Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE9 hijacked by SearchMagnified


  • This topic is locked This topic is locked
18 replies to this topic

#1 cdady

cdady

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 24 March 2012 - 02:30 PM

Hello,

Running IE9 on Windows 7 x64 with SP1. When I open IE, I am taken to a fake site, but my browser address bar shows I am connected to my home page. When I browse to another site, or I close my browser while on this fake home page, another browser windows pops up at shows me a SearchMagnified “results” page. I have tried some manual fixes that I have found, and have run MalwareBytes scans several times, but I have not been able to resolve this. Thank you for your help. Log files are below and attached.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by cdady at 14:22:49 on 2012-03-24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.7988.6490 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\sppsvc.exe
c:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://connections/
uInternet Settings,ProxyServer =
uInternet Settings,ProxyOverride =
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
Trusted Zone: lpl.com
Trusted Zone: lpl.com\branchnet
Trusted Zone: lpl.com\branchweb
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://71.5.104.166/CACHE/stc/1/binaries/vpnweb.cab
DPF: {62FA83F7-20EC-4D62-AC86-BAB705EE1CCD} - hxxp://wegmon1.weg-online.com/klc/resources/cab/LiveConnectX.cab
DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} - hxxps://kserver.wealthenhancement.com/inc/kaxRemote.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.81.96.130 209.81.96.49 74.127.128.30
TCP: Interfaces\{2215ECD4-A460-4121-99C5-EDB62B19DE83} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{45315A13-F0DB-4E08-AF7A-F0A707DD73F8} : DhcpNameServer = 10.1.1.10 10.1.18.10
TCP: Interfaces\{9E95CDC5-00A1-4959-B524-9476608F02DA} : DhcpNameServer = 209.81.96.130 209.81.96.49 74.127.128.30
TCP: Interfaces\{9E95CDC5-00A1-4959-B524-9476608F02DA}\157756374775966496 : DhcpNameServer = 192.168.9.1 64.134.255.2 64.134.255.10
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-1-12 50536]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-2-17 45496]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-1-12 74088]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-7-30 93032]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-2-17 114024]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-2-17 64440]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-12 2533400]
R2 USBMIDIAudioDevMon;USB MIDI Series Audio Device Monitor;C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [2010-4-13 1636872]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2008-12-10 417464]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys --> C:\Windows\system32\DRIVERS\Tvti2c.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS\lgandbus64.sys [?]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys --> C:\Windows\system32\DRIVERS\lganddiag64.sys [?]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys --> C:\Windows\system32\DRIVERS\lgandgps64.sys [?]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys --> C:\Windows\system32\DRIVERS\lgandmodem64.sys [?]
S3 AndNetDiag;LG AndroidNet USB Serial Port;C:\Windows\system32\DRIVERS\lgandnetdiag64.sys --> C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [?]
S3 AndNetGps;LG AndroidNet USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandnetgps64.sys --> C:\Windows\system32\DRIVERS\lgandnetgps64.sys [?]
S3 ANDNetModem;LG AndroidNet USB Modem;C:\Windows\system32\DRIVERS\lgandnetmodem64.sys --> C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [?]
S3 andnetndis;LG AndroidNet NDIS Ethernet Adapter;C:\Windows\system32\DRIVERS\lgandnetndis64.sys --> C:\Windows\system32\DRIVERS\lgandnetndis64.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 Ctxusbr;Citrix USB Redirection Driver;C:\Windows\system32\DRIVERS\ctxusbr.sys --> C:\Windows\system32\DRIVERS\ctxusbr.sys [?]
S3 ctxva51;Citrix Virtual Adapter;C:\Windows\system32\DRIVERS\ctxva51.sys --> C:\Windows\system32\DRIVERS\ctxva51.sys [?]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-1-12 155496]
S3 MAUSBMIDI;Service for M-Audio USB MIDI Series;C:\Windows\system32\DRIVERS\MAudioUSBMIDI.sys --> C:\Windows\system32\DRIVERS\MAudioUSBMIDI.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor\pcdsrvc_x64.pkms [2010-12-9 25072]
S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-1-12 79208]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-9-29 126392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-24 18:47:51 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4F184774-3BF1-4C7E-8350-483AF89A2A7C}\mpengine.dll
2012-03-24 16:14:30 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-24 16:11:22 -------- d-----w- C:\Users\cdady\AppData\Local\Google
2012-03-24 15:50:00 98816 ----a-w- C:\Windows\sed.exe
2012-03-24 15:50:00 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-24 15:50:00 256000 ----a-w- C:\Windows\PEV.exe
2012-03-24 15:50:00 208896 ----a-w- C:\Windows\MBR.exe
2012-03-19 02:15:47 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-19 02:10:16 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-19 02:10:16 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-19 02:10:16 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-19 02:07:50 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-19 02:07:49 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-19 02:06:16 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-19 02:06:15 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-19 02:06:14 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-19 01:55:42 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-19 01:55:41 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-19 01:55:41 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-03-19 01:55:41 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-19 01:55:40 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-27 21:51:02 -------- d-----w- C:\Program Files (x86)\Common Files\Citrix
2012-02-23 23:21:15 -------- d-----w- C:\Users\cdady\AppData\Roaming\Malwarebytes
2012-02-23 23:21:09 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-23 23:21:09 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-23 23:21:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-26 19:48:51 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-27 15:32:26 2471669 ----a-w- C:\Windows\SysWow64\WEGScreensaver.scr
.
============= FINISH: 14:24:15.45 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 AM

Posted 25 March 2012 - 12:31 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 cdady

cdady
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 25 March 2012 - 02:36 PM

Gringo,

Ran ComboFix as requested. It ran without issue. After it was done, I launched IE9, and I am still seeing the issue. It opens up to a fake home page, and then pops open a SearchMagnified "results" page when I close the browser or go to another site. Here is the ComboFix log:

