12-27 08:39 . 2012-03-02 03:56 985145 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3017790401-2291089053-199566039-1001-8192.dat
- 2010-12-27 08:39 . 2012-03-01 02:47 985145 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3017790401-2291089053-199566039-1001-8192.dat
+ 2011-11-22 06:57 . 2011-11-22 06:57 598784 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll
+ 2011-11-22 05:31 . 2011-11-22 05:31 518400 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-11-22 05:31 . 2011-11-22 05:31 957200 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-02-15 08:22 . 2012-02-15 08:22 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-02-15 08:22 . 2012-02-15 08:22 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-03-02 03:56 . 2012-03-02 03:56 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\b2a2a1fb4e1313088250b334b3af2a15\UIAutomationTypes.ni.dll
+ 2012-03-02 03:56 . 2012-03-02 03:56 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\89414bab411eb27c7c181df81b4d36a5\UIAutomationProvider.ni.dll
+ 2012-03-02 03:55 . 2012-03-02 03:55 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\910d557d55f4fc7bb51ace0546bd3c50\System.Xml.Linq.ni.dll
+ 2012-03-02 03:56 . 2012-03-02 03:56 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\dcb9e1eaa1491094f79c3288b8c78830\System.Windows.Input.Manipulations.ni.dll
+ 2012-03-02 03:55 . 2012-03-02 03:55 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\922f3f17f5112441e77f9d3d56d5b753\System.Transactions.ni.dll
+ 2012-03-02 03:52 . 2012-03-02 03:52 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\878946615037b9d5f09916c598420dc1\System.Security.ni.dll
+ 2012-03-02 03:56 . 2012-03-02 03:56 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\73cc698ccc98e37f53cdbff3687a921c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-03-02 03:56 . 2012-03-02 03:56 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\b73b4f0282ef46505b3e59702ded433b\System.Runtime.Remoting.ni.dll
+ 2012-03-02 03:52 . 2012-03-02 03:52 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\8064e773b9addf027658899e27e94c7b\System.Numerics.ni.dll
+ 2012-03-02 03:56 . 2012-03-02 03:56 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.Wrapper.dll
+ 2012-03-02 03:52 . 2012-03-02 03:52 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\cbc3e5d028dd347a294096f068a053d4\System.Dynamic.ni.dll
+ 2012-03-02 01:08 . 2012-03-02 01:08 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\30cf4fc2c247cf490879f5436c63017c\SMSvcHost.ni.exe
+ 2012-03-02 03:55 . 2012-03-02 03:55 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\b4f75962376771b6b6d39279d780abba\SMDiagnostics.ni.dll
+ 2012-03-02 03:55 . 2012-03-02 03:55 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\eaca48940ac6976d39d5de4d5b42fed6\PresentationFramework.Royale.ni.dll
+ 2012-03-02 03:55 . 2012-03-02 03:55 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\bdb41ce9ab6d561ddb8107255daaee30\PresentationFramework.Luna.ni.dll
+ 2012-03-02 03:55 . 2012-03-02 03:55 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\78310f7eef84b5f9ca4bf32798bd77f9\PresentationFramework.Aero.ni.dll
+ 2012-03-02 03:55 . 2012-03-02 03:55 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\64b86aebea22fd357f22384757caed3f\PresentationFramework.Classic.ni.dll
+ 2012-03-02 03:53 . 2012-03-02 03:53 422400 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\480ae0610a44148c6532d3d134f9956f\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-03-02 03:52 . 2012-03-02 03:52 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\16bf3be602620d349b25e6c2d08199a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-03-02 01:08 . 2012-03-02 01:08 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\f6b9abf9cd43524102ad9be82b7136d0\CustomMarshalers.ni.dll
+ 2012-03-02 01:06 . 2012-03-02 01:06 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\2e1468ce2858baafbab0482a638eb251\WindowsFormsIntegration.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\3229ca959686fc6c4e3ef5a9dd285cd4\UIAutomationTypes.ni.dll
+ 2012-03-02 01:06 . 2012-03-02 01:06 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\fa5ac28e670cb4917e8f3f22c059724b\UIAutomationClient.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\706f0cbe7c279c059b52ad8b4bd248d8\System.Xml.Linq.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\77cd8b170b07f428c98896e35eb556f3\System.Windows.Input.Manipulations.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\678637ab7a50a87b13c287992ef7fbd8\System.Transactions.ni.dll
