Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Believed to have Zeroaccess and McAfee firewall not turning on


  • This topic is locked This topic is locked
17 replies to this topic

#1 amedcalf

amedcalf

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 02 April 2012 - 03:53 PM

Hi,

I have been asked to post into this section as I am having problems with my computer.

McAfee blocked and deleted a virus. After this the firewall will not stay on.

I did delete a file from quarantine called consrv.dll

Please find attached below DDS log results and the attached.


DDS results---

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by HOME at 21:33:14 on 2012-04-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2940.1913 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\mfevtps.exe
c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111220192707.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Guffins: {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:\Program Files (x86)\Guffins\bar\1.bin\u4bar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe
uRun: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Free YouTube to iPod Converter - C:\Users\HOME\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: ebay.co.uk\cgi5
Trusted Zone: ebay.co.uk\www
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6B47CF1D-11FE-41B2-90C4-6D03B21B5DB2} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6B47CF1D-11FE-41B2-90C4-6D03B21B5DB2}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{6B47CF1D-11FE-41B2-90C4-6D03B21B5DB2}\2445F40756E6A7F6E656D284 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{A22D127C-938C-4DC7-8264-DF55CA381631} : DhcpNameServer = 10.239.24.5
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111220192707.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Guffins: {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:\Program Files (x86)\Guffins\bar\1.bin\u4bar.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-7 55056]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-7 61712]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-03-27 20:38:54 -------- d-----w- C:\Users\HOME\AppData\Roaming\.techniclauncher
2012-03-27 20:33:33 -------- d-----w- C:\Program Files (x86)\WiseConvert
2012-03-27 14:30:37 -------- d-----w- C:\Program Files (x86)\ExpressPCB
2012-03-27 14:29:49 -------- d-----w- C:\Users\HOME\AppData\Local\Downloaded Installations
2012-03-26 19:42:47 -------- d-----w- C:\Program Files (x86)\RonyaSoft
2012-03-26 19:35:12 -------- d-----w- C:\Program Files (x86)\UnderCoverXP
2012-03-26 19:25:05 -------- d-----w- C:\Program Files (x86)\Easy CD & DVD Cover Creator
2012-03-25 14:50:18 -------- d-----w- C:\Users\HOME\AppData\Local\Ilivid Player
2012-03-14 08:30:34 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 08:30:33 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 08:30:33 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 07:31:11 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 07:31:09 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 07:31:09 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 07:30:35 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 07:30:35 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 07:30:35 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 07:30:32 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 07:30:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 07:30:32 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 07:30:32 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-10 22:15:34 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2012-03-08 18:20:27 -------- d-----w- C:\Program Files\iPod
2012-03-08 18:20:26 -------- d-----w- C:\Program Files\iTunes
2012-03-08 18:20:26 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2012-03-01 19:47:41 446464 ----a-w- C:\Windows\NEXON_EU_DownloaderUpdater.exe
2012-03-01 19:47:41 235 ----a-w- C:\Windows\SysWow64\nxEuUninstall.bat
2012-02-22 18:28:34 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-21 21:12:19 0 ----a-w- C:\Windows\SysWow64\shoCBF8.tmp
2012-02-15 11:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 11:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-07 00:15:58 0 ----a-w- C:\Windows\SysWow64\sho91E9.tmp
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
.
============= FINISH: 21:35:29.11 ===============



All help is really appreciated.

Kind Regards

Allan

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:26 AM

Posted 08 April 2012 - 01:21 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 amedcalf

amedcalf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 10 April 2012 - 03:51 PM

Hi Gringo,

Thanks for responding to my call for help.

I have tried using all the links that you have provided but it will not let me download combofix.

I didn't want to try and get it from anywhere else as you provided the links.

Please help.

Kind Regards

Allan

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:26 AM

Posted 10 April 2012 - 06:20 PM

Hello


you are using IE?

Firefox?


what happens?




gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 amedcalf

amedcalf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 10 April 2012 - 11:34 PM

I have now managed to download and use combofix, not sure why it wouldn't let me before.

I am using IE 9.

Combo fix log below :-

ComboFix 12-04-10.02 - HOME 11/04/2012 5:41.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2940.1818 [GMT 1:00]
Running from: c:\users\HOME\Desktop\Combo.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))
.
.
2012-04-11 04:54 . 2012-04-11 04:54 -------- d-----w- c:\users\Mcx2-HOME-TOSH\AppData\Local\temp
2012-04-11 04:54 . 2012-04-11 04:54 -------- d-----w- c:\users\Mcx1-HOME-TOSH\AppData\Local\temp
2012-04-11 04:54 . 2012-04-11 04:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-11 04:54 . 2012-04-11 04:54 -------- d-----w- c:\users\Allan\AppData\Local\temp
2012-04-10 14:24 . 2012-04-10 14:24 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-04-10 14:24 . 2012-04-11 04:59 -------- d-----w- c:\program files (x86)\Steam
2012-04-10 12:43 . 2012-04-11 04:30 -------- d-----w- c:\users\HOME\AppData\Local\LogMeIn Hamachi
2012-04-10 12:43 . 2012-04-10 12:43 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-04-09 16:58 . 2012-04-09 16:58 0 ----a-w- c:\windows\SysWow64\sho8904.tmp
2012-04-06 21:58 . 2012-04-06 22:30 -------- d-----w- c:\users\Public\Games
2012-04-06 21:36 . 2012-04-06 21:36 -------- d-----w- c:\programdata\Blizzard
2012-04-06 09:49 . 2012-04-06 09:49 -------- d-----w- c:\users\HOME\AppData\Roaming\casualArts
2012-04-06 09:49 . 2012-04-06 09:49 -------- d-----w- c:\programdata\casualArts
2012-04-05 19:54 . 2012-04-05 19:54 0 ----a-w- c:\windows\SysWow64\sho2926.tmp
2012-04-05 08:56 . 2012-04-05 08:59 -------- d-----w- c:\users\HOME\AppData\Roaming\RIFT
2012-04-05 08:56 . 2012-04-06 21:27 -------- d-----w- c:\program files (x86)\RIFT Game
2012-03-29 20:33 . 2012-03-29 20:33 -------- d-----w- c:\users\Jack
2012-03-27 20:38 . 2012-04-10 18:09 -------- d-----w- c:\users\HOME\AppData\Roaming\.techniclauncher
2012-03-27 20:33 . 2012-03-27 20:33 -------- d-----w- c:\program files (x86)\WiseConvert
2012-03-27 14:30 . 2012-03-27 14:31 -------- d-----w- c:\program files (x86)\ExpressPCB
2012-03-27 14:29 . 2012-03-27 14:29 -------- d-----w- c:\users\HOME\AppData\Local\Downloaded Installations
2012-03-26 19:42 . 2012-03-26 19:42 -------- d-----w- c:\program files (x86)\RonyaSoft
2012-03-26 19:35 . 2012-03-26 19:39 -------- d-----w- c:\program files (x86)\UnderCoverXP
2012-03-26 19:25 . 2012-03-26 19:29 -------- d-----w- c:\program files (x86)\Easy CD & DVD Cover Creator
2012-03-25 14:50 . 2012-03-25 14:51 -------- d-----w- c:\users\HOME\AppData\Roaming\vlc
2012-03-25 14:50 . 2012-03-25 14:50 -------- d-----w- c:\users\HOME\AppData\Local\Ilivid Player
2012-03-18 21:33 . 2012-03-18 21:33 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-14 08:30 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 08:30 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 08:30 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 07:31 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 07:31 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 07:31 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 07:30 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 07:30 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 07:30 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 07:30 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 07:30 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 07:30 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 07:30 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 19:47 . 2012-03-01 18:49 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat
2012-03-01 19:47 . 2012-03-01 18:49 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2012-02-22 18:28 . 2011-09-27 10:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-21 21:12 . 2012-02-21 21:12 0 ----a-w- c:\windows\SysWow64\shoCBF8.tmp
2012-02-15 11:01 . 2012-02-15 11:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 11:01 . 2012-02-15 11:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-07 00:15 . 2012-02-07 00:15 0 ----a-w- c:\windows\SysWow64\sho91E9.tmp
2012-01-31 21:09 . 2012-01-31 21:09 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe" [2010-03-03 4581280]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2012-03-01 438272]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-04-10 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"NBAgent"="c:\program files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-09 1086760]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Philips Device Listener"="c:\program files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2011-03-03 380416]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RapportKE64;RapportKE64;c:\windows\system32\Drivers\RapportKE64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-07 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-07 61712]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-01-13 103440]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-07 931640]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 18:30]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 18:30]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-02-11 1050072]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to iPod Converter - c:\users\HOME\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
Trusted Zone: ebay.co.uk\cgi5
Trusted Zone: ebay.co.uk\www
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isu
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus\1]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2012-04-11 06:06:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-11 05:06
.
Pre-Run: 26,859,229,184 bytes free
Post-Run: 27,732,193,280 bytes free
.
- - End Of File - - 1CF2A9A4A5F078B290C264E1D28C0913




My firewall is now staying on :) yay

I'll test my computer when I have some more time as I have done this before I left for work.

Please let me know what combofix has done.