ComboFix 12-03-22.01 - cdady 03/25/2012 14:20:32.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.7988.6331 [GMT -5:00]
Running from: c:\users\cdady\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))
.
.
2012-03-25 19:28 . 2012-03-25 19:28 -------- d-----w- c:\users\svcMonitor\AppData\Local\temp
2012-03-25 19:28 . 2012-03-25 19:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-25 19:28 . 2012-03-25 19:28 -------- d-----w- c:\users\christian\AppData\Local\temp
2012-03-25 19:13 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4F21FF6-8704-4D7E-A7D8-EB9AD3531DC9}\mpengine.dll
2012-03-24 18:50 . 2012-03-24 18:50 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-03-24 16:11 . 2012-03-24 16:13 -------- d-----w- c:\users\cdady\AppData\Local\Google
2012-03-19 02:15 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-19 02:10 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-19 02:10 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-19 02:10 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-19 02:07 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-19 02:07 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-19 02:06 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-19 02:06 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-19 02:06 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-19 01:55 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-19 01:55 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-19 01:55 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-19 01:55 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-19 01:55 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-27 21:51 . 2012-02-27 21:51 -------- d-----w- c:\program files (x86)\Common Files\Citrix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 03:27 . 2011-08-11 01:41 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-11 22:57 . 2012-02-11 22:58 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57CDF5B8-DA8B-4279-9D2F-9D4D3E0779D4}\gapaengine.dll
2012-01-31 12:44 . 2011-02-18 03:06 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-26 19:48 . 2012-01-26 19:48 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44 . 2012-02-14 21:35 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-14 21:35 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-14 21:35 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-14 21:35 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-14 21:35 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-27 15:32 . 2011-12-27 15:32 2471669 ----a-w- c:\windows\SysWow64\WEGScreensaver.scr
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-24_16.03.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-24 19:01 . 2012-03-24 19:01 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2012-03-24 19:01 . 2012-03-24 19:01 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2012-03-24 19:01 . 2012-03-24 19:01 54272 c:\windows\SysWOW64\pngfilt.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 48640 c:\windows\SysWOW64\mshtmler.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 11776 c:\windows\SysWOW64\mshta.exe
+ 2012-03-24 19:01 . 2012-03-24 19:01 10752 c:\windows\SysWOW64\msfeedssync.exe
+ 2012-03-24 19:01 . 2012-03-24 19:01 41472 c:\windows\SysWOW64\msfeedsbs.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 23552 c:\windows\SysWOW64\licmgr10.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 78848 c:\windows\SysWOW64\inseng.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 35840 c:\windows\SysWOW64\imgutil.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 86528 c:\windows\SysWOW64\iesysprep.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 74752 c:\windows\SysWOW64\iesetup.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 31744 c:\windows\SysWOW64\iernonce.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 74240 c:\windows\SysWOW64\ie4uinit.exe
+ 2012-03-24 19:01 . 2012-03-24 19:01 66048 c:\windows\SysWOW64\icardie.dll
- 2009-07-14 04:54 . 2012-03-24 15:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-24 19:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-24 15:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-24 19:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-24 15:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-24 19:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-12 19:03 . 2012-03-24 19:22 37998 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-24 19:22 40424 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-24 19:01 . 2012-03-24 19:01 91648 c:\windows\system32\SetIEInstalledDate.exe
+ 2012-03-24 19:01 . 2012-03-24 19:01 89088 c:\windows\system32\RegisterIEPKEYs.exe
+ 2012-03-24 19:01 . 2012-03-24 19:01 65024 c:\windows\system32\pngfilt.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 48640 c:\windows\system32\mshtmler.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 96256 c:\windows\system32\mshtmled.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 12288 c:\windows\system32\mshta.exe
+ 2012-03-24 19:01 . 2012-03-24 19:01 10752 c:\windows\system32\msfeedssync.exe
+ 2012-03-24 19:01 . 2012-03-24 19:01 55296 c:\windows\system32\msfeedsbs.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 30720 c:\windows\system32\licmgr10.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 85504 c:\windows\system32\jsproxy.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 49664 c:\windows\system32\imgutil.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 85504 c:\windows\system32\iesetup.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 39936 c:\windows\system32\iernonce.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 89088 c:\windows\system32\ie4uinit.exe
+ 2012-03-24 19:01 . 2012-03-24 19:01 82432 c:\windows\system32\icardie.dll
+ 2011-02-18 06:45 . 2012-03-24 22:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-18 06:45 . 2012-03-24 15:38 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-18 06:45 . 2012-03-24 22:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-18 06:45 . 2012-03-24 15:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-24 15:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-24 22:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-18 10:54 . 2012-03-24 16:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-18 10:54 . 2012-03-24 16:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-03-24 19:22 96784 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-02-18 10:54 . 2012-03-24 16:14 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-18 10:54 . 2012-03-24 16:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-18 10:54 . 2012-03-24 16:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-18 10:54 . 2012-03-24 16:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-18 04:01 . 2012-03-24 19:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-18 04:01 . 2012-03-24 16:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-18 04:01 . 2012-03-24 16:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-18 04:01 . 2012-03-24 19:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-22 04:57 . 2011-11-22 04:57 68880 c:\windows\Microsoft.NET\Framework64\v4.0.30319\nlssorting.dll
+ 2011-11-22 03:31 . 2011-11-22 03:31 57616 c:\windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-02-18 03:19 . 2012-03-19 02:18 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-02-18 03:19 . 2012-03-24 18:50 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-02-18 03:19 . 2012-03-19 02:18 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-02-18 03:19 . 2012-03-24 18:50 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-02-18 03:19 . 2012-03-24 18:50 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-02-18 03:19 . 2012-03-19 02:18 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-07-24 16:50 . 2006-07-24 16:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6612\VBAME.DLL
+ 2006-07-24 16:50 . 2006-07-24 16:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6612\MSADDNDR.DLL
+ 2011-02-18 03:19 . 2011-02-18 03:19 35648 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\OLCTLPIA.DLL
+ 2009-04-02 18:01 . 2009-04-02 18:01 56680 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\EXP_XPS.DLL
+ 2009-04-04 00:46 . 2009-04-04 00:46 97640 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\EXP_PDF.DLL
+ 2006-10-27 02:13 . 2006-10-27 02:13 56192 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACECNFLT.EXE
+ 2012-03-24 18:54 . 2012-03-24 18:54 10240 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\f137c53afae3903f20eba1fa0f8f8dad\System.Xml.Serialization.ni.dll
+ 2012-03-24 18:54 . 2012-03-24 18:54 43520 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Pres#\ef151d5b49d8b0d0052d05fc56d25107\System.Windows.Presentation.ni.dll
+ 2012-03-24 18:54 . 2012-03-24 18:54 86016 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Applicat#\c5b08a1a9a7a97922af50f30b5e32268\System.Web.ApplicationServices.ni.dll
+ 2012-03-24 18:53 . 2012-03-24 18:53 97792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn.Contra#\5b53a87f7799ee5454e4fb8faece3a82\System.AddIn.Contract.ni.dll
+ 2012-03-24 18:51 . 2012-03-24 18:51 14336 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualC\a4e98103e5d36bf22ef19c64442543f2\Microsoft.VisualC.ni.dll
+ 2012-03-24 18:50 . 2012-03-24 18:50 10752 c:\windows\assembly\NativeImages_v4.0.30319_64\dfsvc\cbd21f19057f07ec2cb55b2bef91f344\dfsvc.ni.exe
+ 2012-03-24 18:50 . 2012-03-24 18:50 58368 c:\windows\assembly\NativeImages_v4.0.30319_64\Accessibility\52890eb2a4f8d822bff7e9cddc713fb5\Accessibility.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 96768 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\8dd565cc0b374e1eec73cf7eaba91e92\UIAutomationProvider.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\077e75015456f75a0495f65cfcf140cb\System.Windows.Presentation.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\22a9aa847a8e4e651a35b63270ce8999\System.Web.ApplicationServices.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fdeb5ca04943da59f732d3001d6a0df0\System.ServiceModel.Channels.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\9688786618bf6390637c283b5bd1c9b3\System.AddIn.Contract.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 11776 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\6ffc3ac04451b4978519218fd266403e\Microsoft.VisualC.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 44544 c:\windows\assembly\NativeImages_v4.0.30319_32\Accessibility\8cbc15b63aa3f06453f1aaa8659cf809\Accessibility.ni.dll
+ 2012-03-24 18:49 . 2012-03-24 18:49 11144 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2012-03-24 18:49 . 2012-03-24 18:49 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
- 2011-02-18 03:29 . 2011-02-18 03:29 63336 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2012-03-24 18:49 . 2012-03-24 18:49 34696 c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2011-08-31 15:10 . 2012-03-24 16:13 3668 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-08-15 14:52 . 2012-03-24 19:22 5444 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2012079050-4074748360-831848816-1822_UserData.bin
+ 2012-03-24 19:19 . 2012-03-24 19:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-24 15:59 . 2012-03-24 15:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-24 19:19 . 2012-03-24 19:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-24 15:59 . 2012-03-24 15:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-24 18:56 . 2012-03-24 18:56 9216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\6bafe185b3d23de57ec689035642fe43\System.Xml.Serialization.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 9728 c:\windows\assembly\NativeImages_v4.0.30319_32\dfsvc\592252ee904bd41f99cd1d19909b548c\dfsvc.ni.exe
+ 2012-03-24 19:01 . 2012-03-24 19:01 152064 c:\windows\SysWOW64\wextract.exe
+ 2012-03-24 19:01 . 2012-03-24 19:01 203776 c:\windows\SysWOW64\webcheck.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 420864 c:\windows\SysWOW64\vbscript.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 231936 c:\windows\SysWOW64\url.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 123392 c:\windows\SysWOW64\occache.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 162304 c:\windows\SysWOW64\msrating.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 161792 c:\windows\SysWOW64\msls31.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 580608 c:\windows\SysWOW64\msfeeds.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 716800 c:\windows\SysWOW64\jscript.dll
- 2012-01-11 20:19 . 2011-10-14 04:24 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 150528 c:\windows\SysWOW64\iexpress.exe
+ 2012-03-24 19:01 . 2012-03-24 19:01 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2012-02-14 21:35 . 2011-12-16 07:52 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 118784 c:\windows\SysWOW64\iepeers.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 353584 c:\windows\SysWOW64\iedkcs32.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 434176 c:\windows\SysWOW64\ieapfltr.dll
- 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 163840 c:\windows\SysWOW64\ieakui.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 227840 c:\windows\SysWOW64\ieaksie.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 130560 c:\windows\SysWOW64\ieakeng.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 110592 c:\windows\SysWOW64\IEAdvpack.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 223232 c:\windows\SysWOW64\dxtrans.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 353792 c:\windows\SysWOW64\dxtmsft.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 101888 c:\windows\SysWOW64\admparse.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 160256 c:\windows\system32\wextract.exe
+ 2012-03-24 19:01 . 2012-03-24 19:01 249344 c:\windows\system32\webcheck.dll
+ 2011-02-18 08:41 . 2012-03-25 19:00 380790 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2012-03-24 19:01 . 2012-03-24 19:01 603648 c:\windows\system32\vbscript.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 237056 c:\windows\system32\url.dll
- 2009-07-14 02:36 . 2012-03-24 15:34 626512 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-24 19:25 626512 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-24 19:25 107756 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-24 15:34 107756 c:\windows\system32\perfc009.dat
+ 2012-03-24 19:01 . 2012-03-24 19:01 149504 c:\windows\system32\occache.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 197120 c:\windows\system32\msrating.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 222208 c:\windows\system32\msls31.dll
- 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 697344 c:\windows\system32\msfeeds.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 818688 c:\windows\system32\jscript.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 103936 c:\windows\system32\inseng.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 165888 c:\windows\system32\iexpress.exe
+ 2012-03-24 19:01 . 2012-03-24 19:01 173056 c:\windows\system32\ieUnatt.exe
+ 2012-03-24 19:01 . 2012-03-24 19:01 248320 c:\windows\system32\ieui.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 111616 c:\windows\system32\iesysprep.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 145920 c:\windows\system32\iepeers.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 403248 c:\windows\system32\iedkcs32.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 534528 c:\windows\system32\ieapfltr.dll
- 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 163840 c:\windows\system32\ieakui.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 267776 c:\windows\system32\ieaksie.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 160256 c:\windows\system32\ieakeng.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 135168 c:\windows\system32\IEAdvpack.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 282112 c:\windows\system32\dxtrans.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 452608 c:\windows\system32\dxtmsft.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 114176 c:\windows\system32\admparse.dll
- 2009-07-14 05:01 . 2012-03-24 15:58 409644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-24 19:19 409644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-22 04:57 . 2011-11-22 04:57 598784 c:\windows\Microsoft.NET\Framework64\v4.0.30319\SOS.dll
+ 2011-11-22 03:31 . 2011-11-22 03:31 518400 c:\windows\Microsoft.NET\Framework\v4.0.30319\SOS.dll