+ 2012-03-02 01:06 . 2012-03-02 01:06 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9a1e3b04442d5c7ec79946335b412b8b\System.ServiceProcess.ni.dll
+ 2012-03-02 01:06 . 2012-03-02 01:06 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4808a59d1eb0e6484162f9a4a2eda748\System.ServiceModel.Routing.ni.dll
+ 2012-03-01 05:54 . 2012-03-01 05:54 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\68e9fba708d531093efed0d06fc255ae\System.Security.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8242a11970b6c106bc860a168fbf0d3c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\4017661cfa4a173b878d7e2a949c3a9e\System.Runtime.Remoting.ni.dll
+ 2012-03-01 05:54 . 2012-03-01 05:54 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\db65b5a04bb376ef4df08803ec27c12e\System.Numerics.ni.dll
+ 2012-03-02 01:06 . 2012-03-02 01:06 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\89e476c433069af1957535a158feac9a\System.Net.ni.dll
+ 2012-03-02 01:06 . 2012-03-02 01:06 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\0a7f81c69a451afc1c29f406af951b4e\System.Messaging.ni.dll
+ 2012-03-02 01:06 . 2012-03-02 01:06 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\04fec0e57becb283fbeddf031f2e201a\System.Management.Instrumentation.ni.dll
+ 2012-03-02 01:06 . 2012-03-02 01:06 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\5495c14e5629c89453853fa2a6e6fd3a\System.IO.Log.ni.dll
+ 2012-03-02 01:06 . 2012-03-02 01:06 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\6886e37c6d37f6d2523fe10dd02ce983\System.IdentityModel.Selectors.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\dfa641de28b73dda041bf7f47972b5eb\System.EnterpriseServices.Wrapper.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\dfa641de28b73dda041bf7f47972b5eb\System.EnterpriseServices.ni.dll
+ 2012-03-01 05:54 . 2012-03-01 05:54 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\7612a70db260ea55fe72f57cee028092\System.Dynamic.ni.dll
+ 2012-03-02 01:06 . 2012-03-02 01:06 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\d754996afc55c4ad30377765fb1af5f7\System.DirectoryServices.Protocols.ni.dll
+ 2012-03-02 01:06 . 2012-03-02 01:06 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\cf4a74f7bb940cfede8c0758026211a9\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-03-02 01:05 . 2012-03-02 01:05 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\77372a2fb9e95c02b2d76efcbed718bd\System.Device.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\623ae2e1d7735e14f9adb9d830f29d29\System.Data.DataSetExtensions.ni.dll
+ 2012-03-01 05:54 . 2012-03-01 05:54 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6757251401cd9c17d5e608db6e5f964a\System.Configuration.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\522ff751bd7c2d6560abd743c967eeef\System.Configuration.Install.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\90cc58de90e1d3cbb4a4c06600096331\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-03-01 05:54 . 2012-03-01 05:54 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\521d371ccd63aba119d74e1352fda6dc\System.ComponentModel.Composition.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\4281a2e60037fa6e043569d2b70ed864\System.AddIn.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\8e122e72de21cfbf2e41e6a338844415\System.Activities.DurableInstancing.ni.dll
+ 2012-03-02 01:03 . 2012-03-02 01:03 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\abec8eb49acd9d3dad8066795b9d095d\SMSvcHost.ni.exe
+ 2012-03-02 01:04 . 2012-03-02 01:04 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4e6da16e44ef441e463e006185b1b5d8\SMDiagnostics.ni.dll
+ 2012-03-01 05:54 . 2012-03-01 05:54 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ec80c61fa0d532d78f0b50eec27a4a1f\PresentationFramework.Classic.ni.dll
+ 2012-03-01 05:55 . 2012-03-01 05:55 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ec69ab111679b2775127815726f87a7d\PresentationFramework.Luna.ni.dll
+ 2012-03-01 05:54 . 2012-03-01 05:54 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e5cd234a62bbdaafdd21857a7cc3a28a\PresentationFramework.Royale.ni.dll