Kind Regards

Allan

Edited by amedcalf, 11 April 2012 - 12:21 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:26 AM

Posted 11 April 2012 - 07:49 AM

Greetings Allen

Please let me know what combofix has done.

combofix does so many things under the hood that we can't get into what it does - we need all the advantage we can get from the bad guys

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 amedcalf

amedcalf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 11 April 2012 - 02:24 PM

Hi Gringo

Please find below reports as requested

TDSS Killer -

19:40:28.0318 0816 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
19:40:30.0329 0816 ============================================================
19:40:30.0329 0816 Current date / time: 2012/04/11 19:40:30.0329
19:40:30.0329 0816 SystemInfo:
19:40:30.0329 0816
19:40:30.0329 0816 OS Version: 6.1.7601 ServicePack: 1.0
19:40:30.0329 0816 Product type: Workstation
19:40:30.0329 0816 ComputerName: HOME-TOSH
19:40:30.0329 0816 UserName: HOME
19:40:30.0329 0816 Windows directory: C:\Windows
19:40:30.0329 0816 System windows directory: C:\Windows
19:40:30.0329 0816 Running under WOW64
19:40:30.0329 0816 Processor architecture: Intel x64
19:40:30.0329 0816 Number of processors: 2
19:40:30.0329 0816 Page size: 0x1000
19:40:30.0329 0816 Boot type: Normal boot
19:40:30.0329 0816 ============================================================
19:40:32.0579 0816 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:40:32.0589 0816 \Device\Harddisk0\DR0:
19:40:32.0589 0816 MBR used
19:40:32.0589 0816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0xE86C800
19:40:32.0589 0816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE935000, BlocksNum 0xE890170
19:40:32.0719 0816 Initialize success
19:40:32.0719 0816 ============================================================
19:40:35.0440 6680 ============================================================
19:40:35.0440 6680 Scan started
19:40:35.0440 6680 Mode: Manual;
19:40:35.0440 6680 ============================================================
19:40:38.0310 6680 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
19:40:38.0310 6680 !SASCORE - ok
19:40:38.0560 6680 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:40:38.0570 6680 1394ohci - ok
19:40:38.0990 6680 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:40:39.0000 6680 ACPI - ok
19:40:39.0050 6680 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:40:39.0050 6680 AcpiPmi - ok
19:40:39.0180 6680 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:40:39.0180 6680 AdobeARMservice - ok
19:40:39.0300 6680 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:40:39.0310 6680 adp94xx - ok
19:40:39.0501 6680 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:40:39.0511 6680 adpahci - ok
19:40:39.0591 6680 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:40:39.0601 6680 adpu320 - ok
19:40:39.0641 6680 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:40:39.0641 6680 AeLookupSvc - ok
19:40:39.0941 6680 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:40:39.0971 6680 AFD - ok
19:40:40.0171 6680 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:40:40.0171 6680 agp440 - ok
19:40:40.0321 6680 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:40:40.0331 6680 ALG - ok
19:40:40.0701 6680 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:40:40.0711 6680 aliide - ok
19:40:40.0981 6680 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:40:40.0991 6680 amdide - ok
19:40:41.0101 6680 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:40:41.0111 6680 AmdK8 - ok
19:40:41.0301 6680 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:40:41.0311 6680 AmdPPM - ok
19:40:41.0481 6680 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:40:41.0481 6680 amdsata - ok
19:40:41.0641 6680 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:40:41.0651 6680 amdsbs - ok
19:40:41.0931 6680 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:40:41.0931 6680 amdxata - ok
19:40:42.0191 6680 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:40:42.0201 6680 AppID - ok
19:40:42.0331 6680 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:40:42.0331 6680 AppIDSvc - ok
19:40:42.0531 6680 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:40:42.0541 6680 Appinfo - ok
19:40:42.0741 6680 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:40:42.0751 6680 Apple Mobile Device - ok
19:40:43.0211 6680 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:40:43.0221 6680 arc - ok
19:40:43.0492 6680 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:40:43.0492 6680 arcsas - ok
19:40:43.0712 6680 aspnet_state - ok
19:40:44.0122 6680 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:40:44.0132 6680 AsyncMac - ok
19:40:44.0490 6680 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:40:44.0490 6680 atapi - ok
19:40:45.0080 6680 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys
19:40:45.0140 6680 athr - ok
19:40:45.0910 6680 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:40:45.0950 6680 AudioEndpointBuilder - ok
19:40:46.0000 6680 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:40:46.0010 6680 AudioSrv - ok
19:40:47.0450 6680 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:40:47.0450 6680 AxInstSV - ok
19:40:47.0710 6680 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:40:47.0750 6680 b06bdrv - ok
19:40:48.0070 6680 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:40:48.0080 6680 b57nd60a - ok
19:40:48.0460 6680 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:40:48.0480 6680 BDESVC - ok
19:40:48.0730 6680 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:40:48.0730 6680 Beep - ok
19:40:49.0170 6680 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:40:49.0210 6680 BFE - ok
19:40:49.0601 6680 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
19:40:49.0691 6680 BITS - ok
19:40:50.0071 6680 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:40:50.0071 6680 blbdrive - ok
19:40:50.0331 6680 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:40:50.0341 6680 Bonjour Service - ok
19:40:50.0611 6680 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:40:50.0631 6680 bowser - ok
19:40:50.0871 6680 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:40:50.0881 6680 BrFiltLo - ok
19:40:51.0451 6680 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:40:51.0451 6680 BrFiltUp - ok
19:40:51.0901 6680 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:40:51.0911 6680 BridgeMP - ok
19:40:52.0141 6680 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:40:52.0141 6680 Browser - ok
19:40:52.0572 6680 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:40:52.0582 6680 Brserid - ok
19:40:52.0902 6680 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:40:52.0912 6680 BrSerWdm - ok
19:40:53.0102 6680 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:40:53.0102 6680 BrUsbMdm - ok
19:40:53.0412 6680 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:40:53.0412 6680 BrUsbSer - ok
19:40:53.0812 6680 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:40:53.0812 6680 BTHMODEM - ok
19:40:54.0042 6680 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:40:54.0042 6680 bthserv - ok
19:40:54.0102 6680 catchme - ok
19:40:54.0272 6680 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:40:54.0282 6680 cdfs - ok
19:40:54.0432 6680 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:40:54.0442 6680 cdrom - ok
19:40:54.0562 6680 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:40:54.0572 6680 CertPropSvc - ok
19:40:54.0852 6680 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
19:40:54.0862 6680 cfwids - ok
19:40:55.0062 6680 cfWiMAXService (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
19:40:55.0092 6680 cfWiMAXService - ok
19:40:55.0252 6680 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:40:55.0262 6680 circlass - ok
19:40:55.0392 6680 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:40:55.0402 6680 CLFS - ok
19:40:55.0502 6680 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:40:55.0512 6680 clr_optimization_v2.0.50727_32 - ok
19:40:55.0592 6680 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:40:55.0602 6680 clr_optimization_v2.0.50727_64 - ok
19:40:55.0782 6680 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:40:55.0862 6680 clr_optimization_v4.0.30319_32 - ok
19:40:56.0022 6680 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:40:56.0022 6680 clr_optimization_v4.0.30319_64 - ok
19:40:56.0202 6680 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:40:56.0212 6680 CmBatt - ok
19:40:56.0362 6680 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:40:56.0362 6680 cmdide - ok
19:40:56.0512 6680 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:40:56.0533 6680 CNG - ok
19:40:56.0773 6680 CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\Windows\system32\drivers\CHDRT64.sys
19:40:56.0773 6680 CnxtHdAudService - ok
19:40:57.0003 6680 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:40:57.0003 6680 Compbatt - ok
19:40:57.0123 6680 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:40:57.0123 6680 CompositeBus - ok
19:40:57.0163 6680 COMSysApp - ok
19:40:57.0323 6680 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
19:40:57.0323 6680 ConfigFree Service - ok
19:40:57.0513 6680 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:40:57.0513 6680 crcdisk - ok
19:40:57.0673 6680 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
19:40:57.0673 6680 CryptSvc - ok
19:40:57.0873 6680 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:40:57.0883 6680 cvhsvc - ok
19:40:58.0083 6680 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
19:40:58.0093 6680 dc3d - ok
19:40:58.0243 6680 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:40:58.0253 6680 DcomLaunch - ok
19:40:58.0323 6680 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:40:58.0323 6680 defragsvc - ok
19:40:58.0513 6680 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:40:58.0513 6680 DfsC - ok
19:40:58.0563 6680 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:40:58.0563 6680 Dhcp - ok
19:40:58.0673 6680 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:40:58.0683 6680 discache - ok
19:40:58.0813 6680 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:40:58.0813 6680 Disk - ok
19:40:58.0973 6680 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:40:59.0033 6680 Dnscache - ok
19:40:59.0203 6680 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:40:59.0223 6680 dot3svc - ok
19:40:59.0393 6680 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:40:59.0393 6680 DPS - ok
19:40:59.0544 6680 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:40:59.0554 6680 drmkaud - ok
19:40:59.0814 6680 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:40:59.0824 6680 DXGKrnl - ok
19:40:59.0994 6680 EagleX64 - ok
19:41:00.0164 6680 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:41:00.0164 6680 EapHost - ok
19:41:00.0624 6680 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:41:00.0724 6680 ebdrv - ok
19:41:00.0874 6680 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:41:00.0874 6680 EFS - ok
19:41:01.0034 6680 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:41:01.0084 6680 ehRecvr - ok
19:41:01.0204 6680 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:41:01.0214 6680 ehSched - ok
19:41:01.0384 6680 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:41:01.0414 6680 elxstor - ok
19:41:01.0534 6680 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:41:01.0544 6680 ErrDev - ok
19:41:01.0644 6680 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:41:01.0664 6680 EventSystem - ok
19:41:01.0874 6680 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:41:01.0884 6680 exfat - ok
19:41:02.0024 6680 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:41:02.0034 6680 fastfat - ok
19:41:02.0224 6680 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:41:02.0364 6680 Fax - ok
19:41:02.0564 6680 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:41:02.0564 6680 fdc - ok
19:41:02.0664 6680 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:41:02.0664 6680 fdPHost - ok
19:41:02.0794 6680 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:41:02.0804 6680 FDResPub - ok