+ 2011-11-22 03:31 . 2011-11-22 03:31 957200 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordbi.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2011-02-18 04:20 . 2011-02-18 04:20 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2012-03-24 18:48 . 2012-03-24 18:48 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2011-02-18 03:19 . 2012-03-19 02:18 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-02-18 03:19 . 2012-03-24 18:50 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-02-18 03:19 . 2012-03-24 18:50 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2011-02-18 03:19 . 2012-03-19 02:18 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-02-18 03:19 . 2012-03-24 18:50 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2011-02-18 03:19 . 2012-03-19 02:18 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-02-18 03:19 . 2012-03-24 18:50 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2011-02-18 03:19 . 2012-03-19 02:18 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2011-02-18 03:19 . 2012-03-19 02:18 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2011-02-18 03:19 . 2012-03-24 18:50 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2011-02-18 03:19 . 2012-03-19 02:18 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-02-18 03:19 . 2012-03-24 18:50 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2007-06-08 01:51 . 2007-06-08 01:51 125320 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6612\SSGEN.DLL
+ 2007-06-08 01:51 . 2007-06-08 01:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6612\OUTLFLTR.DLL
+ 2008-03-19 12:27 . 2008-03-19 12:27 661536 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6612\OGALEGIT.DLL
+ 2006-07-24 16:50 . 2006-07-24 16:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6612\MSSTDFMT.DLL
+ 2008-10-25 12:18 . 2008-10-25 12:18 172880 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6612\IEAWSDC.DLL
+ 2006-10-27 21:35 . 2006-10-27 21:35 436512 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\UMOUTLOOKADDIN.DLL
+ 2006-10-27 02:13 . 2006-10-27 02:13 764800 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.4518\ACECNF.DLL
+ 2012-03-24 18:54 . 2012-03-24 18:54 336896 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\d05858dd730eef93a5e4a3cc88dd4ec3\WindowsFormsIntegration.ni.dll
+ 2012-03-24 18:52 . 2012-03-24 18:52 231424 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationTypes\b2a2a1fb4e1313088250b334b3af2a15\UIAutomationTypes.ni.dll
+ 2012-03-24 18:52 . 2012-03-24 18:52 122368 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationProvider\89414bab411eb27c7c181df81b4d36a5\UIAutomationProvider.ni.dll
+ 2012-03-24 18:54 . 2012-03-24 18:54 645120 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClient\cd55f47d44c3695862bc047b8e86fcd3\UIAutomationClient.ni.dll
+ 2012-03-24 18:52 . 2012-03-24 18:52 528896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml.Linq\910d557d55f4fc7bb51ace0546bd3c50\System.Xml.Linq.ni.dll
+ 2012-03-24 18:52 . 2012-03-24 18:52 256000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Inpu#\dcb9e1eaa1491094f79c3288b8c78830\System.Windows.Input.Manipulations.ni.dll
+ 2012-03-24 18:52 . 2012-03-24 18:52 903168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Transactions\922f3f17f5112441e77f9d3d56d5b753\System.Transactions.ni.dll
+ 2012-03-24 18:54 . 2012-03-24 18:54 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\73874670b92afbde73b23e8a1200eede\System.ServiceProcess.ni.dll
+ 2012-03-24 18:54 . 2012-03-24 18:54 517120 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\909c8d76773648809478644ac50a21eb\System.ServiceModel.Routing.ni.dll
+ 2012-03-24 18:54 . 2012-03-24 18:54 108032 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\26db69101f5bcf148fd962f00c0e78dd\System.ServiceModel.Channels.ni.dll
+ 2012-03-24 18:50 . 2012-03-24 18:50 946688 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Security\878946615037b9d5f09916c598420dc1\System.Security.ni.dll
+ 2012-03-24 18:52 . 2012-03-24 18:52 376832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\73cc698ccc98e37f53cdbff3687a921c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-03-24 18:52 . 2012-03-24 18:52 987648 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Remo#\b73b4f0282ef46505b3e59702ded433b\System.Runtime.Remoting.ni.dll
+ 2012-03-24 18:50 . 2012-03-24 18:50 176640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\8064e773b9addf027658899e27e94c7b\System.Numerics.ni.dll
+ 2012-03-24 18:53 . 2012-03-24 18:53 933376 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Net\a46d5472536da900435885b28a19eda8\System.Net.ni.dll
+ 2012-03-24 18:53 . 2012-03-24 18:53 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\ae0089b9135614de304ebe288fa6fca8\System.Messaging.ni.dll
+ 2012-03-24 18:53 . 2012-03-24 18:53 521728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management.I#\3ad050d3f47352421e05b7707ddd3524\System.Management.Instrumentation.ni.dll
+ 2012-03-24 18:53 . 2012-03-24 18:53 531456 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IO.Log\87efa405cd384d2c47380467fcd7ea86\System.IO.Log.ni.dll
+ 2012-03-24 18:53 . 2012-03-24 18:53 290816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityMode#\50ccc897ad714e66f750ca1e51e0ffde\System.IdentityModel.Selectors.ni.dll
+ 2012-03-24 18:52 . 2012-03-24 18:52 348672 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.Wrapper.dll
+ 2012-03-24 18:50 . 2012-03-24 18:50 512000 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Dynamic\cbc3e5d028dd347a294096f068a053d4\System.Dynamic.ni.dll
+ 2012-03-24 18:53 . 2012-03-24 18:53 632832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\1ae0a8a9eb92ccaf900f5911740b2c3c\System.DirectoryServices.Protocols.ni.dll
+ 2012-03-24 18:53 . 2012-03-24 18:53 141824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Device\9edded64312f5cbae54a093eca246aaa\System.Device.ni.dll
+ 2012-03-24 18:53 . 2012-03-24 18:53 176128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.DataSet#\db296a100034c7dee5f80219f0542df7\System.Data.DataSetExtensions.ni.dll
+ 2012-03-24 18:53 . 2012-03-24 18:53 181760 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuratio#\0f771cbf8b32ae1618f4cd4266337b3c\System.Configuration.Install.ni.dll
+ 2012-03-24 18:53 . 2012-03-24 18:53 255488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\501ad39b1ef6f43e8dc92a4efa7c35ea\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-03-24 18:53 . 2012-03-24 18:53 865792 c:\windows\assembly\NativeImages_v4.0.30319_64\System.AddIn\f8c6e4854178bb4d928c8aec1c04648d\System.AddIn.ni.dll
+ 2012-03-24 18:52 . 2012-03-24 18:52 560640 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.D#\3503e3c2a87db97b720c0ed8a5d59f61\System.Activities.DurableInstancing.ni.dll
+ 2012-03-24 18:50 . 2012-03-24 18:50 432128 c:\windows\assembly\NativeImages_v4.0.30319_64\SMSvcHost\30cf4fc2c247cf490879f5436c63017c\SMSvcHost.ni.exe
+ 2012-03-24 18:52 . 2012-03-24 18:52 185344 c:\windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\b4f75962376771b6b6d39279d780abba\SMDiagnostics.ni.dll
+ 2012-03-24 18:51 . 2012-03-24 18:51 428032 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\eaca48940ac6976d39d5de4d5b42fed6\PresentationFramework.Royale.ni.dll
+ 2012-03-24 18:51 . 2012-03-24 18:51 802304 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\bdb41ce9ab6d561ddb8107255daaee30\PresentationFramework.Luna.ni.dll
+ 2012-03-24 18:51 . 2012-03-24 18:51 622592 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\78310f7eef84b5f9ca4bf32798bd77f9\PresentationFramework.Aero.ni.dll
+ 2012-03-24 18:51 . 2012-03-24 18:51 349184 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\64b86aebea22fd357f22384757caed3f\PresentationFramework.Classic.ni.dll
+ 2012-03-24 18:51 . 2012-03-24 18:51 422400 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\480ae0610a44148c6532d3d134f9956f\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-03-24 18:51 . 2012-03-24 18:51 600064 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\16bf3be602620d349b25e6c2d08199a3\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-03-24 18:50 . 2012-03-24 18:50 279552 c:\windows\assembly\NativeImages_v4.0.30319_64\CustomMarshalers\f6b9abf9cd43524102ad9be82b7136d0\CustomMarshalers.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\d5a18f2355101b19f23ff2f31d1d1e17\WindowsFormsIntegration.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 196096 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\9562374f940f41cdc64d88268d543f0b\UIAutomationTypes.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\641eec5b274fe3972d02892607f9b650\UIAutomationClient.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 393216 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\295b3156b838ca161a64a5456522438b\System.Xml.Linq.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 189440 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\0b68854406b775365c6d91e87813c2dc\System.Windows.Input.Manipulations.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 649728 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5e3cf00b80c0aecd8392f1702d2d0f28\System.Transactions.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\bf0b3689dd5e261097f2feb2ed0103e8\System.ServiceProcess.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 369664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d3d9c582c7cd77f17fd93167dc462242\System.ServiceModel.Routing.ni.dll
+ 2012-03-24 18:47 . 2012-03-24 18:47 736768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\c1127f26363bea39c40707b9ddb6bbb9\System.Security.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 311296 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\7b17528dffe47d9b17be6086a575a516\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 762880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\533deafc53346179cd118acc874752a3\System.Runtime.Remoting.ni.dll
+ 2012-03-24 18:47 . 2012-03-24 18:47 145408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\3ce3d5b8126cda36b3dbd3535f249890\System.Numerics.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 657408 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\965e2749489298cc85387f44f76a40f2\System.Net.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\f5333e6e06a2d476f93b0880c5e7fd14\System.Messaging.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\1bff2d3e952c2160ba0c790d2342a601\System.Management.Instrumentation.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\e6cb98078120266f5310adf0f45aa7df\System.IO.Log.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 229888 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\22dadf930ad449894633480562d6c913\System.IdentityModel.Selectors.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.Wrapper.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 787456 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.ni.dll
+ 2012-03-24 18:47 . 2012-03-24 18:47 377856 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\cbb6e9a9b075d9f6fa303e3eef4c0ffd\System.Dynamic.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\e25cc7918b583b3beffcad52920eae29\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 470528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\a3be39ae9813098aa81430dd507d22ca\System.DirectoryServices.Protocols.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\4975f93d2055b33bd7a91d6f05628e2a\System.Device.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\42d3d301d2adef24edeb3b775fbe3a4b\System.Data.DataSetExtensions.ni.dll
+ 2012-03-24 18:47 . 2012-03-24 18:47 982528 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\e844f0d4cf703c2e97515ed020331b76\System.Configuration.Install.ni.dll
+ 2012-03-24 18:47 . 2012-03-24 18:47 693760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\a92c1bd4d32fbbc54134fc40d2f97389\System.ComponentModel.Composition.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\9b418b211d6207feafcdc27027d26036\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\a4cfba8e3500f8387fe5924b940983be\System.AddIn.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 411136 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\520d0ed9f48c121fbe79bda6fc176b74\System.Activities.DurableInstancing.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\98ec8a39382e6eee39845bd4759ecf04\SMSvcHost.ni.exe
+ 2012-03-24 18:55 . 2012-03-24 18:55 143360 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3b905cdec5960d51e5bdc7030b005c09\SMDiagnostics.ni.dll
+ 2012-03-24 18:47 . 2012-03-24 18:47 309760 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\94d89db071d382d9ba0bc6381669b85f\PresentationFramework.Classic.ni.dll
+ 2012-03-24 18:47 . 2012-03-24 18:47 595968 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8b8a5c194aacfb2102d4e26b75a84e03\PresentationFramework.Aero.ni.dll
+ 2012-03-24 18:47 . 2012-03-24 18:47 387072 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\443c3fae1f6f0588a542ddc1c02c1be1\PresentationFramework.Royale.ni.dll
+ 2012-03-24 18:47 . 2012-03-24 18:47 755712 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\273034086c19b92034c9f2896724ac33\PresentationFramework.Luna.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\cdd04b14b9dd6ced2e2572a044c3c57e\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\5958d9610eb58adb2b62153492a7c27e\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\e3e1fd8ccf76e9eb0147484fb8dd773a\CustomMarshalers.ni.dll
+ 2012-03-24 18:49 . 2012-03-24 18:49 608136 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2012-03-24 18:49 . 2012-03-24 18:49 117160 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
- 2011-02-18 03:29 . 2011-02-18 03:29 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2012-03-24 18:49 . 2012-03-24 18:49 870256 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2012-03-24 18:49 . 2012-03-24 18:49 149368 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 1127424 c:\windows\SysWOW64\wininet.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 1798656 c:\windows\SysWOW64\jscript9.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 1792000 c:\windows\SysWOW64\iertutil.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 9705472 c:\windows\SysWOW64\ieframe.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 3695416 c:\windows\SysWOW64\ieapfltr.dat
+ 2011-07-07 07:28 . 2011-07-07 07:28 1193320 c:\windows\SysWOW64\FM20.DLL
+ 2012-03-24 19:01 . 2012-03-24 19:01 1390080 c:\windows\system32\wininet.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 1345536 c:\windows\system32\urlmon.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 2308096 c:\windows\system32\jscript9.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 2144256 c:\windows\system32\iertutil.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 3695416 c:\windows\system32\ieapfltr.dat
- 2009-07-14 04:45 . 2012-03-19 02:33 7586231 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-03-24 19:22 7586231 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-01-12 19:21 . 2012-03-24 19:19 5982208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-01-12 19:21 . 2012-03-24 15:58 5982208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-11-22 03:31 . 2011-11-22 03:31 3512072 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.dll
+ 2011-11-22 04:57 . 2011-11-22 04:57 4970768 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorlib.dll
+ 2011-11-22 04:57 . 2011-11-22 04:57 1455376 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordbi.dll
+ 2011-11-22 04:57 . 2011-11-22 04:57 1515792 c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscordacwks.dll
+ 2011-11-22 04:57 . 2011-11-22 04:57 9793280 c:\windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
+ 2011-11-22 03:31 . 2011-11-22 03:31 3512072 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.dll
+ 2011-11-22 03:31 . 2011-11-22 03:31 5201168 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
+ 2011-11-22 03:31 . 2011-11-22 03:31 1143568 c:\windows\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll
+ 2011-11-22 03:31 . 2011-11-22 03:31 6727424 c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-03-19 02:12 . 2012-03-19 02:12 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2011-09-15 23:40 . 2011-09-15 23:40 7959552 c:\windows\Installer\8a2760.msp
+ 2011-09-15 23:34 . 2011-09-15 23:34 8499712 c:\windows\Installer\8a2742.msp
+ 2011-09-15 23:35 . 2011-09-15 23:35 1411072 c:\windows\Installer\8a2599.msp
- 2011-02-18 03:19 . 2012-03-19 02:18 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-02-18 03:19 . 2012-03-24 18:50 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-02-18 03:19 . 2012-03-19 02:18 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-02-18 03:19 . 2012-03-24 18:50 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-10-10 05:10 . 2009-10-10 05:10 2594632 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6612\VBE6.DLL
+ 2012-03-24 18:51 . 2012-03-24 18:51 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\02198c29552545c7d7e7a95ab39488e5\WindowsBase.ni.dll
+ 2012-03-24 18:54 . 2012-03-24 18:54 1430016 c:\windows\assembly\NativeImages_v4.0.30319_64\UIAutomationClients#\d1d48cd30cd275b06fad70778798cae7\UIAutomationClientsideProviders.ni.dll