+ 2012-03-01 05:55 . 2012-03-01 05:55 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1c5b741f270fccb3b527b4fc3a8431f3\PresentationFramework.Aero.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\f730eb20c2189e35b0f0d0739c893057\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-03-02 01:03 . 2012-03-02 01:03 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\b25cf7ec03eb047aecbe2fcc842b3471\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-03-02 01:03 . 2012-03-02 01:03 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\ed336359eb1b1312b935f4692e71474b\CustomMarshalers.ni.dll
- 2011-01-07 05:40 . 2012-03-01 02:47 2124188 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3017790401-2291089053-199566039-1003-8192.dat
+ 2011-01-07 05:40 . 2012-03-02 03:56 2124188 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3017790401-2291089053-199566039-1003-8192.dat
+ 2011-11-22 05:31 . 2011-11-22 05:31 3512072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
+ 2011-11-22 06:57 . 2011-11-22 06:57 4970768 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
+ 2011-11-22 06:57 . 2011-11-22 06:57 1455376 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll
+ 2011-11-22 06:57 . 2011-11-22 06:57 1515792 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll
+ 2011-11-22 06:57 . 2011-11-22 06:57 9793280 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
+ 2011-11-22 05:31 . 2011-11-22 05:31 3512072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-11-22 05:31 . 2011-11-22 05:31 5201168 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-11-22 05:31 . 2011-11-22 05:31 1143568 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-11-22 05:31 . 2011-11-22 05:31 6727424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-02-15 08:22 . 2012-02-15 08:22 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-03-01 05:52 . 2012-03-01 05:52 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-02-15 08:23 . 2012-02-15 08:23 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-03-02 03:53 . 2012-03-02 03:53 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\02198c29552545c7d7e7a95ab39488e5\WindowsBase.ni.dll
+ 2012-03-02 03:46 . 2012-03-02 03:46 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\ecdcf3d1d7bc90546464d70a4bee843d\System.Xml.ni.dll
+ 2012-03-02 03:55 . 2012-03-02 03:55 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\3a9670f473f8f9291ca256d9a15fc281\System.Xaml.ni.dll
+ 2012-03-02 03:55 . 2012-03-02 03:55 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\1a361129f93a8190d8797b7c680baecc\System.Runtime.Serialization.ni.dll
+ 2012-03-02 03:55 . 2012-03-02 03:55 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\2c57eff357f1bc56d0367f04adcf6d76\System.Runtime.DurableInstancing.ni.dll
+ 2012-03-02 03:56 . 2012-03-02 03:56 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.ni.dll
+ 2012-03-02 03:55 . 2012-03-02 03:55 2290176 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\5b5fe518d1a632afaae9f24dd18cee2f\System.Drawing.ni.dll
+ 2012-03-02 03:56 . 2012-03-02 03:56 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\5eaf17b571cf9fb6f159a0c92d6244ab\System.DirectoryServices.ni.dll
+ 2012-03-02 03:56 . 2012-03-02 03:56 2402816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\0ce1b3a9a0192c2cdb16d848e78e6688\System.Deployment.ni.dll
+ 2012-03-02 03:56 . 2012-03-02 03:56 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\ca4a0bde02b2eb73d2e9f22925719ecf\System.Data.ni.dll
+ 2012-03-02 03:47 . 2012-03-02 03:47 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\657b967b5fd7819f273f5704197ce97e\System.Data.SqlXml.ni.dll
+ 2012-03-02 03:46 . 2012-03-02 03:46 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\c24ce44b45c0e0c0961a9755f192eb3a\System.Configuration.ni.dll
+ 2012-03-02 03:55 . 2012-03-02 03:55 2056192 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\68d02e44d8b1f23c21a116119fbb65d0\PresentationUI.ni.dll
+ 2012-03-02 03:52 . 2012-03-02 03:52 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\1903f5de0c7c33993c55319d4fc3062e\Microsoft.VisualBasic.ni.dll
+ 2012-03-02 03:52 . 2012-03-02 03:52 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\15b88fefd6d638f01856a68c14e2ab9b\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-03-02 03:53 . 2012-03-02 03:53 1843200 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\10bfd23b78a3492727e8b11e2fcbb990\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-03-02 03:52 . 2012-03-02 03:52 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2d92f0cffe052f601c1bca1f52425fef\Microsoft.Transactions.Bridge.ni.dll