19:41:02.0944 6680 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:41:02.0944 6680 FileInfo - ok
19:41:02.0974 6680 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:41:02.0984 6680 Filetrace - ok
19:41:03.0014 6680 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:41:03.0024 6680 flpydisk - ok
19:41:03.0084 6680 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:41:03.0084 6680 FltMgr - ok
19:41:03.0234 6680 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:41:03.0274 6680 FontCache - ok
19:41:03.0354 6680 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:41:03.0424 6680 FontCache3.0.0.0 - ok
19:41:03.0564 6680 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:41:03.0564 6680 FsDepends - ok
19:41:03.0764 6680 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:41:03.0764 6680 Fs_Rec - ok
19:41:04.0004 6680 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:41:04.0014 6680 fvevol - ok
19:41:04.0164 6680 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\Windows\system32\DRIVERS\FwLnk.sys
19:41:04.0164 6680 FwLnk - ok
19:41:04.0224 6680 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:41:04.0234 6680 gagp30kx - ok
19:41:04.0344 6680 GameConsoleService (1a0b9d84beb3306f728bc3009d432f5c) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
19:41:04.0354 6680 GameConsoleService - ok
19:41:04.0494 6680 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
19:41:04.0504 6680 GamesAppService - ok
19:41:04.0704 6680 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
19:41:04.0704 6680 GEARAspiWDM - ok
19:41:04.0964 6680 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:41:05.0054 6680 gpsvc - ok
19:41:05.0274 6680 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:41:05.0284 6680 gupdate - ok
19:41:05.0324 6680 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:41:05.0324 6680 gupdatem - ok
19:41:05.0544 6680 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
19:41:05.0544 6680 hamachi - ok
19:41:05.0724 6680 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
19:41:05.0734 6680 Hamachi2Svc - ok
19:41:05.0984 6680 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:41:05.0994 6680 hcw85cir - ok
19:41:06.0424 6680 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:41:06.0464 6680 HdAudAddService - ok
19:41:06.0644 6680 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:41:06.0664 6680 HDAudBus - ok
19:41:06.0924 6680 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:41:06.0924 6680 HidBatt - ok
19:41:07.0044 6680 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:41:07.0044 6680 HidBth - ok
19:41:07.0094 6680 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:41:07.0104 6680 HidIr - ok
19:41:07.0164 6680 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:41:07.0184 6680 hidserv - ok
19:41:07.0244 6680 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:41:07.0244 6680 HidUsb - ok
19:41:07.0314 6680 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:41:07.0314 6680 hkmsvc - ok
19:41:07.0404 6680 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:41:07.0404 6680 HomeGroupListener - ok
19:41:07.0434 6680 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:41:07.0434 6680 HomeGroupProvider - ok
19:41:07.0494 6680 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:41:07.0494 6680 HpSAMD - ok
19:41:07.0554 6680 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:41:07.0584 6680 HTTP - ok
19:41:07.0744 6680 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:41:07.0744 6680 hwpolicy - ok
19:41:08.0134 6680 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:41:08.0144 6680 i8042prt - ok
19:41:08.0394 6680 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
19:41:08.0404 6680 iaStor - ok
19:41:08.0584 6680 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:41:08.0594 6680 iaStorV - ok
19:41:08.0774 6680 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:41:08.0854 6680 idsvc - ok
19:41:10.0144 6680 igfx (898ab5bfed7040d7ab07af01885eb944) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:41:10.0344 6680 igfx - ok
19:41:10.0694 6680 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:41:10.0694 6680 iirsp - ok
19:41:10.0944 6680 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:41:11.0014 6680 IKEEXT - ok
19:41:11.0254 6680 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:41:11.0254 6680 intelide - ok
19:41:11.0504 6680 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:41:11.0504 6680 intelppm - ok
19:41:11.0674 6680 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:41:11.0674 6680 IPBusEnum - ok
19:41:11.0764 6680 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:41:11.0764 6680 IpFilterDriver - ok
19:41:12.0164 6680 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:41:12.0214 6680 iphlpsvc - ok
19:41:12.0474 6680 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:41:12.0474 6680 IPMIDRV - ok
19:41:12.0624 6680 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:41:12.0634 6680 IPNAT - ok
19:41:12.0834 6680 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
19:41:12.0874 6680 iPod Service - ok
19:41:13.0134 6680 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:41:13.0134 6680 IRENUM - ok
19:41:13.0264 6680 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:41:13.0264 6680 isapnp - ok
19:41:13.0414 6680 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:41:13.0414 6680 iScsiPrt - ok
19:41:13.0564 6680 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:41:13.0564 6680 kbdclass - ok
19:41:13.0694 6680 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:41:13.0694 6680 kbdhid - ok
19:41:13.0944 6680 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:41:13.0954 6680 KeyIso - ok
19:41:14.0264 6680 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:41:14.0274 6680 KSecDD - ok
19:41:14.0554 6680 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:41:14.0564 6680 KSecPkg - ok
19:41:14.0855 6680 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:41:14.0855 6680 ksthunk - ok
19:41:15.0045 6680 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:41:15.0055 6680 KtmRm - ok
19:41:15.0125 6680 L1C (655a5d8e80869781cce23760ada7e695) C:\Windows\system32\DRIVERS\L1C62x64.sys
19:41:15.0125 6680 L1C - ok
19:41:15.0325 6680 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
19:41:15.0335 6680 LanmanServer - ok
19:41:15.0415 6680 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:41:15.0425 6680 LanmanWorkstation - ok
19:41:15.0485 6680 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:41:15.0495 6680 lltdio - ok
19:41:15.0595 6680 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:41:15.0605 6680 lltdsvc - ok
19:41:15.0715 6680 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:41:15.0725 6680 lmhosts - ok
19:41:15.0835 6680 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:41:15.0835 6680 LSI_FC - ok
19:41:15.0905 6680 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:41:15.0915 6680 LSI_SAS - ok
19:41:16.0015 6680 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:41:16.0015 6680 LSI_SAS2 - ok
19:41:16.0395 6680 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:41:16.0405 6680 LSI_SCSI - ok
19:41:16.0585 6680 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:41:16.0595 6680 luafv - ok
19:41:16.0705 6680 McAfee SiteAdvisor Service (be8c524313db75fa26fb2b0c0aaff88e) c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
19:41:16.0745 6680 McAfee SiteAdvisor Service - ok
19:41:16.0935 6680 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:41:16.0945 6680 McMPFSvc - ok
19:41:16.0975 6680 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:41:16.0975 6680 mcmscsvc - ok
19:41:17.0005 6680 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:41:17.0005 6680 McNaiAnn - ok
19:41:17.0025 6680 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:41:17.0025 6680 McNASvc - ok
19:41:17.0245 6680 McODS (b3914a7c97a81acb1e9befe07e4c387f) C:\Program Files\McAfee\VirusScan\mcods.exe
19:41:17.0285 6680 McODS - ok
19:41:17.0455 6680 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
19:41:17.0465 6680 McProxy - ok
19:41:17.0695 6680 McShield (325b166bf78d8a8ad93e44ca7a6fc332) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
19:41:17.0755 6680 McShield - ok
19:41:18.0035 6680 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:41:18.0075 6680 Mcx2Svc - ok
19:41:18.0265 6680 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:41:18.0265 6680 megasas - ok
19:41:18.0335 6680 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:41:18.0335 6680 MegaSR - ok
19:41:18.0435 6680 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
19:41:18.0435 6680 mfeapfk - ok
19:41:18.0615 6680 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
19:41:18.0615 6680 mfeavfk - ok
19:41:18.0825 6680 mfeavfk01 - ok
19:41:19.0105 6680 mfefire (7d8fdc43972d059907e09ee4022f77e8) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
19:41:19.0165 6680 mfefire - ok
19:41:19.0425 6680 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
19:41:19.0435 6680 mfefirek - ok
19:41:19.0615 6680 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
19:41:19.0645 6680 mfehidk - ok
19:41:19.0815 6680 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
19:41:19.0815 6680 mfenlfk - ok
19:41:20.0065 6680 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
19:41:20.0065 6680 mferkdet - ok
19:41:20.0135 6680 mfevtp (8a78905057308b084eaa29a9fe1b4f58) C:\Windows\system32\mfevtps.exe
19:41:20.0195 6680 mfevtp - ok
19:41:20.0325 6680 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
19:41:20.0355 6680 mfewfpk - ok
19:41:20.0595 6680 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:41:20.0605 6680 MMCSS - ok
19:41:20.0925 6680 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:41:20.0925 6680 Modem - ok
19:41:21.0105 6680 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:41:21.0115 6680 monitor - ok
19:41:21.0175 6680 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:41:21.0175 6680 mouclass - ok
19:41:21.0235 6680 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:41:21.0235 6680 mouhid - ok
19:41:21.0305 6680 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:41:21.0305 6680 mountmgr - ok
19:41:21.0365 6680 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:41:21.0375 6680 mpio - ok
19:41:21.0445 6680 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:41:21.0445 6680 mpsdrv - ok
19:41:21.0736 6680 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:41:21.0776 6680 MpsSvc - ok
19:41:21.0936 6680 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:41:21.0946 6680 MRxDAV - ok
19:41:22.0106 6680 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:41:22.0116 6680 mrxsmb - ok
19:41:22.0386 6680 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:41:22.0396 6680 mrxsmb10 - ok
19:41:22.0566 6680 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:41:22.0576 6680 mrxsmb20 - ok
19:41:22.0666 6680 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:41:22.0666 6680 msahci - ok
19:41:22.0916 6680 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:41:22.0926 6680 msdsm - ok
19:41:23.0106 6680 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:41:23.0116 6680 MSDTC - ok
19:41:23.0246 6680 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:41:23.0256 6680 Msfs - ok
19:41:23.0296 6680 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:41:23.0296 6680 mshidkmdf - ok
19:41:23.0366 6680 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:41:23.0366 6680 msisadrv - ok
19:41:23.0436 6680 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:41:23.0456 6680 MSiSCSI - ok
19:41:23.0596 6680 msiserver - ok
19:41:23.0726 6680 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:41:23.0726 6680 MSKSSRV - ok
19:41:23.0956 6680 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:41:23.0966 6680 MSPCLOCK - ok
19:41:24.0086 6680 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:41:24.0096 6680 MSPQM - ok
19:41:24.0176 6680 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:41:24.0186 6680 MsRPC - ok
19:41:24.0266 6680 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:41:24.0266 6680 mssmbios - ok
19:41:24.0506 6680 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:41:24.0506 6680 MSTEE - ok