+ 2012-03-24 18:50 . 2012-03-24 18:50 7037952 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xml\ecdcf3d1d7bc90546464d70a4bee843d\System.Xml.ni.dll
+ 2012-03-24 18:52 . 2012-03-24 18:52 2449408 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml\3a9670f473f8f9291ca256d9a15fc281\System.Xaml.ni.dll
+ 2012-03-24 18:54 . 2012-03-24 18:54 5627904 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\455d5edfdc989057a8fea7bc88a02ef6\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-03-24 18:54 . 2012-03-24 18:54 2236416 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\bd044dc068adc34e430faa820e5c5e44\System.Web.Services.ni.dll
+ 2012-03-24 18:54 . 2012-03-24 18:54 2735616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Speech\561e5a115d6d7ade93236df74d61af84\System.Speech.ni.dll
+ 2012-03-24 18:54 . 2012-03-24 18:54 1918976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\4606cac0ba2d406b4ddefca21a3db1eb\System.ServiceModel.Activities.ni.dll
+ 2012-03-24 18:54 . 2012-03-24 18:54 1579008 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel#\28b5d075cf252a24a6b007ff5941dce1\System.ServiceModel.Discovery.ni.dll
+ 2012-03-24 18:52 . 2012-03-24 18:52 3412992 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\1a361129f93a8190d8797b7c680baecc\System.Runtime.Serialization.ni.dll
+ 2012-03-24 18:52 . 2012-03-24 18:52 1348096 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Runtime.Dura#\2c57eff357f1bc56d0367f04adcf6d76\System.Runtime.DurableInstancing.ni.dll
+ 2012-03-24 18:52 . 2012-03-24 18:52 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\7668fa73a73410f2e00d341a8684e28a\System.Printing.ni.dll
+ 2012-03-24 18:53 . 2012-03-24 18:53 1470464 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Management\2280764a011295483642b17fe5d2b1f7\System.Management.ni.dll
+ 2012-03-24 18:53 . 2012-03-24 18:53 1416192 c:\windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\a77730a57cc54142f1ecbb1e85060e5f\System.IdentityModel.ni.dll
+ 2012-03-24 18:52 . 2012-03-24 18:52 1098752 c:\windows\assembly\NativeImages_v4.0.30319_64\System.EnterpriseSe#\7b06b84cb3b99a3ab22adb2a3f6376e6\System.EnterpriseServices.ni.dll
+ 2012-03-24 18:52 . 2012-03-24 18:52 2290176 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\5b5fe518d1a632afaae9f24dd18cee2f\System.Drawing.ni.dll
+ 2012-03-24 18:53 . 2012-03-24 18:53 1217024 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\60390cb3abc6f1d85a572c156d39fc02\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-03-24 18:52 . 2012-03-24 18:52 1622528 c:\windows\assembly\NativeImages_v4.0.30319_64\System.DirectorySer#\5eaf17b571cf9fb6f159a0c92d6244ab\System.DirectoryServices.ni.dll
+ 2012-03-24 18:52 . 2012-03-24 18:52 2402816 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\0ce1b3a9a0192c2cdb16d848e78e6688\System.Deployment.ni.dll
+ 2012-03-24 18:52 . 2012-03-24 18:52 8601600 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data\ca4a0bde02b2eb73d2e9f22925719ecf\System.Data.ni.dll
+ 2012-03-24 18:50 . 2012-03-24 18:50 3390976 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\657b967b5fd7819f273f5704197ce97e\System.Data.SqlXml.ni.dll
+ 2012-03-24 18:53 . 2012-03-24 18:53 1799168 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Service#\930a4b48234d358f2758f075be0684c5\System.Data.Services.Client.ni.dll
+ 2012-03-24 18:53 . 2012-03-24 18:53 3386880 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Linq\0ba3ab7e136a52fcba260ad7893ede32\System.Data.Linq.ni.dll
+ 2012-03-24 18:50 . 2012-03-24 18:50 1257472 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\c24ce44b45c0e0c0961a9755f192eb3a\System.Configuration.ni.dll
+ 2012-03-24 18:53 . 2012-03-24 18:53 1007616 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ComponentMod#\5a66bc1859e864d87b81e31438a5f07d\System.ComponentModel.Composition.ni.dll
+ 2012-03-24 18:52 . 2012-03-24 18:52 5695488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities\f25d1dde40ef0128d9e5163d142bd2e2\System.Activities.ni.dll
+ 2012-03-24 18:53 . 2012-03-24 18:53 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\26671ab09e54e0ecfd23012e32cb6383\System.Activities.Presentation.ni.dll
+ 2012-03-24 18:52 . 2012-03-24 18:52 2064896 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.C#\e9f6686e336507594e33cad6ed7814cd\System.Activities.Core.Presentation.ni.dll
+ 2012-03-24 18:52 . 2012-03-24 18:52 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\9c49a7b6fb133a307e3804ca7ba35d16\ReachFramework.ni.dll
+ 2012-03-24 18:52 . 2012-03-24 18:52 2056192 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\68d02e44d8b1f23c21a116119fbb65d0\PresentationUI.ni.dll
+ 2012-03-24 18:51 . 2012-03-24 18:51 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\1903f5de0c7c33993c55319d4fc3062e\Microsoft.VisualBasic.ni.dll
+ 2012-03-24 18:51 . 2012-03-24 18:51 1623040 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\15b88fefd6d638f01856a68c14e2ab9b\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-03-24 18:51 . 2012-03-24 18:51 1843200 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\10bfd23b78a3492727e8b11e2fcbb990\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-03-24 18:50 . 2012-03-24 18:50 1526784 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Transacti#\2d92f0cffe052f601c1bca1f52425fef\Microsoft.Transactions.Bridge.ni.dll
+ 2012-03-24 18:53 . 2012-03-24 18:53 3313664 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.JScript\0fbfc1087f7622c5b6b06f88fce1a45e\Microsoft.JScript.ni.dll
+ 2012-03-24 18:50 . 2012-03-24 18:50 2009600 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.CSharp\83f53b455553f5ad67e756f6762dc3b4\Microsoft.CSharp.ni.dll
+ 2012-03-24 18:47 . 2012-03-24 18:47 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef8c44c3c8766f219f576faab54c8dc7\WindowsBase.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\0f5df23e9f268e9ff4c8033f9865a12a\UIAutomationClientsideProviders.ni.dll
+ 2012-03-24 18:47 . 2012-03-24 18:47 9091584 c:\windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
+ 2012-03-24 18:47 . 2012-03-24 18:47 5617664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 1782272 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ae31d46211440b11a9e66c3ba1a4e7ff\System.Xaml.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 4545024 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\d6c84e888c7f465844a8ae0e6470e05c\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 1885696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b60e888b3b9e41d46dcbd34d9fae80d6\System.Web.Services.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 2012160 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\90de8ba8101001c8845439cd5f9a76eb\System.Speech.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 1393152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8c12f469cbd6b8d9718c64a4b2c96d47\System.ServiceModel.Activities.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 1140736 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\746651ce870c2f9cd43bc7246154f81a\System.ServiceModel.Discovery.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 2647040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\a14816d568ee8c7cc9f9923d979d682d\System.Runtime.Serialization.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 1021952 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\d6b9e13a40ed53cfc10e04c023c62a49\System.Runtime.DurableInstancing.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\1141220aff69c63f638ab64e5b0186bc\System.Printing.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\dfd9cbfccfadcf84406398a9d83ab4f4\System.Management.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 1072640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\2a4589aeec877df58cbbcd633bc18fb6\System.IdentityModel.ni.dll
+ 2012-03-24 18:47 . 2012-03-24 18:47 1653248 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\aa90407cafb9b4a0dc5e3fdff170fee9\System.Drawing.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 1172992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\6bd4a77663c0e708e0827be849906fdc\System.DirectoryServices.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 1879040 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\84d9ec8b14f9731797c51d31cae12d87\System.Deployment.ni.dll
+ 2012-03-24 18:47 . 2012-03-24 18:47 6815232 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\4a1e0e4ec906686357466a5881de605e\System.Data.ni.dll
+ 2012-03-24 18:47 . 2012-03-24 18:47 2549760 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.SqlXml\67ccf8c95fb30e4dcbe3f1eae1f72d00\System.Data.SqlXml.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 1344000 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\4b28434c73ac4229c7ae7c4f0598e25f\System.Data.Services.Client.ni.dll
+ 2012-03-24 18:47 . 2012-03-24 18:47 2517504 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\f5cc7fbaadd22a9278512102cd30eb3a\System.Data.Linq.ni.dll
+ 2012-03-24 18:47 . 2012-03-24 18:47 7069696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 4129792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\7bbd2b637fbe2a5b17a16cd4fcc3c3ca\System.Activities.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\a479b22107e8fe08689d840a3a1a77e9\System.Activities.Presentation.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 1547264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\819fccf9934ef29a6078d4accbf9ea0c\System.Activities.Core.Presentation.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\073c60e5566fdaab702636f1474233b0\ReachFramework.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 1640448 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\7194eb8e3da784ae30566a64569314a4\PresentationUI.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 1139200 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e0ea9e02e609e08602bed4392d0e08d7\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\9150a80d10ec86440aa59f6fe4b73f9d\Microsoft.VisualBasic.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 1172480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1ae1a98af2c7d3e68c7525bf1395fa61\Microsoft.VisualBasic.Activities.Compiler.ni.dll
+ 2012-03-24 18:55 . 2012-03-24 18:55 1085952 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\fb09c8733a8ef9292079399b25d5d973\Microsoft.Transactions.Bridge.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\8b1e797d9c7f5ef773c150e15b07a087\Microsoft.JScript.ni.dll
+ 2012-03-24 18:47 . 2012-03-24 18:47 1616384 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\a263b12a7f89cd41ef8ea216dcd1e854\Microsoft.CSharp.ni.dll
+ 2012-03-24 18:49 . 2012-03-24 18:49 1279864 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 12282368 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2012-03-24 19:19 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-03-19 02:29 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-03-24 19:01 . 2012-03-24 19:01 17790464 c:\windows\system32\mshtml.dll
+ 2012-03-24 19:01 . 2012-03-24 19:01 10887168 c:\windows\system32\ieframe.dll
+ 2011-09-15 23:39 . 2011-09-15 23:39 11163136 c:\windows\Installer\8a2757.msp
+ 2011-09-15 23:38 . 2011-09-15 23:38 10838528 c:\windows\Installer\8a274c.msp
+ 2011-09-15 23:37 . 2011-09-15 23:37 16691712 c:\windows\Installer\8a25a0.msp
+ 2011-09-15 23:37 . 2011-09-15 23:37 34428416 c:\windows\Installer\8a259a.msp
+ 2011-11-22 05:42 . 2011-11-22 05:42 33189888 c:\windows\Installer\8a258f.msp
+ 2012-03-24 18:47 . 2012-03-24 18:47 11880448 c:\windows\assembly\NativeImages_v4.0.30319_64\System\a9e29e892ad68ac0b88f0480746a0d0b\System.ni.dll
+ 2012-03-24 18:52 . 2012-03-24 18:52 17291264 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\f850dba642b0cc845d9a7d8ac300e243\System.Windows.Forms.ni.dll
+ 2012-03-24 18:54 . 2012-03-24 18:54 24551424 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\bd433ada9b2565b666331b5b1276538a\System.ServiceModel.ni.dll
+ 2012-03-24 18:53 . 2012-03-24 18:53 18480128 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Data.Entity\9aca7097fc620da8481516b2d4e3fede\System.Data.Entity.ni.dll
+ 2012-03-24 18:50 . 2012-03-24 18:50 10440704 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Core\e91a0d844afdda429e0fbd9814f41134\System.Core.ni.dll
+ 2012-03-24 18:51 . 2012-03-24 18:51 24406528 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\8a4ac50c706da226242a99b871c9f981\PresentationFramework.ni.dll
+ 2012-03-24 18:51 . 2012-03-24 18:51 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\b0adff19c63ba3b4be1cae43567af15d\PresentationCore.ni.dll
+ 2012-03-24 18:46 . 2012-03-24 18:46 19355648 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\d9d8d4f8fc868d07be41d4ffb46d7364\mscorlib.ni.dll
+ 2012-03-24 18:47 . 2012-03-24 18:47 13138944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7390d789557549200e474b9bbeca3d1a\System.Windows.Forms.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 18058752 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\c43869b44f633a3ad003a0ad9e79b273\System.ServiceModel.ni.dll
+ 2012-03-24 18:56 . 2012-03-24 18:56 13345792 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\b642a4ad94ff1e027a128b9796878372\System.Data.Entity.ni.dll
+ 2012-03-24 18:47 . 2012-03-24 18:47 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e48a8a41e50ee180c6ca9c50e4575f42\PresentationFramework.ni.dll
+ 2012-03-24 18:47 . 2012-03-24 18:47 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9dee5fd0cf53fc233a7fc20edf8e66ed\PresentationCore.ni.dll
+ 2012-03-24 18:47 . 2012-03-24 18:47 14413824 c:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
+ 2011-09-15 23:34 . 2011-09-15 23:34 428804608 c:\windows\Installer\8a2736.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-05-03 112152]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-12-16 1521000]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-12-22 362432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-8-11 1080608]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-1-12 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2012079050-4074748360-831848816-1822\Scripts\Logon\0\0]
"Script"=logon.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 AndNetDiag;LG AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys [x]
R3 AndNetGps;LG AndroidNet USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandnetgps64.sys [x]
R3 ANDNetModem;LG AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LG AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Ctxusbr;Citrix USB Redirection Driver;c:\windows\system32\DRIVERS\ctxusbr.sys [x]
R3 ctxva51;Citrix Virtual Adapter;c:\windows\system32\DRIVERS\ctxva51.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 KAPFA;KAPFA;c:\windows\system32\drivers\KAPFA.SYS [x]
R3 MAUSBMIDI;Service for M-Audio USB MIDI Series;c:\windows\system32\DRIVERS\MAudioUSBMIDI.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2010-12-09 25072]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-12-16 79208]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-30 126392]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-07-27 74088]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 114024]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]
S2 USBMIDIAudioDevMon;USB MIDI Series Audio Device Monitor;c:\program files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [2010-04-13 1636872]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2008-12-11 417464]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-12-16 155496]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-12-09 22:52]
.
2012-03-25 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-12-09 22:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TpShocks"="TpShocks.exe" [2010-07-02 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-15 307768]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-07-27 62312]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2010-09-18 31592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-16 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-05 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-05 415256]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://connections/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer =
uInternet Settings,ProxyOverride =
Trusted Zone: lpl.com
Trusted Zone: lpl.com\branchnet
Trusted Zone: lpl.com\branchweb
TCP: DhcpNameServer = 209.81.96.130 209.81.96.49 74.127.128.30
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://71.5.104.166/CACHE/stc/1/binaries/vpnweb.cab
DPF: {62FA83F7-20EC-4D62-AC86-BAB705EE1CCD} - hxxp://wegmon1.weg-online.com/klc/resources/cab/LiveConnectX.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020101}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-25 14:31:48
ComboFix-quarantined-files.txt 2012-03-25 19:31
ComboFix2.txt 2012-03-24 16:06
.
Pre-Run: 160,983,961,600 bytes free
Post-Run: 160,700,727,296 bytes free
.
- - End Of File - - 3FEE1ED51898EB837D73900B67F28E67