+ 2012-03-02 03:46 . 2012-03-02 03:46 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\83f53b455553f5ad67e756f6762dc3b4\Microsoft.CSharp.ni.dll
+ 2012-03-01 05:54 . 2012-03-01 05:54 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\c0c7b3ff43f1b29cad7dde24bdbd5b79\WindowsBase.ni.dll
+ 2012-03-02 01:06 . 2012-03-02 01:06 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\75c3f67e1911f5b2b7f0e2d7349d7d3f\UIAutomationClientsideProviders.ni.dll
+ 2012-03-01 05:54 . 2012-03-01 05:54 9091584 c:\windows\assembly\NativeImages_v4.0.30319_32\System\57e066d0b97757dbd26d59302c3d701a\System.ni.dll
+ 2012-03-01 05:54 . 2012-03-01 05:54 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\68345d6b57fe33c9a94fe6a72ab5e85e\System.Xml.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b9942cb07813f553f6d6374dd4541362\System.Xaml.ni.dll
+ 2012-03-02 01:06 . 2012-03-02 01:06 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\c2ed38a4852d1795a28630b943132a8f\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-03-02 01:06 . 2012-03-02 01:06 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\ed3c3da0975b58d65c97de64ad12b67f\System.Web.Services.ni.dll
+ 2012-03-02 01:06 . 2012-03-02 01:06 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\ebf81a3c4b84173e4c261b53c36dc2c7\System.Speech.ni.dll
+ 2012-03-02 01:06 . 2012-03-02 01:06 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\bd56724925a1ac99f75696295cbb078a\System.ServiceModel.Discovery.ni.dll
+ 2012-03-02 01:06 . 2012-03-02 01:06 1393152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\1a9500e548a617a7ff96d4260554e4d5\System.ServiceModel.Activities.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\ca261c617636f2ff269d6233b19f97b8\System.Runtime.Serialization.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e4f2a7b1e685e937ccefac6ff0a36b27\System.Runtime.DurableInstancing.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\03109a409036c6e939bc9881f9e60b37\System.Printing.ni.dll
+ 2012-03-02 01:06 . 2012-03-02 01:06 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\eef171dee81858018c3956485fff7ba7\System.Management.ni.dll
+ 2012-03-02 01:06 . 2012-03-02 01:06 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\38f1dee7d3bebfb9bf83898f598ea4c2\System.IdentityModel.ni.dll
+ 2012-03-01 05:54 . 2012-03-01 05:54 1653248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c958d61dd28474ec780db9d18d266ae\System.Drawing.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\45e9729f55f25e4c70f7ea3cfc0a8087\System.DirectoryServices.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\d6ca9981841735085e10843bb7187573\System.Deployment.ni.dll
+ 2012-03-01 05:54 . 2012-03-01 05:54 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\b0df867e9242cf4d254ec8eb8da97332\System.Data.ni.dll
+ 2012-03-01 05:54 . 2012-03-01 05:54 2549760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\32fffd4b8760322bc2e35c2417676b7f\System.Data.SqlXml.ni.dll
+ 2012-03-02 01:05 . 2012-03-02 01:05 1344000 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\f4087e23c683a35e4628d9f829aaa41d\System.Data.Services.Client.ni.dll
+ 2012-03-01 05:55 . 2012-03-01 05:55 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\a791cec82d0c142b843025f25c8277f9\System.Data.Linq.ni.dll
+ 2012-03-01 05:54 . 2012-03-01 05:54 7069696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\b7409080f31b0a702281b68c37bac326\System.Core.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\004bf96bf646e4f1126b919316be5c2f\System.Activities.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\2456337e1ae6411ec64b9d18042d5c13\System.Activities.Presentation.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\3206d2885d46ae9513c1489d7bc97b9c\System.Activities.Core.Presentation.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\ccc1a34a0a532480e00219ca5645ffeb\ReachFramework.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\dee17bfe2a1b329bd8bb2199446dda83\PresentationUI.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\f1451a88d3bc4ab55d1cde85ceb4cd35\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\7a3431124b8ded91068710226c0a00d4\Microsoft.VisualBasic.ni.dll
+ 2012-03-02 01:04 . 2012-03-02 01:04 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\363a87c6f2b70055eb822596173ba1ac\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-03-02 01:03 . 2012-03-02 01:03 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\ba7e3823b1a01f31e53be9b57b392035\Microsoft.Transactions.Bridge.ni.dll