19:41:24.0606 6680 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:41:24.0616 6680 MTConfig - ok
19:41:24.0656 6680 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:41:24.0656 6680 Mup - ok
19:41:24.0876 6680 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:41:24.0896 6680 napagent - ok
19:41:25.0056 6680 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:41:25.0076 6680 NativeWifiP - ok
19:41:25.0496 6680 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:41:25.0536 6680 NDIS - ok
19:41:25.0636 6680 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:41:25.0646 6680 NdisCap - ok
19:41:25.0726 6680 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:41:25.0736 6680 NdisTapi - ok
19:41:25.0866 6680 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:41:25.0876 6680 Ndisuio - ok
19:41:25.0986 6680 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:41:25.0996 6680 NdisWan - ok
19:41:26.0126 6680 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:41:26.0136 6680 NDProxy - ok
19:41:26.0336 6680 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
19:41:26.0346 6680 Nero BackItUp Scheduler 4.0 - ok
19:41:26.0466 6680 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:41:26.0476 6680 NetBIOS - ok
19:41:26.0566 6680 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:41:26.0566 6680 NetBT - ok
19:41:26.0646 6680 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:41:26.0656 6680 Netlogon - ok
19:41:26.0807 6680 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:41:26.0827 6680 Netman - ok
19:41:26.0997 6680 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:41:27.0017 6680 netprofm - ok
19:41:27.0087 6680 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:41:27.0097 6680 NetTcpPortSharing - ok
19:41:27.0177 6680 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:41:27.0177 6680 nfrd960 - ok
19:41:27.0347 6680 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:41:27.0357 6680 NlaSvc - ok
19:41:27.0467 6680 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:41:27.0477 6680 Npfs - ok
19:41:27.0547 6680 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:41:27.0557 6680 nsi - ok
19:41:27.0577 6680 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:41:27.0587 6680 nsiproxy - ok
19:41:27.0697 6680 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:41:27.0747 6680 Ntfs - ok
19:41:28.0017 6680 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
19:41:28.0017 6680 NuidFltr - ok
19:41:28.0087 6680 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:41:28.0087 6680 Null - ok
19:41:28.0147 6680 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:41:28.0147 6680 nvraid - ok
19:41:28.0197 6680 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:41:28.0207 6680 nvstor - ok
19:41:28.0267 6680 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:41:28.0267 6680 nv_agp - ok
19:41:28.0357 6680 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:41:28.0357 6680 ohci1394 - ok
19:41:28.0497 6680 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:41:28.0557 6680 ose - ok
19:41:28.0987 6680 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:41:29.0147 6680 osppsvc - ok
19:41:29.0327 6680 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:41:29.0347 6680 p2pimsvc - ok
19:41:29.0497 6680 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:41:29.0547 6680 p2psvc - ok
19:41:29.0787 6680 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:41:29.0797 6680 Parport - ok
19:41:29.0977 6680 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:41:29.0987 6680 partmgr - ok
19:41:30.0127 6680 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:41:30.0127 6680 PcaSvc - ok
19:41:30.0277 6680 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:41:30.0287 6680 pci - ok
19:41:30.0497 6680 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:41:30.0497 6680 pciide - ok
19:41:30.0737 6680 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:41:30.0757 6680 pcmcia - ok
19:41:31.0037 6680 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:41:31.0047 6680 pcw - ok
19:41:31.0307 6680 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:41:31.0337 6680 PEAUTH - ok
19:41:31.0497 6680 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:41:31.0497 6680 PerfHost - ok
19:41:31.0687 6680 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:41:31.0777 6680 pla - ok
19:41:31.0917 6680 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:41:31.0927 6680 PlugPlay - ok
19:41:31.0977 6680 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:41:31.0987 6680 PNRPAutoReg - ok
19:41:32.0037 6680 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:41:32.0047 6680 PNRPsvc - ok
19:41:32.0167 6680 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
19:41:32.0167 6680 Point64 - ok
19:41:32.0357 6680 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:41:32.0447 6680 PolicyAgent - ok
19:41:32.0587 6680 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:41:32.0607 6680 Power - ok
19:41:32.0787 6680 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:41:32.0797 6680 PptpMiniport - ok
19:41:33.0067 6680 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:41:33.0077 6680 Processor - ok
19:41:33.0237 6680 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
19:41:33.0237 6680 ProfSvc - ok
19:41:33.0337 6680 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:41:33.0347 6680 ProtectedStorage - ok
19:41:33.0527 6680 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:41:33.0537 6680 Psched - ok
19:41:33.0827 6680 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:41:33.0927 6680 ql2300 - ok
19:41:34.0067 6680 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:41:34.0077 6680 ql40xx - ok
19:41:34.0217 6680 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:41:34.0217 6680 QWAVE - ok
19:41:34.0327 6680 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:41:34.0327 6680 QWAVEdrv - ok
19:41:34.0567 6680 RapportCerberus_34302 (5e0459ed0a8f540d2f7b6e52da12c9d4) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys
19:41:34.0567 6680 RapportCerberus_34302 - ok
19:41:34.0717 6680 RapportEI64 (c3c5f9517aac5848ffb7f66040780c3c) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
19:41:34.0717 6680 RapportEI64 - ok
19:41:34.0907 6680 RapportKE64 (f6cd072af2e424cd4ff82194e36a6f3c) C:\Windows\system32\Drivers\RapportKE64.sys
19:41:34.0907 6680 RapportKE64 - ok
19:41:35.0027 6680 RapportMgmtService (c7d3492630472dc0546715dd4157b6c2) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
19:41:35.0037 6680 RapportMgmtService - ok
19:41:35.0107 6680 RapportPG64 (819e5a7e3729273c252ae35f9e5e0bc8) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
19:41:35.0107 6680 RapportPG64 - ok
19:41:35.0237 6680 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:41:35.0237 6680 RasAcd - ok
19:41:35.0297 6680 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:41:35.0297 6680 RasAgileVpn - ok
19:41:35.0347 6680 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:41:35.0357 6680 RasAuto - ok
19:41:35.0397 6680 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:41:35.0407 6680 Rasl2tp - ok
19:41:35.0447 6680 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:41:35.0457 6680 RasMan - ok
19:41:35.0497 6680 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:41:35.0497 6680 RasPppoe - ok
19:41:35.0557 6680 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:41:35.0567 6680 RasSstp - ok
19:41:35.0627 6680 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:41:35.0637 6680 rdbss - ok
19:41:35.0667 6680 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:41:35.0677 6680 rdpbus - ok
19:41:35.0747 6680 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:41:35.0747 6680 RDPCDD - ok
19:41:35.0887 6680 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:41:35.0887 6680 RDPENCDD - ok
19:41:35.0967 6680 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:41:35.0967 6680 RDPREFMP - ok
19:41:36.0137 6680 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
19:41:36.0167 6680 RDPWD - ok
19:41:36.0367 6680 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:41:36.0377 6680 rdyboost - ok
19:41:36.0587 6680 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:41:36.0597 6680 RemoteAccess - ok
19:41:36.0647 6680 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:41:36.0667 6680 RemoteRegistry - ok
19:41:36.0717 6680 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:41:36.0727 6680 RpcEptMapper - ok
19:41:36.0777 6680 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:41:36.0777 6680 RpcLocator - ok
19:41:36.0857 6680 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
19:41:36.0867 6680 RpcSs - ok
19:41:37.0147 6680 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:41:37.0147 6680 rspndr - ok
19:41:37.0307 6680 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys
19:41:37.0307 6680 RSUSBSTOR - ok
19:41:37.0387 6680 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:41:37.0397 6680 SamSs - ok
19:41:37.0477 6680 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:41:37.0477 6680 SASDIFSV - ok
19:41:37.0497 6680 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:41:37.0497 6680 SASKUTIL - ok
19:41:37.0767 6680 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:41:37.0767 6680 sbp2port - ok
19:41:37.0917 6680 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:41:37.0917 6680 SCardSvr - ok
19:41:38.0117 6680 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:41:38.0117 6680 scfilter - ok
19:41:38.0377 6680 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:41:38.0437 6680 Schedule - ok
19:41:38.0607 6680 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:41:38.0617 6680 SCPolicySvc - ok
19:41:38.0727 6680 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:41:38.0737 6680 SDRSVC - ok
19:41:38.0967 6680 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:41:38.0967 6680 secdrv - ok
19:41:39.0057 6680 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:41:39.0067 6680 seclogon - ok
19:41:39.0107 6680 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:41:39.0107 6680 SENS - ok
19:41:39.0177 6680 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:41:39.0177 6680 SensrSvc - ok
19:41:39.0247 6680 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:41:39.0247 6680 Serenum - ok
19:41:39.0277 6680 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:41:39.0287 6680 Serial - ok
19:41:39.0327 6680 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:41:39.0337 6680 sermouse - ok
19:41:39.0407 6680 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:41:39.0407 6680 SessionEnv - ok
19:41:39.0467 6680 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:41:39.0477 6680 sffdisk - ok
19:41:39.0537 6680 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:41:39.0547 6680 sffp_mmc - ok
19:41:39.0737 6680 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:41:39.0747 6680 sffp_sd - ok
19:41:39.0987 6680 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:41:39.0997 6680 sfloppy - ok
19:41:40.0267 6680 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
19:41:40.0277 6680 Sftfs - ok
19:41:40.0407 6680 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:41:40.0407 6680 sftlist - ok
19:41:40.0557 6680 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:41:40.0557 6680 Sftplay - ok
19:41:40.0627 6680 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:41:40.0627 6680 Sftredir - ok
19:41:40.0707 6680 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
19:41:40.0707 6680 Sftvol - ok
19:41:40.0937 6680 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:41:40.0937 6680 sftvsa - ok
19:41:41.0187 6680 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:41:41.0197 6680 SharedAccess - ok
19:41:41.0387 6680 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:41:41.0407 6680 ShellHWDetection - ok
19:41:41.0477 6680 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:41:41.0487 6680 SiSRaid2 - ok
19:41:41.0517 6680 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:41:41.0527 6680 SiSRaid4 - ok
19:41:41.0647 6680 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:41:41.0647 6680 SkypeUpdate - ok
19:41:41.0878 6680 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:41:41.0878 6680 Smb - ok