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 AM

Posted 25 March 2012 - 06:57 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 cdady

cdady
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 26 March 2012 - 08:24 PM

Ran both tools as requested. I am still having the issue with the SearchMagnified redirect. Here are the logs:

20:01:22.0667 5336 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
20:01:24.0677 5336 ============================================================
20:01:24.0677 5336 Current date / time: 2012/03/25 20:01:24.0677
20:01:24.0677 5336 SystemInfo:
20:01:24.0677 5336
20:01:24.0677 5336 OS Version: 6.1.7601 ServicePack: 1.0
20:01:24.0677 5336 Product type: Workstation
20:01:24.0677 5336 ComputerName: R8K33FH
20:01:24.0677 5336 UserName: cdady
20:01:24.0677 5336 Windows directory: C:\Windows
20:01:24.0677 5336 System windows directory: C:\Windows
20:01:24.0677 5336 Running under WOW64
20:01:24.0677 5336 Processor architecture: Intel x64
20:01:24.0677 5336 Number of processors: 4
20:01:24.0677 5336 Page size: 0x1000
20:01:24.0677 5336 Boot type: Normal boot
20:01:24.0677 5336 ============================================================
20:01:26.0847 5336 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
20:01:26.0857 5336 \Device\Harddisk0\DR0:
20:01:26.0857 5336 MBR used
20:01:26.0857 5336 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
20:01:26.0857 5336 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x251D5AB0
20:01:26.0867 5336 Initialize success
20:01:26.0867 5336 ============================================================
20:01:36.0927 6436 ============================================================
20:01:36.0927 6436 Scan started
20:01:36.0927 6436 Mode: Manual;
20:01:36.0927 6436 ============================================================
20:01:37.0767 6436 1394ohci - ok
20:01:37.0777 6436 5U877 - ok
20:01:37.0787 6436 ACPI - ok
20:01:37.0797 6436 AcpiPmi - ok
20:01:37.0807 6436 AcPrfMgrSvc - ok
20:01:37.0817 6436 AcSvc - ok
20:01:37.0857 6436 AdobeARMservice - ok
20:01:37.0867 6436 adp94xx - ok
20:01:37.0877 6436 adpahci - ok
20:01:37.0877 6436 adpu320 - ok
20:01:37.0887 6436 AeLookupSvc - ok
20:01:37.0907 6436 AFD - ok
20:01:37.0917 6436 agp440 - ok
20:01:37.0927 6436 ALG - ok
20:01:37.0927 6436 aliide - ok
20:01:37.0957 6436 amdide - ok
20:01:37.0967 6436 AmdK8 - ok
20:01:37.0977 6436 AmdPPM - ok
20:01:37.0977 6436 amdsata - ok
20:01:37.0987 6436 amdsbs - ok
20:01:37.0997 6436 amdxata - ok
20:01:37.0997 6436 Andbus - ok
20:01:38.0007 6436 AndDiag - ok
20:01:38.0017 6436 AndGps - ok
20:01:38.0017 6436 ANDModem - ok
20:01:38.0027 6436 AndNetDiag - ok
20:01:38.0037 6436 AndNetGps - ok
20:01:38.0047 6436 ANDNetModem - ok
20:01:38.0057 6436 andnetndis - ok
20:01:38.0057 6436 AppID - ok
20:01:38.0067 6436 AppIDSvc - ok
20:01:38.0077 6436 Appinfo - ok
20:01:38.0087 6436 AppMgmt - ok
20:01:38.0107 6436 arc - ok
20:01:38.0107 6436 arcsas - ok
20:01:38.0117 6436 AsyncMac - ok
20:01:38.0117 6436 atapi - ok
20:01:38.0137 6436 AudioEndpointBuilder - ok
20:01:38.0137 6436 AudioSrv - ok
20:01:38.0147 6436 AxInstSV - ok
20:01:38.0217 6436 b06bdrv - ok
20:01:38.0227 6436 b57nd60a - ok
20:01:38.0237 6436 BDESVC - ok
20:01:38.0247 6436 Beep - ok
20:01:38.0297 6436 BFE - ok
20:01:38.0297 6436 BITS - ok
20:01:38.0307 6436 blbdrive - ok
20:01:38.0317 6436 bowser - ok
20:01:38.0327 6436 BrFiltLo - ok
20:01:38.0327 6436 BrFiltUp - ok
20:01:38.0367 6436 BridgeMP - ok
20:01:38.0367 6436 Browser - ok
20:01:38.0377 6436 Brserid - ok
20:01:38.0387 6436 BrSerWdm - ok
20:01:38.0397 6436 BrUsbMdm - ok
20:01:38.0407 6436 BrUsbSer - ok
20:01:38.0417 6436 BthEnum - ok
20:01:38.0427 6436 BTHMODEM - ok
20:01:38.0427 6436 BthPan - ok
20:01:38.0437 6436 BTHPORT - ok
20:01:38.0447 6436 bthserv - ok
20:01:38.0447 6436 BTHUSB - ok
20:01:38.0457 6436 btwaudio - ok
20:01:38.0517 6436 btwavdt - ok
20:01:38.0517 6436 btwdins - ok
20:01:38.0527 6436 btwl2cap - ok
20:01:38.0527 6436 btwrchid - ok
20:01:38.0547 6436 catchme - ok
20:01:38.0607 6436 CAXHWAZL - ok
20:01:38.0607 6436 cdfs - ok
20:01:38.0617 6436 cdrom - ok
20:01:38.0677 6436 CertPropSvc - ok
20:01:38.0687 6436 circlass - ok
20:01:38.0717 6436 CLFS - ok
20:01:38.0717 6436 clr_optimization_v2.0.50727_32 - ok
20:01:38.0727 6436 clr_optimization_v2.0.50727_64 - ok
20:01:38.0737 6436 clr_optimization_v4.0.30319_32 - ok
20:01:38.0747 6436 clr_optimization_v4.0.30319_64 - ok
20:01:38.0757 6436 CmBatt - ok
20:01:38.0757 6436 cmdide - ok
20:01:38.0817 6436 CNG - ok
20:01:38.0877 6436 CnxtHdAudService - ok
20:01:38.0877 6436 Compbatt - ok
20:01:38.0887 6436 CompositeBus - ok
20:01:38.0897 6436 COMSysApp - ok
20:01:38.0897 6436 crcdisk - ok
20:01:38.0907 6436 CryptSvc - ok
20:01:38.0917 6436 CSC - ok
20:01:38.0917 6436 CscService - ok
20:01:38.0977 6436 ctxusbm - ok
20:01:39.0027 6436 Ctxusbr - ok
20:01:39.0087 6436 ctxva51 - ok
20:01:39.0147 6436 dc3d - ok
20:01:39.0157 6436 DcomLaunch - ok
20:01:39.0167 6436 defragsvc - ok
20:01:39.0167 6436 DfsC - ok
20:01:39.0177 6436 Dhcp - ok
20:01:39.0187 6436 discache - ok
20:01:39.0197 6436 Disk - ok
20:01:39.0207 6436 DNE - ok
20:01:39.0217 6436 Dnscache - ok
20:01:39.0217 6436 dot3svc - ok
20:01:39.0227 6436 DozeSvc - ok
20:01:39.0227 6436 DPS - ok
20:01:39.0237 6436 drmkaud - ok
20:01:39.0247 6436 DXGKrnl - ok
20:01:39.0247 6436 DzHDD64 - ok
20:01:39.0287 6436 e1kexpress - ok
20:01:39.0297 6436 EapHost - ok
20:01:39.0297 6436 ebdrv - ok
20:01:39.0367 6436 EFS - ok
20:01:39.0367 6436 ehRecvr - ok
20:01:39.0377 6436 ehSched - ok
20:01:39.0387 6436 elxstor - ok
20:01:39.0387 6436 ErrDev - ok
20:01:39.0437 6436 EventSystem - ok
20:01:39.0507 6436 EvtEng - ok
20:01:39.0507 6436 exfat - ok
20:01:39.0517 6436 fastfat - ok
20:01:39.0517 6436 Fax - ok
20:01:39.0527 6436 fdc - ok
20:01:39.0537 6436 fdPHost - ok
20:01:39.0537 6436 FDResPub - ok
20:01:39.0547 6436 FileInfo - ok
20:01:39.0547 6436 Filetrace - ok
20:01:39.0557 6436 flpydisk - ok
20:01:39.0617 6436 FltMgr - ok
20:01:39.0627 6436 FontCache - ok
20:01:39.0627 6436 FontCache3.0.0.0 - ok
20:01:39.0637 6436 FsDepends - ok
20:01:39.0647 6436 Fs_Rec - ok
20:01:39.0647 6436 fvevol - ok
20:01:39.0657 6436 gagp30kx - ok
20:01:39.0667 6436 gpsvc - ok
20:01:39.0667 6436 hcw85cir - ok
20:01:39.0677 6436 HdAudAddService - ok
20:01:39.0677 6436 HDAudBus - ok
20:01:39.0687 6436 HECIx64 - ok
20:01:39.0697 6436 HidBatt - ok
20:01:39.0697 6436 HidBth - ok
20:01:39.0707 6436 HidIr - ok
20:01:39.0717 6436 hidserv - ok
20:01:39.0717 6436 HidUsb - ok
20:01:39.0727 6436 hkmsvc - ok
20:01:39.0727 6436 HomeGroupListener - ok
20:01:39.0737 6436 HomeGroupProvider - ok
20:01:39.0747 6436 HpSAMD - ok
20:01:39.0807 6436 HsfXAudioService - ok
20:01:39.0817 6436 HSF_DPV - ok
20:01:39.0817 6436 HTTP - ok
20:01:39.0827 6436 hwpolicy - ok
20:01:39.0837 6436 i8042prt - ok
20:01:39.0847 6436 iaStor - ok
20:01:39.0847 6436 iaStorV - ok
20:01:39.0857 6436 IBMPMDRV - ok
20:01:39.0867 6436 IBMPMSVC - ok
20:01:39.0877 6436 idsvc - ok
20:01:39.0877 6436 igfx - ok
20:01:39.0887 6436 iirsp - ok
20:01:39.0887 6436 IKEEXT - ok
20:01:39.0897 6436 Impcd - ok
20:01:39.0907 6436 IntcDAud - ok
20:01:39.0917 6436 intelide - ok
20:01:39.0917 6436 intelppm - ok
20:01:39.0927 6436 IPBusEnum - ok
20:01:39.0927 6436 IpFilterDriver - ok
20:01:39.0937 6436 iphlpsvc - ok
20:01:39.0937 6436 IPMIDRV - ok
20:01:39.0947 6436 IPNAT - ok
20:01:39.0957 6436 IRENUM - ok
20:01:39.0957 6436 isapnp - ok
20:01:39.0967 6436 iScsiPrt - ok
20:01:39.0967 6436 IviRegMgr - ok
20:01:39.0987 6436 KAPFA - ok
20:01:39.0997 6436 kbdclass - ok
20:01:39.0997 6436 kbdhid - ok
20:01:40.0007 6436 KeyIso - ok
20:01:40.0007 6436 KSecDD - ok
20:01:40.0017 6436 KSecPkg - ok
20:01:40.0027 6436 ksthunk - ok
20:01:40.0027 6436 KtmRm - ok
20:01:40.0037 6436 LanmanServer - ok
20:01:40.0037 6436 LanmanWorkstation - ok
20:01:40.0047 6436 LENOVO.CAMMUTE - ok
20:01:40.0067 6436 LENOVO.MICMUTE - ok
20:01:40.0067 6436 lenovo.smi - ok
20:01:40.0077 6436 LENOVO.TPKNRSVC - ok
20:01:40.0077 6436 Lenovo.VIRTSCRLSVC - ok
20:01:40.0087 6436 lltdio - ok
20:01:40.0097 6436 lltdsvc - ok
20:01:40.0097 6436 lmhosts - ok
20:01:40.0107 6436 LMS - ok
20:01:40.0117 6436 LSI_FC - ok
20:01:40.0127 6436 LSI_SAS - ok
20:01:40.0137 6436 LSI_SAS2 - ok
20:01:40.0137 6436 LSI_SCSI - ok
20:01:40.0147 6436 luafv - ok
20:01:40.0147 6436 MAUSBMIDI - ok
20:01:40.0157 6436 Mcx2Svc - ok
20:01:40.0167 6436 mdmxsdk - ok
20:01:40.0167 6436 megasas - ok
20:01:40.0177 6436 MegaSR - ok
20:01:40.0177 6436 MMCSS - ok
20:01:40.0187 6436 Modem - ok
20:01:40.0197 6436 monitor - ok
20:01:40.0197 6436 mouclass - ok
20:01:40.0207 6436 mouhid - ok
20:01:40.0217 6436 mountmgr - ok
20:01:40.0227 6436 MpFilter - ok
20:01:40.0237 6436 mpio - ok
20:01:40.0237 6436 MpNWMon - ok
20:01:40.0247 6436 mpsdrv - ok
20:01:40.0247 6436 MpsSvc - ok
20:01:40.0257 6436 MRxDAV - ok
20:01:40.0257 6436 mrxsmb - ok
20:01:40.0267 6436 mrxsmb10 - ok
20:01:40.0277 6436 mrxsmb20 - ok
20:01:40.0277 6436 msahci - ok
20:01:40.0287 6436 msdsm - ok
20:01:40.0287 6436 MSDTC - ok
20:01:40.0297 6436 Msfs - ok
20:01:40.0307 6436 mshidkmdf - ok
20:01:40.0317 6436 msisadrv - ok
20:01:40.0317 6436 MSiSCSI - ok
20:01:40.0327 6436 msiserver - ok
20:01:40.0337 6436 MSKSSRV - ok
20:01:40.0337 6436 MsMpSvc - ok
20:01:40.0347 6436 MSPCLOCK - ok
20:01:40.0357 6436 MSPQM - ok