+ 2012-03-02 01:06 . 2012-03-02 01:06 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\ddba6895bf4a65312155228d9744c912\Microsoft.JScript.ni.dll
+ 2012-03-01 05:54 . 2012-03-01 05:54 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\409a7c3f32302875f33d0910cc484bac\Microsoft.CSharp.ni.dll
+ 2011-11-22 07:42 . 2011-11-22 07:42 33189888 c:\windows\Installer\a7a1f0.msp
+ 2012-03-01 05:54 . 2012-03-01 05:54 11880448 c:\windows\assembly\NativeImages_v4.0.30319_64\System\a9e29e892ad68ac0b88f0480746a0d0b\System.ni.dll
+ 2012-03-02 01:08 . 2012-03-02 01:08 10440704 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\e91a0d844afdda429e0fbd9814f41134\System.Core.ni.dll
+ 2012-03-02 03:55 . 2012-03-02 03:55 24406528 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\8a4ac50c706da226242a99b871c9f981\PresentationFramework.ni.dll
+ 2012-03-02 03:54 . 2012-03-02 03:54 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\b0adff19c63ba3b4be1cae43567af15d\PresentationCore.ni.dll
+ 2012-03-01 05:53 . 2012-03-01 05:53 19355648 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\d9d8d4f8fc868d07be41d4ffb46d7364\mscorlib.ni.dll
+ 2012-03-01 05:54 . 2012-03-01 05:54 13138944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\33eae86e0a5d9bcc4d0e4e469e2ac36a\System.Windows.Forms.ni.dll
+ 2012-03-02 01:06 . 2012-03-02 01:06 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a526845de91a382b6ea05b02eddc6f3e\System.ServiceModel.ni.dll
+ 2012-03-02 01:05 . 2012-03-02 01:05 13345792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\32e0d99cfda10e64d7583bb65444cab3\System.Data.Entity.ni.dll
+ 2012-03-01 05:55 . 2012-03-01 05:55 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bd3685e578c22d17625390d847973de0\PresentationFramework.ni.dll
+ 2012-03-01 05:55 . 2012-03-01 05:55 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\008fbb2e42b3c2569ff58d651575ff29\PresentationCore.ni.dll
+ 2012-03-01 05:54 . 2012-03-01 05:54 14414336 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e5b31f3bb6508df0dc7c20ddc72f3191\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-01-02 325728]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2012-01-21 1157240]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120229.002\IDSvia64.sys [2012-01-26 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 09:20]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 09:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.toshiba.ca/welcome
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 0.0.0.0:80
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254 75.153.176.1
FF - ProfilePath - c:\users\Loren Janina\AppData\Roaming\Mozilla\Firefox\Profiles\ekvgdjv7.Loren Janina\
FF - prefs.js: browser.startup.homepage - www.odb.org
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3017790401-2291089053-199566039-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3017790401-2291089053-199566039-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2012-03-01 21:03:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-02 04:03
ComboFix2.txt 2012-03-01 02:55
.
Pre-Run: 138,153,709,568 bytes free
Post-Run: 137,774,751,744 bytes free
.
- - End Of File - - 3588A76CCB7BD43832420FAF149C17B8

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:45 AM

Posted 02 March 2012 - 08:38 AM

Looking good.

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

What are the remaining issues with this computer?

#11 ljra101808

ljra101808
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 03 March 2012 - 07:59 PM

Results of screen317's Security Check version 0.99.31
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.5
Java™ 6 Update 30
Mozilla Firefox (10.0.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
WinPatrol winpatrol.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
BillP Studios WinPatrol WinPatrol.exe
``````````End of Log````````````

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:45 AM

Posted 04 March 2012 - 10:23 AM

Your logs are clean.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#13 ljra101808

ljra101808
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:04:45 AM

Posted 04 March 2012 - 02:52 PM

Alright I've done that now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users