19:41:42.0008 6680 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:41:42.0018 6680 SNMPTRAP - ok
19:41:42.0098 6680 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:41:42.0098 6680 spldr - ok
19:41:42.0288 6680 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:41:42.0298 6680 Spooler - ok
19:41:42.0548 6680 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:41:42.0578 6680 sppsvc - ok
19:41:42.0708 6680 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:41:42.0708 6680 sppuinotify - ok
19:41:42.0868 6680 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:41:42.0958 6680 srv - ok
19:41:43.0118 6680 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:41:43.0118 6680 srv2 - ok
19:41:43.0328 6680 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:41:43.0358 6680 srvnet - ok
19:41:43.0428 6680 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:41:43.0438 6680 SSDPSRV - ok
19:41:43.0528 6680 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:41:43.0528 6680 SstpSvc - ok
19:41:43.0588 6680 Steam Client Service - ok
19:41:43.0688 6680 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:41:43.0698 6680 stexstor - ok
19:41:43.0908 6680 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:41:43.0938 6680 stisvc - ok
19:41:44.0018 6680 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:41:44.0018 6680 swenum - ok
19:41:44.0138 6680 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:41:44.0158 6680 swprv - ok
19:41:44.0278 6680 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\Windows\system32\DRIVERS\SynTP.sys
19:41:44.0288 6680 SynTP - ok
19:41:44.0588 6680 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:41:44.0638 6680 SysMain - ok
19:41:44.0768 6680 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:41:44.0778 6680 TabletInputService - ok
19:41:45.0018 6680 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:41:45.0028 6680 TapiSrv - ok
19:41:45.0298 6680 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:41:45.0298 6680 TBS - ok
19:41:45.0688 6680 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:41:45.0748 6680 Tcpip - ok
19:41:46.0278 6680 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:41:46.0298 6680 TCPIP6 - ok
19:41:46.0428 6680 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:41:46.0428 6680 tcpipreg - ok
19:41:46.0568 6680 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
19:41:46.0568 6680 tdcmdpst - ok
19:41:46.0628 6680 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:41:46.0638 6680 TDPIPE - ok
19:41:46.0718 6680 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:41:46.0718 6680 TDTCP - ok
19:41:46.0928 6680 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:41:46.0928 6680 tdx - ok
19:41:47.0018 6680 TemproMonitoringService (1b43fdbfe5a98f6b3d90595c6b2e5277) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
19:41:47.0028 6680 TemproMonitoringService - ok
19:41:47.0298 6680 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:41:47.0308 6680 TermDD - ok
19:41:47.0418 6680 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:41:47.0448 6680 TermService - ok
19:41:47.0488 6680 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:41:47.0488 6680 Themes - ok
19:41:47.0518 6680 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:41:47.0528 6680 THREADORDER - ok
19:41:47.0668 6680 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:41:47.0668 6680 TMachInfo - ok
19:41:47.0908 6680 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
19:41:47.0958 6680 TODDSrv - ok
19:41:48.0128 6680 TosCoSrv (98c864481d62f86ec8af65be3419a95b) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
19:41:48.0188 6680 TosCoSrv - ok
19:41:48.0298 6680 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:41:48.0308 6680 TOSHIBA HDD SSD Alert Service - ok
19:41:48.0388 6680 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:41:48.0398 6680 TrkWks - ok
19:41:48.0438 6680 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:41:48.0448 6680 TrustedInstaller - ok
19:41:48.0528 6680 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:41:48.0538 6680 tssecsrv - ok
19:41:48.0708 6680 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:41:48.0718 6680 TsUsbFlt - ok
19:41:48.0858 6680 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:41:48.0868 6680 tunnel - ok
19:41:49.0098 6680 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
19:41:49.0098 6680 TVALZ - ok
19:41:49.0228 6680 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:41:49.0228 6680 uagp35 - ok
19:41:49.0298 6680 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:41:49.0298 6680 udfs - ok
19:41:49.0378 6680 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:41:49.0388 6680 UI0Detect - ok
19:41:49.0458 6680 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:41:49.0468 6680 uliagpkx - ok
19:41:49.0528 6680 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:41:49.0528 6680 umbus - ok
19:41:49.0678 6680 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:41:49.0688 6680 UmPass - ok
19:41:49.0859 6680 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:41:49.0869 6680 upnphost - ok
19:41:50.0009 6680 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
19:41:50.0009 6680 USBAAPL64 - ok
19:41:50.0149 6680 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:41:50.0159 6680 usbaudio - ok
19:41:50.0279 6680 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:41:50.0279 6680 usbccgp - ok
19:41:50.0339 6680 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:41:50.0339 6680 usbcir - ok
19:41:50.0479 6680 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:41:50.0489 6680 usbehci - ok
19:41:50.0659 6680 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:41:50.0679 6680 usbhub - ok
19:41:50.0869 6680 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:41:50.0879 6680 usbohci - ok
19:41:50.0929 6680 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:41:50.0929 6680 usbprint - ok
19:41:50.0989 6680 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:41:50.0989 6680 USBSTOR - ok
19:41:51.0049 6680 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
19:41:51.0049 6680 usbuhci - ok
19:41:51.0099 6680 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
19:41:51.0109 6680 usbvideo - ok
19:41:51.0169 6680 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:41:51.0179 6680 UxSms - ok
19:41:51.0239 6680 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:41:51.0239 6680 VaultSvc - ok
19:41:51.0349 6680 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:41:51.0359 6680 vdrvroot - ok
19:41:51.0539 6680 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:41:51.0549 6680 vds - ok
19:41:51.0599 6680 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:41:51.0599 6680 vga - ok
19:41:51.0649 6680 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:41:51.0659 6680 VgaSave - ok
19:41:51.0719 6680 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:41:51.0729 6680 vhdmp - ok
19:41:51.0769 6680 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:41:51.0769 6680 viaide - ok
19:41:51.0819 6680 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:41:51.0819 6680 volmgr - ok
19:41:51.0909 6680 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:41:51.0909 6680 volmgrx - ok
19:41:51.0959 6680 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:41:51.0969 6680 volsnap - ok
19:41:52.0009 6680 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:41:52.0019 6680 vsmraid - ok
19:41:52.0099 6680 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:41:52.0159 6680 VSS - ok
19:41:52.0239 6680 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:41:52.0239 6680 vwifibus - ok
19:41:52.0319 6680 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:41:52.0319 6680 vwififlt - ok
19:41:52.0389 6680 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:41:52.0389 6680 vwifimp - ok
19:41:52.0439 6680 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:41:52.0459 6680 W32Time - ok
19:41:52.0529 6680 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:41:52.0539 6680 WacomPen - ok
19:41:52.0719 6680 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:41:52.0729 6680 WANARP - ok
19:41:52.0739 6680 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:41:52.0739 6680 Wanarpv6 - ok
19:41:53.0079 6680 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:41:53.0159 6680 WatAdminSvc - ok
19:41:53.0349 6680 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:41:53.0399 6680 wbengine - ok
19:41:53.0439 6680 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:41:53.0439 6680 WbioSrvc - ok
19:41:53.0489 6680 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:41:53.0499 6680 wcncsvc - ok
19:41:53.0529 6680 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:41:53.0539 6680 WcsPlugInService - ok
19:41:53.0579 6680 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:41:53.0589 6680 Wd - ok
19:41:53.0619 6680 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:41:53.0639 6680 Wdf01000 - ok
19:41:53.0679 6680 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:41:53.0689 6680 WdiServiceHost - ok
19:41:53.0709 6680 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:41:53.0709 6680 WdiSystemHost - ok
19:41:53.0809 6680 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:41:53.0819 6680 WebClient - ok
19:41:53.0859 6680 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:41:53.0879 6680 Wecsvc - ok
19:41:53.0929 6680 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:41:53.0929 6680 wercplsupport - ok
19:41:53.0949 6680 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:41:53.0959 6680 WerSvc - ok
19:41:54.0009 6680 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:41:54.0009 6680 WfpLwf - ok
19:41:54.0049 6680 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:41:54.0059 6680 WIMMount - ok
19:41:54.0109 6680 WinDefend - ok
19:41:54.0119 6680 WinHttpAutoProxySvc - ok
19:41:54.0269 6680 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:41:54.0299 6680 Winmgmt - ok
19:41:54.0389 6680 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:41:54.0459 6680 WinRM - ok
19:41:54.0689 6680 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:41:54.0699 6680 WinUsb - ok
19:41:54.0769 6680 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:41:54.0799 6680 Wlansvc - ok
19:41:55.0129 6680 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:41:55.0219 6680 wlidsvc - ok
19:41:55.0319 6680 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:41:55.0329 6680 WmiAcpi - ok
19:41:55.0439 6680 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:41:55.0439 6680 wmiApSrv - ok
19:41:55.0499 6680 WMPNetworkSvc - ok
19:41:55.0719 6680 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:41:55.0729 6680 WPCSvc - ok
19:41:55.0809 6680 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:41:55.0819 6680 WPDBusEnum - ok
19:41:55.0889 6680 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:41:55.0899 6680 ws2ifsl - ok
19:41:56.0019 6680 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
19:41:56.0029 6680 wscsvc - ok
19:41:56.0039 6680 WSearch - ok
19:41:56.0309 6680 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
19:41:56.0379 6680 wuauserv - ok
19:41:56.0499 6680 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:41:56.0499 6680 WudfPf - ok
19:41:56.0749 6680 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:41:56.0749 6680 WUDFRd - ok
19:41:56.0850 6680 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:41:56.0860 6680 wudfsvc - ok
19:41:56.0930 6680 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:41:56.0970 6680 WwanSvc - ok
19:41:57.0030 6680 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:41:57.0120 6680 \Device\Harddisk0\DR0 - ok
19:41:57.0130 6680 Boot (0x1200) (dbd42ea87640ddff4ad85ad6db47d148) \Device\Harddisk0\DR0\Partition0
19:41:57.0130 6680 \Device\Harddisk0\DR0\Partition0 - ok
19:41:57.0150 6680 Boot (0x1200) (68940da91f4f91d95be816d03b3032c6) \Device\Harddisk0\DR0\Partition1
19:41:57.0160 6680 \Device\Harddisk0\DR0\Partition1 - ok
19:41:57.0160 6680 ============================================================
19:41:57.0160 6680 Scan finished
19:41:57.0160 6680 ============================================================
19:41:57.0180 6720 Detected object count: 0
19:41:57.0180 6720 Actual detected object count: 0