20:01:40.0357 6436 MsRPC - ok
20:01:40.0367 6436 mssmbios - ok
20:01:40.0377 6436 MSTEE - ok
20:01:40.0377 6436 MTConfig - ok
20:01:40.0387 6436 Mup - ok
20:01:40.0387 6436 napagent - ok
20:01:40.0397 6436 NativeWifiP - ok
20:01:40.0407 6436 NDIS - ok
20:01:40.0417 6436 NdisCap - ok
20:01:40.0417 6436 NdisTapi - ok
20:01:40.0427 6436 Ndisuio - ok
20:01:40.0427 6436 NdisWan - ok
20:01:40.0437 6436 NDProxy - ok
20:01:40.0447 6436 Nero BackItUp Scheduler 4.0 - ok
20:01:40.0447 6436 NetBIOS - ok
20:01:40.0457 6436 NetBT - ok
20:01:40.0457 6436 Netlogon - ok
20:01:40.0467 6436 Netman - ok
20:01:40.0477 6436 netprofm - ok
20:01:40.0477 6436 NetTcpPortSharing - ok
20:01:40.0487 6436 netw5v64 - ok
20:01:40.0497 6436 NETwNs64 - ok
20:01:40.0507 6436 nfrd960 - ok
20:01:40.0507 6436 NisDrv - ok
20:01:40.0517 6436 NisSrv - ok
20:01:40.0547 6436 NlaSvc - ok
20:01:40.0557 6436 Npfs - ok
20:01:40.0557 6436 nsi - ok
20:01:40.0567 6436 nsiproxy - ok
20:01:40.0577 6436 Ntfs - ok
20:01:40.0577 6436 NuidFltr - ok
20:01:40.0587 6436 Null - ok
20:01:40.0597 6436 nvraid - ok
20:01:40.0607 6436 nvstor - ok
20:01:40.0607 6436 nv_agp - ok
20:01:40.0617 6436 odserv - ok
20:01:40.0627 6436 ohci1394 - ok
20:01:40.0637 6436 ose - ok
20:01:40.0647 6436 p2pimsvc - ok
20:01:40.0647 6436 p2psvc - ok
20:01:40.0657 6436 Parport - ok
20:01:40.0657 6436 partmgr - ok
20:01:40.0667 6436 PcaSvc - ok
20:01:40.0687 6436 PCDSRVC{127174DC-C366ED8B-06020101}_0 - ok
20:01:40.0687 6436 pci - ok
20:01:40.0697 6436 pciide - ok
20:01:40.0697 6436 pcmcia - ok
20:01:40.0707 6436 pcw - ok
20:01:40.0717 6436 PEAUTH - ok
20:01:40.0717 6436 PeerDistSvc - ok
20:01:40.0727 6436 PerfHost - ok
20:01:40.0747 6436 pla - ok
20:01:40.0747 6436 PlugPlay - ok
20:01:40.0767 6436 pmxdrv - ok
20:01:40.0767 6436 PNRPAutoReg - ok
20:01:40.0777 6436 PNRPsvc - ok
20:01:40.0787 6436 Point64 - ok
20:01:40.0787 6436 PolicyAgent - ok
20:01:40.0797 6436 Power - ok
20:01:40.0807 6436 Power Manager DBC Service - ok
20:01:40.0807 6436 PptpMiniport - ok
20:01:40.0817 6436 Processor - ok
20:01:40.0827 6436 ProfSvc - ok
20:01:40.0827 6436 ProtectedStorage - ok
20:01:40.0837 6436 psadd - ok
20:01:40.0837 6436 Psched - ok
20:01:40.0847 6436 ql2300 - ok
20:01:40.0857 6436 ql40xx - ok
20:01:40.0857 6436 QWAVE - ok
20:01:40.0867 6436 QWAVEdrv - ok
20:01:40.0867 6436 RapiMgr - ok
20:01:40.0877 6436 RasAcd - ok
20:01:40.0877 6436 RasAgileVpn - ok
20:01:40.0887 6436 RasAuto - ok
20:01:40.0897 6436 Rasl2tp - ok
20:01:40.0897 6436 RasMan - ok
20:01:40.0907 6436 RasPppoe - ok
20:01:40.0917 6436 RasSstp - ok
20:01:40.0917 6436 rdbss - ok
20:01:40.0917 6436 rdpbus - ok
20:01:40.0947 6436 RDPCDD - ok
20:01:40.0957 6436 RDPDR - ok
20:01:40.0967 6436 RDPENCDD - ok
20:01:40.0977 6436 RDPREFMP - ok
20:01:40.0987 6436 RdpVideoMiniport - ok
20:01:40.0987 6436 RDPWD - ok
20:01:40.0997 6436 rdyboost - ok
20:01:41.0007 6436 RegSrvc - ok
20:01:41.0007 6436 RemoteAccess - ok
20:01:41.0017 6436 RemoteRegistry - ok
20:01:41.0027 6436 RFCOMM - ok
20:01:41.0027 6436 rimspci - ok
20:01:41.0037 6436 rixdpcie - ok
20:01:41.0037 6436 RpcEptMapper - ok
20:01:41.0047 6436 RpcLocator - ok
20:01:41.0057 6436 RpcSs - ok
20:01:41.0057 6436 rspndr - ok
20:01:41.0067 6436 s3cap - ok
20:01:41.0067 6436 SamSs - ok
20:01:41.0077 6436 sbp2port - ok
20:01:41.0087 6436 SCardSvr - ok
20:01:41.0087 6436 scfilter - ok
20:01:41.0097 6436 Schedule - ok
20:01:41.0097 6436 SCPolicySvc - ok
20:01:41.0107 6436 sdbus - ok
20:01:41.0107 6436 SDRSVC - ok
20:01:41.0117 6436 secdrv - ok
20:01:41.0127 6436 seclogon - ok
20:01:41.0127 6436 SENS - ok
20:01:41.0137 6436 SensrSvc - ok
20:01:41.0137 6436 Serenum - ok
20:01:41.0147 6436 Serial - ok
20:01:41.0157 6436 sermouse - ok
20:01:41.0167 6436 SessionEnv - ok
20:01:41.0177 6436 sffdisk - ok
20:01:41.0177 6436 sffp_mmc - ok
20:01:41.0187 6436 sffp_sd - ok
20:01:41.0187 6436 sfloppy - ok
20:01:41.0197 6436 SharedAccess - ok
20:01:41.0207 6436 ShellHWDetection - ok
20:01:41.0207 6436 Shockprf - ok
20:01:41.0217 6436 SiSRaid2 - ok
20:01:41.0217 6436 SiSRaid4 - ok
20:01:41.0227 6436 Smb - ok
20:01:41.0237 6436 SNMPTRAP - ok
20:01:41.0247 6436 spldr - ok
20:01:41.0247 6436 Spooler - ok
20:01:41.0257 6436 sppsvc - ok
20:01:41.0267 6436 sppuinotify - ok
20:01:41.0267 6436 srv - ok
20:01:41.0277 6436 srv2 - ok
20:01:41.0277 6436 SrvHsfHDA - ok
20:01:41.0287 6436 SrvHsfV92 - ok
20:01:41.0297 6436 SrvHsfWinac - ok
20:01:41.0297 6436 srvnet - ok
20:01:41.0307 6436 SSDPSRV - ok
20:01:41.0307 6436 SstpSvc - ok
20:01:41.0317 6436 stexstor - ok
20:01:41.0317 6436 stisvc - ok
20:01:41.0327 6436 storflt - ok
20:01:41.0337 6436 storvsc - ok
20:01:41.0347 6436 SUService - ok
20:01:41.0347 6436 swenum - ok
20:01:41.0357 6436 swprv - ok
20:01:41.0357 6436 Synth3dVsc - ok
20:01:41.0417 6436 SynTP - ok
20:01:41.0417 6436 SysMain - ok
20:01:41.0427 6436 TabletInputService - ok
20:01:41.0437 6436 TapiSrv - ok
20:01:41.0437 6436 TBS - ok
20:01:41.0447 6436 Tcpip - ok
20:01:41.0447 6436 TCPIP6 - ok
20:01:41.0457 6436 tcpipreg - ok
20:01:41.0467 6436 TDPIPE - ok
20:01:41.0477 6436 TDTCP - ok
20:01:41.0477 6436 tdx - ok
20:01:41.0487 6436 TermDD - ok
20:01:41.0497 6436 TermService - ok
20:01:41.0497 6436 Themes - ok
20:01:41.0507 6436 ThinkVantage Registry Monitor Service - ok
20:01:41.0517 6436 THREADORDER - ok
20:01:41.0517 6436 TPDIGIMN - ok
20:01:41.0527 6436 TPHDEXLGSVC - ok
20:01:41.0527 6436 TPHKLOAD - ok
20:01:41.0567 6436 TPHKSVC - ok
20:01:41.0577 6436 TPM - ok
20:01:41.0577 6436 TPPWRIF - ok
20:01:41.0587 6436 TrkWks - ok
20:01:41.0597 6436 TrustedInstaller - ok
20:01:41.0607 6436 tssecsrv - ok
20:01:41.0607 6436 TsUsbFlt - ok
20:01:41.0617 6436 tsusbhub - ok
20:01:41.0627 6436 tunnel - ok
20:01:41.0627 6436 TurboB - ok
20:01:41.0667 6436 TurboBoost - ok
20:01:41.0677 6436 TVT Backup Service - ok
20:01:41.0687 6436 TVTI2C - ok
20:01:41.0687 6436 uagp35 - ok
20:01:41.0697 6436 udfs - ok
20:01:41.0707 6436 UI0Detect - ok
20:01:41.0707 6436 uliagpkx - ok
20:01:41.0717 6436 umbus - ok
20:01:41.0727 6436 UmPass - ok
20:01:41.0727 6436 UmRdpService - ok
20:01:41.0737 6436 UNS - ok
20:01:41.0747 6436 upnphost - ok
20:01:41.0747 6436 usbccgp - ok
20:01:41.0757 6436 usbcir - ok
20:01:41.0767 6436 usbehci - ok
20:01:41.0767 6436 usbhub - ok
20:01:41.0797 6436 USBMIDIAudioDevMon - ok
20:01:41.0807 6436 usbohci - ok
20:01:41.0817 6436 usbprint - ok
20:01:41.0817 6436 USBSTOR - ok
20:01:41.0827 6436 usbuhci - ok
20:01:41.0827 6436 usbvideo - ok
20:01:41.0837 6436 usb_rndisx - ok
20:01:41.0847 6436 UxSms - ok20:01:41.0847 6436 VaultSvc - ok
20:01:41.0857 6436 VClone - ok
20:01:41.0867 6436 vdrvroot - ok
20:01:41.0867 6436 vds - ok
20:01:41.0877 6436 vga - ok
20:01:41.0877 6436 VgaSave - ok
20:01:41.0887 6436 VGPU - ok
20:01:41.0897 6436 vhdmp - ok
20:01:41.0897 6436 viaide - ok
20:01:41.0907 6436 vmbus - ok
20:01:41.0907 6436 VMBusHID - ok
20:01:41.0917 6436 volmgr - ok
20:01:41.0917 6436 volmgrx - ok
20:01:41.0927 6436 volsnap - ok
20:01:41.0937 6436 vpnagent - ok
20:01:41.0947 6436 vpnva - ok
20:01:41.0957 6436 vsmraid - ok
20:01:41.0967 6436 VSS - ok
20:01:41.0967 6436 vwifibus - ok
20:01:41.0977 6436 vwififlt - ok
20:01:41.0977 6436 vwifimp - ok
20:01:41.0987 6436 W32Time - ok
20:01:41.0997 6436 WacomPen - ok
20:01:42.0017 6436 WANARP - ok
20:01:42.0027 6436 Wanarpv6 - ok
20:01:42.0027 6436 WatAdminSvc - ok
20:01:42.0037 6436 wbengine - ok
20:01:42.0047 6436 WbioSrvc - ok
20:01:42.0047 6436 WcesComm - ok
20:01:42.0057 6436 wcncsvc - ok
20:01:42.0057 6436 WcsPlugInService - ok
20:01:42.0067 6436 Wd - ok
20:01:42.0077 6436 Wdf01000 - ok
20:01:42.0077 6436 WdiServiceHost - ok
20:01:42.0087 6436 WdiSystemHost - ok
20:01:42.0087 6436 WebClient - ok
20:01:42.0097 6436 Wecsvc - ok
20:01:42.0107 6436 wercplsupport - ok
20:01:42.0117 6436 WerSvc - ok
20:01:42.0127 6436 WfpLwf - ok
20:01:42.0127 6436 WIMMount - ok
20:01:42.0137 6436 winachsf - ok
20:01:42.0147 6436 WinDefend - ok
20:01:42.0147 6436 WinHttpAutoProxySvc - ok
20:01:42.0157 6436 Winmgmt - ok
20:01:42.0167 6436 WinRM - ok
20:01:42.0177 6436 WinVNC4 - ok
20:01:42.0177 6436 Wlansvc - ok
20:01:42.0187 6436 wlcrasvc - ok
20:01:42.0187 6436 wlidsvc - ok
20:01:42.0197 6436 WmiAcpi - ok
20:01:42.0207 6436 wmiApSrv - ok
20:01:42.0217 6436 WMPNetworkSvc - ok
20:01:42.0217 6436 WPCSvc - ok
20:01:42.0227 6436 WPDBusEnum - ok
20:01:42.0227 6436 ws2ifsl - ok
20:01:42.0237 6436 wscsvc - ok
20:01:42.0247 6436 WSearch - ok
20:01:42.0247 6436 wuauserv - ok
20:01:42.0257 6436 WudfPf - ok
20:01:42.0267 6436 WUDFRd - ok
20:01:42.0267 6436 wudfsvc - ok
20:01:42.0277 6436 WwanSvc - ok
20:01:42.0287 6436 XAudio - ok
20:01:42.0357 6436 MBR (0x1B8) (61b7dd87f4d7e7b80d2463782d112891) \Device\Harddisk0\DR0
20:01:42.0407 6436 \Device\Harddisk0\DR0 - ok
20:01:42.0447 6436 Boot (0x1200) (f3849ba8f6618adb251d440c124b3f58) \Device\Harddisk0\DR0\Partition0
20:01:42.0447 6436 \Device\Harddisk0\DR0\Partition0 - ok
20:01:42.0457 6436 Boot (0x1200) (096e28cf0e747c6696a4446260472e04) \Device\Harddisk0\DR0\Partition1
20:01:42.0457 6436 \Device\Harddisk0\DR0\Partition1 - ok
20:01:42.0457 6436 ============================================================
20:01:42.0457 6436 Scan finished
20:01:42.0457 6436 ============================================================
20:01:42.0477 1624 Detected object count: 0
20:01:42.0477 1624 Actual detected object count: 0