aswMBR -

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-11 19:43:47
-----------------------------
19:43:47.895 OS Version: Windows x64 6.1.7601 Service Pack 1
19:43:47.895 Number of processors: 2 586 0x170A
19:43:47.895 ComputerName: HOME-TOSH UserName: HOME
19:43:49.385 Initialize success
19:44:42.629 AVAST engine defs: 12041100
19:45:08.332 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:45:08.342 Disk 0 Vendor: ST925031 0002 Size: 238475MB BusType: 3
19:45:08.352 Disk 0 MBR read successfully
19:45:08.362 Disk 0 MBR scan
19:45:08.372 Disk 0 Windows 7 default MBR code
19:45:08.372 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
19:45:08.392 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 119001 MB offset 821248
19:45:08.422 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 119072 MB offset 244535296
19:45:08.492 Disk 0 scanning C:\Windows\system32\drivers
19:45:26.425 Service scanning
19:46:02.760 Modules scanning
19:46:02.770 Disk 0 trace - called modules:
19:46:02.800 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:46:02.810 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003e1c230]
19:46:02.820 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002d17050]
19:46:04.570 AVAST engine scan C:\Windows
19:46:11.421 AVAST engine scan C:\Windows\system32
19:52:29.223 AVAST engine scan C:\Windows\system32\drivers
19:52:49.578 AVAST engine scan C:\Users\HOME
20:05:10.760 AVAST engine scan C:\ProgramData
20:10:35.418 Scan finished successfully
20:18:11.055 Disk 0 MBR has been saved successfully to "C:\Users\HOME\Desktop\MBR.dat"
20:18:15.105 The log file has been saved successfully to "C:\Users\HOME\Desktop\aswMBR.txt"
20:22:23.711 Disk 0 MBR has been saved successfully to "C:\Users\HOME\Desktop\MBR.dat"
20:22:23.721 The log file has been saved successfully to "C:\Users\HOME\Desktop\aswMBR.txt"


So far my firewall is staying on but my internet is slow and sometimes takes ages to do anything.

Again I thank you for your assistance.

Kind Regards

Allan

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:26 AM

Posted 11 April 2012 - 04:08 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\users\HOME\AppData\Local\Ilivid Player

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 amedcalf

amedcalf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 12 April 2012 - 12:25 PM

Hi Gringo

Computer not running too bad at the moment

Combofix log below

ComboFix 12-04-10.02 - HOME 12/04/2012 6:28.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2940.1660 [GMT 1:00]
Running from: c:\users\HOME\Desktop\Combo.exe
Command switches used :: c:\users\HOME\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\GuffinsEI
c:\program files (x86)\Retrogamer_2zEI
c:\users\HOME\AppData\Local\Ilivid Player
c:\users\HOME\AppData\Local\Ilivid Player\script.qscript
.
.
((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))
.
.
2012-04-12 05:47 . 2012-04-12 05:47 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-04-12 05:47 . 2012-04-12 05:47 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-04-12 05:47 . 2012-04-12 05:47 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-04-12 05:47 . 2012-04-12 05:47 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-04-12 05:47 . 2012-04-12 05:47 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-04-12 05:47 . 2012-04-12 05:47 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-04-12 05:46 . 2012-04-12 05:46 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-04-12 05:46 . 2012-04-12 05:46 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-04-12 05:46 . 2012-04-12 05:46 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-04-12 05:46 . 2012-04-12 05:46 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-04-12 05:46 . 2012-04-12 05:46 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-04-12 05:46 . 2012-04-12 05:46 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-04-12 05:46 . 2012-04-12 05:46 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-04-12 05:46 . 2012-04-12 05:46 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-04-12 05:46 . 2012-04-12 05:46 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-04-12 05:46 . 2012-04-12 05:46 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-04-12 05:46 . 2012-04-12 05:46 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-04-12 05:44 . 2012-04-12 05:44 -------- d-----w- c:\users\Mcx2-HOME-TOSH\AppData\Local\temp
2012-04-12 05:44 . 2012-04-12 05:44 -------- d-----w- c:\users\Mcx1-HOME-TOSH\AppData\Local\temp
2012-04-12 05:44 . 2012-04-12 05:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-12 05:44 . 2012-04-12 05:44 -------- d-----w- c:\users\Allan\AppData\Local\temp
2012-04-11 21:03 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 21:03 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 21:03 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 21:03 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 21:03 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 21:03 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 21:03 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 14:24 . 2012-04-10 14:24 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-04-10 14:24 . 2012-04-12 05:48 -------- d-----w- c:\program files (x86)\Steam
2012-04-10 12:43 . 2012-04-12 05:48 -------- d-----w- c:\users\HOME\AppData\Local\LogMeIn Hamachi
2012-04-10 12:43 . 2012-04-10 12:43 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-04-09 16:58 . 2012-04-09 16:58 0 ----a-w- c:\windows\SysWow64\sho8904.tmp
2012-04-06 21:58 . 2012-04-06 22:30 -------- d-----w- c:\users\Public\Games
2012-04-06 21:36 . 2012-04-06 21:36 -------- d-----w- c:\programdata\Blizzard
2012-04-06 09:49 . 2012-04-06 09:49 -------- d-----w- c:\users\HOME\AppData\Roaming\casualArts
2012-04-06 09:49 . 2012-04-06 09:49 -------- d-----w- c:\programdata\casualArts
2012-04-05 19:54 . 2012-04-05 19:54 0 ----a-w- c:\windows\SysWow64\sho2926.tmp
2012-04-05 08:56 . 2012-04-05 08:59 -------- d-----w- c:\users\HOME\AppData\Roaming\RIFT
2012-04-05 08:56 . 2012-04-06 21:27 -------- d-----w- c:\program files (x86)\RIFT Game
2012-03-29 20:33 . 2012-03-29 20:33 -------- d-----w- c:\users\Jack
2012-03-27 20:38 . 2012-04-11 07:10 -------- d-----w- c:\users\HOME\AppData\Roaming\.techniclauncher
2012-03-27 20:33 . 2012-03-27 20:33 -------- d-----w- c:\program files (x86)\WiseConvert
2012-03-27 14:30 . 2012-03-27 14:31 -------- d-----w- c:\program files (x86)\ExpressPCB
2012-03-27 14:29 . 2012-03-27 14:29 -------- d-----w- c:\users\HOME\AppData\Local\Downloaded Installations
2012-03-26 19:42 . 2012-03-26 19:42 -------- d-----w- c:\program files (x86)\RonyaSoft
2012-03-26 19:35 . 2012-03-26 19:39 -------- d-----w- c:\program files (x86)\UnderCoverXP
2012-03-26 19:25 . 2012-03-26 19:29 -------- d-----w- c:\program files (x86)\Easy CD & DVD Cover Creator
2012-03-25 14:50 . 2012-03-25 14:51 -------- d-----w- c:\users\HOME\AppData\Roaming\vlc
2012-03-18 21:33 . 2012-03-18 21:33 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-14 07:31 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 07:31 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 07:31 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 07:30 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 07:30 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 07:30 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 07:30 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 07:30 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 07:30 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 07:30 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 19:47 . 2012-03-01 18:49 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat
2012-03-01 19:47 . 2012-03-01 18:49 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2012-02-22 18:28 . 2011-09-27 10:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-21 21:12 . 2012-02-21 21:12 0 ----a-w- c:\windows\SysWow64\shoCBF8.tmp
2012-02-15 11:01 . 2012-02-15 11:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 11:01 . 2012-02-15 11:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-07 00:15 . 2012-02-07 00:15 0 ----a-w- c:\windows\SysWow64\sho91E9.tmp
2012-01-31 21:09 . 2012-01-31 21:09 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-11_04.59.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-02-15 20:15 . 2011-12-14 02:50 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2012-04-11 21:07 . 2012-02-28 01:03 72704 c:\windows\SysWOW64\mshtmled.dll
- 2012-02-15 20:15 . 2011-12-14 02:54 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-04-11 21:07 . 2012-02-28 01:08 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-04-11 21:07 . 2012-02-28 01:08 65024 c:\windows\SysWOW64\jsproxy.dll
- 2012-02-15 20:15 . 2011-12-14 02:54 65024 c:\windows\SysWOW64\jsproxy.dll
- 2012-04-11 04:57 . 2012-04-11 04:57 11799 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-04-12 05:46 . 2012-04-12 05:46 11799 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-04-08 07:37 . 2012-04-11 19:38 65374 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-12 05:17 45904 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-26 18:20 . 2012-04-12 05:17 19724 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1508307326-1187430495-114805669-1001_UserData.bin
- 2012-02-15 20:15 . 2011-12-14 06:57 96256 c:\windows\system32\mshtmled.dll
+ 2012-04-11 21:07 . 2012-02-28 06:43 96256 c:\windows\system32\mshtmled.dll
- 2012-02-15 20:15 . 2011-12-14 07:02 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-04-11 21:07 . 2012-02-28 06:47 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2012-02-15 20:15 . 2011-12-14 07:01 85504 c:\windows\system32\jsproxy.dll
+ 2012-04-11 21:07 . 2012-02-28 06:47 85504 c:\windows\system32\jsproxy.dll
+ 2011-09-26 18:15 . 2012-04-12 05:15 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-26 18:15 . 2012-04-11 04:29 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-26 18:15 . 2012-04-11 04:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-26 18:15 . 2012-04-12 05:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-12 05:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-11 04:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-04-12 05:20 90360 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-03-13 18:05 . 2012-03-13 18:05 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-03-13 08:30 . 2012-03-13 08:30 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-03-13 08:30 . 2012-03-13 08:30 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-12 05:39 . 2012-04-12 05:39 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\66b5c693a8aa660276216d7a521da5e2\System.Web.DynamicData.Design.ni.dll
+ 2012-04-12 05:31 . 2012-04-12 05:31 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\cbd82b42e689fd2cf7db2ce9e7cdc3af\WindowsLiveWriter.ni.exe
+ 2012-04-12 05:31 . 2012-04-12 05:31 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a0dc95aed5461ec895c47cb52e8a4b5d\WindowsLive.Writer.Api.ni.dll
+ 2012-04-12 05:34 . 2012-04-12 05:34 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1371ed674fc04f510cb41524e2d4322d\System.Web.DynamicData.Design.ni.dll
+ 2011-09-28 23:31 . 2012-04-11 05:56 7784 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-09-28 23:31 . 2012-04-09 16:58 7784 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-04-11 04:58 . 2012-04-11 04:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-12 05:46 . 2012-04-12 05:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-11 04:58 . 2012-04-11 04:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-12 05:46 . 2012-04-12 05:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-15 20:15 . 2011-12-14 02:55 231936 c:\windows\SysWOW64\url.dll
+ 2012-04-11 21:07 . 2012-02-28 01:09 231936 c:\windows\SysWOW64\url.dll
+ 2012-04-11 21:07 . 2012-02-28 01:06 716800 c:\windows\SysWOW64\jscript.dll
- 2012-02-15 20:15 . 2011-12-14 02:53 716800 c:\windows\SysWOW64\jscript.dll
- 2012-02-15 20:15 . 2011-12-14 02:47 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-04-11 21:07 . 2012-02-28 00:59 176640 c:\windows\SysWOW64\ieui.dll
- 2009-07-14 04:54 . 2012-04-11 04:58 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-12 05:46 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-11 04:58 835584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-12 05:46 835584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-11 21:07 . 2012-02-28 06:48 237056 c:\windows\system32\url.dll
- 2012-02-15 20:15 . 2011-12-14 07:03 237056 c:\windows\system32\url.dll
+ 2009-07-14 02:36 . 2012-04-11 21:10 625284 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-11 21:10 110664 c:\windows\system32\perfc009.dat
+ 2012-04-11 21:07 . 2012-02-28 06:45 818688 c:\windows\system32\jscript.dll
- 2012-02-15 20:15 . 2011-12-14 07:00 818688 c:\windows\system32\jscript.dll
+ 2012-04-11 21:07 . 2012-02-28 06:39 248320 c:\windows\system32\ieui.dll
- 2012-02-15 20:15 . 2011-12-14 06:53 248320 c:\windows\system32\ieui.dll
+ 2011-09-26 18:27 . 2012-04-12 05:45 959216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-04-12 05:45 230752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-11 04:57 230752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-15 23:09 . 2012-04-11 07:58 589216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1508307326-1187430495-114805669-1001-4096.dat
- 2011-11-15 23:09 . 2012-04-10 18:37 589216 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1508307326-1187430495-114805669-1001-4096.dat
+ 2012-01-21 16:40 . 2012-01-21 16:40 616216 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll
+ 2012-04-11 20:53 . 2012-01-26 23:31 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
+ 2012-01-21 16:40 . 2012-01-21 16:40 616216 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
+ 2012-04-11 20:53 . 2012-01-26 23:33 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 616216 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-03-13 08:31 . 2012-03-13 08:31 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-03-13 08:31 . 2012-03-13 08:31 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-03-13 08:30 . 2012-03-13 08:30 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-03-13 08:30 . 2012-03-13 08:30 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-03-13 08:30 . 2012-03-13 08:30 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-04-12 05:44 . 2012-04-12 05:44 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\3893bfa343bfd255531a743ffa660722\WindowsFormsIntegration.ni.dll
+ 2012-04-12 05:44 . 2012-04-12 05:44 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\a38a67bfd6245b2f72eb918a57d37bcd\System.ServiceProcess.ni.dll
+ 2012-04-12 05:44 . 2012-04-12 05:44 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\cdf11c8e0679ce7ff91dc37c6e1b5545\System.Messaging.ni.dll
+ 2012-04-12 05:40 . 2012-04-12 05:40 289280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\81c23cf78d9779b1447762a8ffb26d0b\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-04-12 05:35 . 2012-04-12 05:35 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\099f5e2a2b9eaf41a35cbec0d63d460a\WindowsFormsIntegration.ni.dll
+ 2012-04-12 05:35 . 2012-04-12 05:35 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\488e0b257db20d53bd5edda0f1c614a7\System.ServiceProcess.ni.dll
+ 2012-04-12 05:35 . 2012-04-12 05:35 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\bf45540b61c851711f08ac296ebc655f\System.Messaging.ni.dll
+ 2012-04-12 05:35 . 2012-04-12 05:35 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\6aa091b2ae403ca6f50ead62e6ff5187\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-04-12 05:40 . 2012-04-12 05:40 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\718e8186ee8de8555888be444b86d443\WindowsFormsIntegration.ni.dll
+ 2012-04-12 05:40 . 2012-04-12 05:40 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\6138a7bf63fa559ffe856b586e369ba2\TaskScheduler.ni.dll
+ 2012-04-12 05:39 . 2012-04-12 05:39 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\01e6d953aaaada7216112df9e0f39c11\System.Web.Routing.ni.dll
+ 2012-04-12 05:39 . 2012-04-12 05:39 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\32b4d44198ecd16ca5deb1024642313f\System.Web.Entity.ni.dll
+ 2012-04-12 05:39 . 2012-04-12 05:39 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\9d7b9e05e5bc7eab07de61a8dd70757a\System.Web.Entity.Design.ni.dll
+ 2012-04-12 05:39 . 2012-04-12 05:39 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\e59cbe4ccb29922c44bf66d3ae044b32\System.Web.DynamicData.ni.dll
+ 2012-04-12 05:39 . 2012-04-12 05:39 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\cb674da808088671f0633d46d1dade03\System.Web.Abstractions.ni.dll
+ 2012-04-12 05:23 . 2012-04-12 05:23 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\2ea95f3113ace6c1adf4ab9f9fc4285e\System.ServiceProcess.ni.dll
+ 2012-04-12 05:36 . 2012-04-12 05:36 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\c5bef7173a92e1a66e3f7a34eeed891f\System.Messaging.ni.dll
+ 2012-04-12 05:23 . 2012-04-12 05:23 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\a94125636875d06389922fcd86b7a615\System.Drawing.Design.ni.dll
+ 2012-04-12 05:39 . 2012-04-12 05:39 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\cc4082d64c96ff7569aa540b2bfb4e4e\napsnap.ni.dll
+ 2012-04-12 05:39 . 2012-04-12 05:39 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\30d62e0be22cd4569141c32f8650773b\napinit.ni.dll
+ 2012-04-12 05:37 . 2012-04-12 05:37 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\0da2c8a454593084e0215266b5572bf0\MMCFxCommon.ni.dll