------------------------------------------------------------------------------------------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-25 20:05:34
-----------------------------
20:05:34.327 OS Version: Windows x64 6.1.7601 Service Pack 1
20:05:34.327 Number of processors: 4 586 0x2505
20:05:34.327 ComputerName: R8K33FH UserName: cdady
20:05:39.347 Initialize success
20:16:11.808 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:16:11.818 Disk 0 Vendor: ST932042 0003 Size: 305245MB BusType: 3
20:16:11.828 Disk 0 MBR read successfully
20:16:11.838 Disk 0 MBR scan
20:16:11.838 Disk 0 unknown MBR code
20:16:11.848 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
20:16:11.858 Disk 0 Partition 2 00 07 HPFS/NTFS 304043 MB offset 2459648
20:16:11.868 Disk 0 scanning C:\Windows\system32\drivers
20:16:11.868 Service scanning
20:16:21.168 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
20:16:30.768 Modules scanning
20:16:30.778 Disk 0 trace - called modules:
20:16:30.828 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
20:16:30.838 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d7d060]
20:16:30.848 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8007a3a390]
20:16:30.858 5 ACPI.sys[fffff88000ed97a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007a3f050]
20:16:30.858 Scan finished successfully
20:17:08.788 Disk 0 MBR has been saved successfully to "C:\Users\cdady\Desktop\MBR.dat"
20:17:08.798 The log file has been saved successfully to "C:\Users\cdady\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 AM

Posted 26 March 2012 - 08:38 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 cdady

cdady
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 27 March 2012 - 08:55 AM

Here is the output from the OTL.txt file:

OTL logfile created on: 3/27/2012 8:49:02 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\cdady\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.80 Gb Total Physical Memory | 6.12 Gb Available Physical Memory | 78.46% Memory free
15.60 Gb Paging File | 13.50 Gb Available in Paging File | 86.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 296.92 Gb Total Space | 149.72 Gb Free Space | 50.42% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: R8K33FH | User Name: cdady | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\cdady\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe (M-Audio)
PRC - C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - c:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Program Files (x86)\Citrix\SelfServicePlugin\ExtensionSDK.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (TPHKLOAD) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV:64bit: - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV:64bit: - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (LENOVO.TPKNRSVC) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV:64bit: - (LENOVO.CAMMUTE) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV:64bit: - (Lenovo.VIRTSCRLSVC) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)
SRV:64bit: - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (USBMIDIAudioDevMon) -- C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe (M-Audio)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SUService) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys ()
DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited)
DRV:64bit: - (PCDSRVC{127174DC-C366ED8B-06020101}_0) -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.)
DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.)
DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.)
DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.)
DRV:64bit: - (andnetndis) -- C:\Windows\SysNative\drivers\lgandnetndis64.sys (LG Electronics Inc)
DRV:64bit: - (AndNetGps) -- C:\Windows\SysNative\drivers\lgandnetgps64.sys (LG Electronics Inc.)
DRV:64bit: - (ANDNetModem) -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys (LG Electronics Inc.)
DRV:64bit: - (AndNetDiag) -- C:\Windows\SysNative\drivers\lgandnetdiag64.sys (LG Electronics Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (NETwNs64) ___ Intel® -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ctxva51) -- C:\Windows\SysNative\drivers\ctxva51.sys (Citrix Systems, Inc.)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (e1kexpress) Intel® -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (Ctxusbr) -- C:\Windows\SysNative\drivers\ctxusbr.sys (Citrix Systems, Inc.)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (MAUSBMIDI) -- C:\Windows\SysNative\drivers\MAudioUSBMIDI.sys (M-Audio)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B67ABCF5-5C53-4EEB-863F-9520225F3C44}
IE:64bit: - HKLM\..\SearchScopes\{B67ABCF5-5C53-4EEB-863F-9520225F3C44}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {8D67A01C-6D83-47BE-9269-8F6522F639C3}
IE - HKLM\..\SearchScopes\{8D67A01C-6D83-47BE-9269-8F6522F639C3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2012079050-4074748360-831848816-1822\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://connections/
IE - HKU\S-1-5-21-2012079050-4074748360-831848816-1822\..\SearchScopes,DefaultScope = {30DCDC43-2FEB-4CB4-8805-08435C1E830E}
IE - HKU\S-1-5-21-2012079050-4074748360-831848816-1822\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2012079050-4074748360-831848816-1822\..\SearchScopes\{30DCDC43-2FEB-4CB4-8805-08435C1E830E}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2012079050-4074748360-831848816-1822\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2012079050-4074748360-831848816-1822\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKU\S-1-5-21-2012079050-4074748360-831848816-1822\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2012/03/24 11:02:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\IEDevTools present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\IEDevTools present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\IEDevTools present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\IEDevTools present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present
O7 - HKU\S-1-5-21-2012079050-4074748360-831848816-1822\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKU\S-1-5-21-2012079050-4074748360-831848816-1822\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2012079050-4074748360-831848816-1822\Software\Policies\Microsoft\Internet Explorer\IEDevTools present
O7 - HKU\S-1-5-21-2012079050-4074748360-831848816-1822\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-2012079050-4074748360-831848816-1822\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-2012079050-4074748360-831848816-1822\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-2012079050-4074748360-831848816-1822\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKU\S-1-5-21-2012079050-4074748360-831848816-1822\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present
O7 - HKU\S-1-5-21-2012079050-4074748360-831848816-1822\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2012079050-4074748360-831848816-1822\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\S-1-5-21-2012079050-4074748360-831848816-1822\..Trusted Domains: lpl.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2012079050-4074748360-831848816-1822\..Trusted Domains: lpl.com ([branchnet] https in Trusted sites)
O15 - HKU\S-1-5-21-2012079050-4074748360-831848816-1822\..Trusted Domains: lpl.com ([branchweb] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://71.5.104.166/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {62FA83F7-20EC-4D62-AC86-BAB705EE1CCD} http://wegmon1.weg-online.com/klc/resources/cab/LiveConnectX.cab (SmartCode ViewerX VNC Control)
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} https://kserver.wealthenhancement.com/inc/kaxRemote.dll (kasRmtHlp Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.18.10 10.1.1.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = weg-online.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2215ECD4-A460-4121-99C5-EDB62B19DE83}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45315A13-F0DB-4E08-AF7A-F0A707DD73F8}: DhcpNameServer = 10.1.18.10 10.1.1.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E95CDC5-00A1-4959-B524-9476608F02DA}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/27 08:46:30 | 000,000,000 | ---D | C] -- C:\Users\cdady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2012/03/25 14:18:54 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/24 14:01:43 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/03/24 14:01:43 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/03/24 14:01:43 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/03/24 14:01:43 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/03/24 14:01:43 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/03/24 14:01:43 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/03/24 14:01:43 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/03/24 14:01:43 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/03/24 14:01:43 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/03/24 14:01:43 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/03/24 14:01:43 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/03/24 14:01:43 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/03/24 14:01:43 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/03/24 14:01:43 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/03/24 14:01:43 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/03/24 14:01:43 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/03/24 14:01:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/03/24 14:01:43 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/03/24 14:01:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/03/24 14:01:43 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/03/24 14:01:43 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/03/24 14:01:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/03/24 14:01:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/03/24 14:01:43 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/03/24 14:01:43 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/03/24 14:01:43 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/03/24 14:01:43 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/03/24 14:01:43 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/03/24 14:01:43 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/03/24 14:01:43 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/03/24 14:01:43 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/03/24 14:01:43 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/03/24 14:01:43 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/03/24 14:01:43 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/03/24 14:01:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/03/24 14:01:43 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/03/24 14:01:43 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/03/24 14:01:43 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/03/24 14:01:43 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/03/24 14:01:43 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/03/24 14:01:43 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/03/24 14:01:43 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/03/24 14:01:43 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/03/24 14:01:43 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/03/24 14:01:43 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/03/24 14:01:43 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/03/24 14:01:43 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/03/24 14:01:43 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/03/24 14:01:43 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/03/24 14:01:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/03/24 14:01:43 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/03/24 14:01:43 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/03/24 14:01:43 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/03/24 14:01:43 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/03/24 14:01:43 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/03/24 14:01:43 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/03/24 14:01:43 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/03/24 14:01:43 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/03/24 14:01:43 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/03/24 14:01:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/03/24 14:01:43 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/03/24 14:01:43 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/03/24 14:01:43 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/03/24 14:01:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/03/24 14:01:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/03/24 14:01:43 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/03/24 14:01:43 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/03/24 14:01:43 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/03/24 14:01:43 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/03/24 14:01:43 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/03/24 14:01:43 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/03/24 14:01:43 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/03/24 11:27:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\cdady\Desktop\dds.scr
[2012/03/24 11:11:22 | 000,000,000 | ---D | C] -- C:\Users\cdady\AppData\Local\Google
[2012/03/24 10:50:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/24 10:50:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/24 10:50:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/24 10:49:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/24 10:49:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/18 21:10:16 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/18 21:10:16 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/18 21:10:16 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/18 21:07:50 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/18 21:06:16 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/18 21:06:15 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/18 21:06:14 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/18 20:55:42 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/18 20:55:41 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/03/18 20:55:41 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/02 16:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolarWinds Free Tools
[2012/03/02 16:13:12 | 000,644,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mscomct2.ocx
[2012/03/02 16:13:12 | 000,484,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.00A
[2012/03/02 16:13:12 | 000,147,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.00B
[2012/03/02 16:13:12 | 000,131,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.00C
[2012/03/02 16:13:12 | 000,115,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Msinet.ocx
[2012/03/02 16:13:12 | 000,108,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mswinsck.ocx
[2012/03/02 16:13:11 | 000,995,383 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.007
[2012/03/02 16:13:11 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oc30.dll
[2012/03/02 16:13:11 | 000,502,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.009
[2012/03/02 16:13:11 | 000,349,224 | ---- | C] (Infragistics, Inc.) -- C:\Windows\SysWow64\IGThreed40.ocx
[2012/03/02 16:13:11 | 000,254,005 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.008
[2012/03/02 16:13:11 | 000,209,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tabctl32.ocx
[2012/03/02 16:13:11 | 000,133,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFCANS32.dll
[2012/03/02 16:13:10 | 000,274,432 | ---- | C] (SolarWinds.Net) -- C:\Windows\SysWow64\SolarWinds2001.exe
[2012/03/02 16:13:10 | 000,102,400 | ---- | C] (SolarWinds.Net) -- C:\Windows\SysWow64\SolarWinds2002.exe
[2012/03/02 16:13:10 | 000,069,693 | ---- | C] (SolarWinds.Net) -- C:\Windows\SysWow64\ICMPv50.ocx
[2012/03/02 16:13:10 | 000,055,072 | ---- | C] (SolarWinds.Net) -- C:\Windows\SysWow64\DNSv50.ocx
[2012/03/02 16:13:10 | 000,010,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.006
[2012/03/02 16:13:09 | 000,369,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.005
[2012/03/02 16:13:05 | 000,140,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2012/03/02 16:13:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SolarWinds
[2012/03/02 16:13:04 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.004
[2012/03/02 16:13:04 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.000
[2012/03/02 16:13:04 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.001
[2012/03/02 16:13:04 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.002
[2012/03/02 16:13:04 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.003
[2012/03/02 16:12:52 | 000,000,000 | ---D | C] -- C:\Users\cdady\Desktop\SolarWinds-Wake-On-LAN
[2012/02/27 16:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Citrix
[2012/02/27 16:49:59 | 031,319,992 | ---- | C] (Citrix Systems, Inc.) -- C:\Users\cdady\Desktop\CitrixReceiver.exe
[15 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/27 08:50:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/03/27 08:48:46 | 000,729,816 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/27 08:48:46 | 000,626,512 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/27 08:48:46 | 000,107,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/27 08:46:14 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/03/27 08:46:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/25 20:17:08 | 000,000,512 | ---- | M] () -- C:\Users\cdady\Desktop\MBR.dat
[2012/03/24 14:30:02 | 000,003,562 | ---- | M] () -- C:\Users\cdady\Desktop\Attach.zip
[2012/03/24 14:27:31 | 000,025,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/24 14:27:31 | 000,025,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/24 14:21:03 | 000,001,448 | ---- | M] () -- C:\Users\cdady\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/24 14:19:40 | 1986,789,375 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/24 14:01:43 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/03/24 14:01:43 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/03/24 14:01:43 | 002,308,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/03/24 14:01:43 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/03/24 14:01:43 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/03/24 14:01:43 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/03/24 14:01:43 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/03/24 14:01:43 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/03/24 14:01:43 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/03/24 14:01:43 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/03/24 14:01:43 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/03/24 14:01:43 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/03/24 14:01:43 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/03/24 14:01:43 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/03/24 14:01:43 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/03/24 14:01:43 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/03/24 14:01:43 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/03/24 14:01:43 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/03/24 14:01:43 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/03/24 14:01:43 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/03/24 14:01:43 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/03/24 14:01:43 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/03/24 14:01:43 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/03/24 14:01:43 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/03/24 14:01:43 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/03/24 14:01:43 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/03/24 14:01:43 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/03/24 14:01:43 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/03/24 14:01:43 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/03/24 14:01:43 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/03/24 14:01:43 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/03/24 14:01:43 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/03/24 14:01:43 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/03/24 14:01:43 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/03/24 14:01:43 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/03/24 14:01:43 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/03/24 14:01:43 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/03/24 14:01:43 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/03/24 14:01:43 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/03/24 14:01:43 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/03/24 14:01:43 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/03/24 14:01:43 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/03/24 14:01:43 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/03/24 14:01:43 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/03/24 14:01:43 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/03/24 14:01:43 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/03/24 14:01:43 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/03/24 14:01:43 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/03/24 14:01:43 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/03/24 14:01:43 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/03/24 14:01:43 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/03/24 14:01:43 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/03/24 14:01:43 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/03/24 14:01:43 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/03/24 14:01:43 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/03/24 14:01:43 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/03/24 14:01:43 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/03/24 14:01:43 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/24 14:01:43 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/24 14:01:43 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/03/24 14:01:43 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/03/24 14:01:43 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/03/24 14:01:43 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/03/24 14:01:43 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/03/24 14:01:43 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/03/24 14:01:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/03/24 14:01:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/03/24 14:01:43 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/03/24 14:01:43 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/03/24 14:01:43 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/03/24 14:01:43 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/03/24 14:01:43 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/03/24 14:01:43 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/03/24 14:01:43 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/03/24 11:27:25 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\cdady\Desktop\dds.scr
[2012/03/24 11:02:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/18 21:30:50 | 000,440,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/02 17:05:24 | 2400,401,408 | ---- | M] () -- C:\Users\cdady\Desktop\SW_DVD5_SA_Win_Ent_7_32BIT_English_Full_MLF_X15-70745.ISO
[2012/03/02 16:12:49 | 006,904,227 | ---- | M] () -- C:\Users\cdady\Desktop\SolarWinds-Wake-On-LAN.zip
[2012/02/27 16:50:01 | 031,319,992 | ---- | M] (Citrix Systems, Inc.) -- C:\Users\cdady\Desktop\CitrixReceiver.exe
[2012/02/27 09:16:00 | 000,002,748 | RHS- | M] () -- C:\Users\cdady\ntuser.pol
[15 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/25 20:17:08 | 000,000,512 | ---- | C] () -- C:\Users\cdady\Desktop\MBR.dat
[2012/03/24 14:30:02 | 000,003,562 | ---- | C] () -- C:\Users\cdady\Desktop\Attach.zip
[2012/03/24 14:01:43 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/24 14:01:43 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/24 10:50:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/24 10:50:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/24 10:50:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/24 10:50:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/24 10:50:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/20 09:26:57 | 000,002,021 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix XenCenter.lnk
[2012/03/02 17:04:47 | 2400,401,408 | ---- | C] () -- C:\Users\cdady\Desktop\SW_DVD5_SA_Win_Ent_7_32BIT_English_Full_MLF_X15-70745.ISO
[2012/03/02 16:12:42 | 006,904,227 | ---- | C] () -- C:\Users\cdady\Desktop\SolarWinds-Wake-On-LAN.zip
[2012/03/02 09:58:42 | 2501,894,144 | ---- | C] () -- C:\Users\cdady\Desktop\en_windows_7_professional_x86_dvd_x15-65804.iso
[2012/02/27 16:54:42 | 000,001,133 | ---- | C] () -- C:\Users\cdady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Weg Desktop.lnk
[2012/02/27 16:54:42 | 000,000,000 | -H-- | C] () -- C:\Users\cdady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\receiver
[2012/02/27 16:51:26 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
[2011/08/15 09:49:27 | 000,007,615 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/09 14:56:41 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/18 00:00:48 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/02/17 22:45:19 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/02/17 22:45:18 | 000,105,408 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/02/17 22:45:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

< End of report >

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 AM

Posted 27 March 2012 - 09:30 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
    O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
    O18:64bit: - Protocol\Filter\ica - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    IE - HKU\S-1-5-21-2012079050-4074748360-831848816-1822\..\SearchScopes,DefaultScope = {30DCDC43-2FEB-4CB4-8805-08435C1E830E}
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 cdady

cdady
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 27 March 2012 - 09:21 PM

Ran the fix code as requested. OTL did not ask for a reboot. I am still having the browser hijack issue. Here is the output log from the OTL fix:

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
HKEY_USERS\S-1-5-21-2012079050-4074748360-831848816-1822\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\cdady\Downloads\cmd.bat deleted successfully.
C:\Users\cdady\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: cdady

User: christian

User: Default

User: Default User

User: Public

User: svcMonitor

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: cdady
->Flash cache emptied: 75482 bytes

User: christian
->Flash cache emptied: 43811 bytes

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: svcMonitor
->Flash cache emptied: 56502 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 03272012_211714

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 AM

Posted 27 March 2012 - 09:44 PM

Hello

I want you to go here and click on the fix it button - http://support.microsoft.com/kb/923737


let me know if it works

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 cdady

cdady
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 27 March 2012 - 10:07 PM

Ran the MS fix as requested, and restarted IE9. I am still having the SearchMagnified browser hijack issue in IE9.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 AM

Posted 27 March 2012 - 10:36 PM

OK let me know exactly what you are doing and how it happens


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 cdady

cdady
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 29 March 2012 - 02:41 PM

I think this is resolved, unless you saw something in the logs I posted that indicates that I have a virus. I changed my home page to something else, google.com, and no longer see the issue. I think that this was more related to code in the website that was set as my home page. MalwareBytes and anti-virus scans are coming up clean now.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 AM

Posted 29 March 2012 - 04:33 PM

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:05 AM

Posted 31 March 2012 - 11:32 PM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users