+ 2012-04-12 05:37 . 2012-04-12 05:37 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ecaf4199c3937827b85be8e8ac36de2b\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-04-12 05:37 . 2012-04-12 05:37 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\8dd963b1ac45ad4d484855d9853747bd\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-04-12 05:37 . 2012-04-12 05:37 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\fe924ef08b715e71e410270c60cc372c\Microsoft.ManagementConsole.ni.dll
+ 2012-04-12 05:38 . 2012-04-12 05:38 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\857d04eadbf226277488bfabfda2a01d\mcplayerinterop.ni.dll
+ 2012-04-12 05:38 . 2012-04-12 05:38 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\7a2e04f455b793a14e9d1df5fdd93bf7\mcGlidHostObj.ni.dll
+ 2012-04-12 05:37 . 2012-04-12 05:37 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\56c25b27b777af0b93999261cfeec0cd\EventViewer.ni.dll
+ 2012-04-12 05:36 . 2012-04-12 05:36 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\2c9f3eaa3e79d491c1e29ab58fdcc54a\ehExtHost.ni.exe
+ 2012-04-12 05:32 . 2012-04-12 05:32 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\ae3312395070c09c34a7ce4b244eea26\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-04-12 05:31 . 2012-04-12 05:31 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\eabeff6b96ba49ae4580c30985178255\WindowsLive.Writer.Interop.ni.dll
+ 2012-04-12 05:31 . 2012-04-12 05:31 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d22ab41f815eaee923fc185587cb5358\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-04-12 05:31 . 2012-04-12 05:31 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bd572a011fea0c068da577b95317b0a6\WindowsLive.Writer.Controls.ni.dll
+ 2012-04-12 05:31 . 2012-04-12 05:31 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ba3519c39315237f3fe51f1a8e0058bb\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-04-12 05:31 . 2012-04-12 05:31 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b7cf348bb303ea4b09ea1e9a1f4c2a9f\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-04-12 05:31 . 2012-04-12 05:31 258560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ac2d8ffc66c7dab83d44429b3747a696\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-04-12 05:31 . 2012-04-12 05:31 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a20fc6da7d53dee4b4769485664c88b3\WindowsLive.Writer.Localization.ni.dll
+ 2012-04-12 05:31 . 2012-04-12 05:31 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7e0011756468300189bbd67ebb70ee58\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-04-12 05:31 . 2012-04-12 05:31 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\616b97185066b41cd07aa5f2c0ab87af\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-04-12 05:31 . 2012-04-12 05:31 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\421cbc3b33fc5a49bf4cb913e1798fba\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-04-12 05:31 . 2012-04-12 05:31 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\37baec4007ba80e3f4e14a73a9fa802f\WindowsLive.Writer.Passport.ni.dll
+ 2012-04-12 05:31 . 2012-04-12 05:31 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\d6c93384b37778bc90c49c7b7a6c1de1\WindowsLive.Client.ni.dll
+ 2012-04-12 05:34 . 2012-04-12 05:34 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\688abb339fb8301c37b0889a0d01dfa3\WindowsFormsIntegration.ni.dll
+ 2012-04-12 05:34 . 2012-04-12 05:34 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\97d8bd8f21969a91b7c5171031250d1e\TaskScheduler.ni.dll
+ 2012-04-12 05:34 . 2012-04-12 05:34 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\2d9aab831590b771aa70cd6991f7af88\System.Web.Routing.ni.dll
+ 2012-04-12 05:34 . 2012-04-12 05:34 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\47e3f7fa0b07e85e269f2e152e0e5e29\System.Web.Extensions.Design.ni.dll
+ 2012-04-12 05:34 . 2012-04-12 05:34 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\3595f5769afb7d38aa5a05abef97364c\System.Web.Entity.ni.dll
+ 2012-04-12 05:34 . 2012-04-12 05:34 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\7485eeab1b46532b35d7ab5814a43a30\System.Web.Entity.Design.ni.dll
+ 2012-04-12 05:34 . 2012-04-12 05:34 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ec083a1d2f94e4c565545f9d090c5039\System.Web.DynamicData.ni.dll
+ 2012-04-12 05:34 . 2012-04-12 05:34 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\88430faf21e241f93d02711e35173de6\System.Web.Abstractions.ni.dll
+ 2012-04-12 05:19 . 2012-04-12 05:19 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c2c7f68605a42caef1b7a19c51de58b4\System.ServiceProcess.ni.dll
+ 2012-04-12 05:33 . 2012-04-12 05:33 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\69b1de7425d09eb9fe42f81882d2896e\System.Messaging.ni.dll
+ 2012-04-12 05:19 . 2012-04-12 05:19 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b64b898fd099d1644a8673137ac56011\System.Drawing.Design.ni.dll
+ 2012-04-12 05:34 . 2012-04-12 05:34 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\2ffec892832457d3530d59a9da07324c\napsnap.ni.dll
+ 2012-04-12 05:34 . 2012-04-12 05:34 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\1167a79ab309e2a4e6da2bd2dbea01a6\napinit.ni.dll
+ 2012-04-12 05:33 . 2012-04-12 05:33 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\c83df01d683dbeb36be10218cc50ff03\MMCFxCommon.ni.dll
+ 2012-04-12 05:33 . 2012-04-12 05:33 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\68842b507f3ad7fa603bf57c813c6a0c\Microsoft.ManagementConsole.ni.dll
+ 2012-04-12 05:33 . 2012-04-12 05:33 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\4e2b9e7e956dcee6a9721b57c8ccde60\EventViewer.ni.dll
+ 2012-04-12 05:33 . 2012-04-12 05:33 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\380a1283ad9a74eb337feb276453a87f\ehExtHost32.ni.exe
+ 2012-04-11 20:53 . 2012-01-26 23:33 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-02-15 20:15 . 2011-12-14 02:57 1127424 c:\windows\SysWOW64\wininet.dll
+ 2012-04-11 21:07 . 2012-02-28 01:11 1127424 c:\windows\SysWOW64\wininet.dll
+ 2012-04-11 21:07 . 2012-02-28 01:12 1103360 c:\windows\SysWOW64\urlmon.dll
- 2012-02-15 20:15 . 2011-12-14 02:57 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-04-11 21:07 . 2012-03-06 05:59 3913072 c:\windows\SysWOW64\ntoskrnl.exe
+ 2012-04-11 21:07 . 2012-03-06 05:59 3968368 c:\windows\SysWOW64\ntkrnlpa.exe
- 2012-03-14 08:30 . 2011-11-19 14:50 3968368 c:\windows\SysWOW64\ntkrnlpa.exe
+ 2012-04-11 21:07 . 2012-02-28 01:18 1799168 c:\windows\SysWOW64\jscript9.dll
+ 2012-04-11 21:07 . 2012-02-28 01:04 1792000 c:\windows\SysWOW64\iertutil.dll
- 2012-02-15 20:15 . 2011-12-14 02:52 1792000 c:\windows\SysWOW64\iertutil.dll
+ 2012-04-11 21:07 . 2012-02-28 01:27 9705984 c:\windows\SysWOW64\ieframe.dll
- 2009-07-14 04:54 . 2012-04-11 04:58 3080192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-12 05:46 3080192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-15 20:15 . 2011-12-14 07:04 1390080 c:\windows\system32\wininet.dll
+ 2012-04-11 21:07 . 2012-02-28 06:49 1390080 c:\windows\system32\wininet.dll
- 2012-02-15 20:15 . 2011-12-14 07:04 1345536 c:\windows\system32\urlmon.dll
+ 2012-04-11 21:07 . 2012-02-28 06:50 1345536 c:\windows\system32\urlmon.dll
- 2012-03-14 08:30 . 2011-11-19 15:20 5559152 c:\windows\system32\ntoskrnl.exe
+ 2012-04-11 21:07 . 2012-03-06 06:53 5559152 c:\windows\system32\ntoskrnl.exe
+ 2012-04-11 21:07 . 2012-02-28 06:56 2311168 c:\windows\system32\jscript9.dll
+ 2012-04-11 21:07 . 2012-02-28 06:43 2144256 c:\windows\system32\iertutil.dll
- 2012-02-15 20:15 . 2011-12-14 06:59 2144256 c:\windows\system32\iertutil.dll
+ 2009-07-14 04:45 . 2012-04-12 05:19 7113196 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-04-06 06:57 7113196 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2012-03-13 18:05 . 2012-03-13 18:05 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-03-13 18:05 . 2012-03-13 18:05 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-03-13 08:30 . 2012-03-13 08:30 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-03-13 08:31 . 2012-03-13 08:31 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-03-13 08:30 . 2012-03-13 08:30 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-03-13 08:30 . 2012-03-13 08:30 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-04-11 21:10 . 2012-04-11 21:10 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-22 09:20 . 2012-01-22 09:20 1707520 c:\windows\Installer\55556a.msp
+ 2012-04-12 05:40 . 2012-04-12 05:40 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\fb00cd7183b28470878a3b5687929a56\WindowsBase.ni.dll
+ 2012-04-12 05:44 . 2012-04-12 05:44 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\80de3f9f56bed3e05ba97741905abddb\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-04-12 05:43 . 2012-04-12 05:43 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\21c096f214db354198e2664473875f06\System.Printing.ni.dll
+ 2012-04-12 05:42 . 2012-04-12 05:42 2303488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\9bcabb321026ee927401cbba73dff054\System.Drawing.ni.dll
+ 2012-04-12 05:42 . 2012-04-12 05:42 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\90ec5a09a2329a45554d79e0fd9fbbee\System.Deployment.ni.dll
+ 2012-04-12 05:43 . 2012-04-12 05:43 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\45d4a9fa235f5658f8c9b89f6a4f691f\System.Activities.Presentation.ni.dll
+ 2012-04-12 05:43 . 2012-04-12 05:43 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\8ad595c3d0668d10777d8ce28b88cc7c\ReachFramework.ni.dll
+ 2012-04-12 05:42 . 2012-04-12 05:42 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\cb31bfb24a52f83cf826c00979827ba6\PresentationUI.ni.dll
+ 2012-04-12 05:40 . 2012-04-12 05:40 1838080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\96723fe4390cc2babaded28c43eff391\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-04-12 05:40 . 2012-04-12 05:40 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\5281ac494089700d1c72c16478ab3363\Microsoft.VisualBasic.ni.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\32a65725ff7d128428e35d8100dad4be\WindowsBase.ni.dll
+ 2012-04-12 05:35 . 2012-04-12 05:35 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\4eb0735617e05d98ed22131e31b0d973\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-04-12 05:35 . 2012-04-12 05:35 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\782e1742e6127de03962c3103400241e\System.Printing.ni.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 1665536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\64ea1d0193e735b953c94d16d6fd2146\System.Drawing.ni.dll
+ 2012-04-12 05:35 . 2012-04-12 05:35 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\08051a9e56d07150d9378894c57b4e18\System.Deployment.ni.dll
+ 2012-04-12 05:35 . 2012-04-12 05:35 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\84ae511c48d5e26cd5f13b0fb69879cd\System.Activities.Presentation.ni.dll
+ 2012-04-12 05:35 . 2012-04-12 05:35 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\4f4fd880a3818be02d67616a5e65df2e\ReachFramework.ni.dll
+ 2012-04-12 05:35 . 2012-04-12 05:35 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\a1462eaba7a540fbcb3de1e77c10c8b1\PresentationUI.ni.dll
+ 2012-04-12 05:35 . 2012-04-12 05:35 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\e1aae9d211470e08285dbcd64daba287\Microsoft.VisualBasic.ni.dll
+ 2012-04-12 05:35 . 2012-04-12 05:35 1136640 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\0e3d768112b712b83e87f3f36bd9523e\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-04-12 05:40 . 2012-04-12 05:40 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\8f4bee781d2709ba927b31c6bee8abce\System.WorkflowServices.ni.dll
+ 2012-04-12 05:24 . 2012-04-12 05:24 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\d26e6d07c2e10bc55c2bfd2440ec14bc\System.Workflow.ComponentModel.ni.dll
+ 2012-04-12 05:24 . 2012-04-12 05:24 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\f044eaa5dc79454c4081bdbea81bf67e\System.Workflow.Activities.ni.dll
+ 2012-04-12 05:40 . 2012-04-12 05:40 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\57631b92442dcbaa782800614f11eed4\System.Web.Mobile.ni.dll
+ 2012-04-12 05:39 . 2012-04-12 05:39 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\f21b305ec2cacfd1737aba590508716a\System.Web.Extensions.ni.dll
+ 2012-04-12 05:39 . 2012-04-12 05:39 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\01e5bdd5a9c2db218cf64aff1875bf10\System.Web.Extensions.Design.ni.dll
+ 2012-04-12 05:22 . 2012-04-12 05:22 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\7e62d5f06809c96b0e957cc948d98d7c\System.Printing.ni.dll
+ 2012-04-12 05:21 . 2012-04-12 05:21 2317312 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\95d41ace5d8803b9318366ad5f0fbdff\System.Drawing.ni.dll
+ 2012-04-12 05:20 . 2012-04-12 05:20 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\7e705656ef1ee9078e0d51699d9e0858\System.Deployment.ni.dll
+ 2012-04-12 05:22 . 2012-04-12 05:22 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\df3b4d20eaf81da80db9be811947e475\ReachFramework.ni.dll
+ 2012-04-12 05:22 . 2012-04-12 05:22 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\8e76dcfa3f4676022f95437037c8ad51\PresentationUI.ni.dll
+ 2012-04-12 05:39 . 2012-04-12 05:39 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\92ab2a505e2b1e55887248752fc8791b\Narrator.ni.exe
+ 2012-04-12 05:39 . 2012-04-12 05:39 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\b843ee3c17f0b9d517f74f2fc2cef321\MMCEx.ni.dll
+ 2012-04-12 05:38 . 2012-04-12 05:38 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\ff499b53b4b43e5cf6175a7d95fb15ea\MIGUIControls.ni.dll
+ 2012-04-12 05:39 . 2012-04-12 05:39 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\a2368cca7264c3f047d16fefcb29ca66\Microsoft.VisualBasic.ni.dll
+ 2012-04-12 05:38 . 2012-04-12 05:38 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a365fda36604d8f8b6ea67667dc3dd46\Microsoft.PowerShell.Editor.ni.dll
+ 2012-04-12 05:38 . 2012-04-12 05:38 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a1c24b217f836d73170c0f32b7dda5c2\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-04-12 05:36 . 2012-04-12 05:36 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\8dff78b6458b3995288e7e89aa7ae34a\Microsoft.MediaCenter.ni.dll
+ 2012-04-12 05:36 . 2012-04-12 05:36 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\88b7272ddb53920b927a7ef59fd3ad6a\Microsoft.MediaCenter.UI.ni.dll
+ 2012-04-12 05:38 . 2012-04-12 05:38 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\1225d00b36449afd4a4314eadcb8bf58\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-04-12 05:38 . 2012-04-12 05:38 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\9e91d7c4464a12eb7d2c174ffc56c168\Microsoft.Ink.ni.dll
+ 2012-04-12 05:38 . 2012-04-12 05:38 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\a67cf1480b9711c9e9da320bc5114879\Microsoft.Build.Tasks.ni.dll
+ 2012-04-12 05:38 . 2012-04-12 05:38 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\7b5c7863043af7cd47dfb104c0fe6879\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-04-12 05:36 . 2012-04-12 05:36 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\a1c741fa6d3e2635dd2a2a77890c87b5\mcstore.ni.dll
+ 2012-04-12 05:31 . 2012-04-12 05:31 1105408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f260b29a4e7b2f5f69d30845b2b2e43c\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-04-12 05:31 . 2012-04-12 05:31 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e98b247cb28ac884c673eab88d9c4114\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-04-12 05:31 . 2012-04-12 05:31 6394368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e2af41c4623b34757f33ce4800ed3696\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-04-12 05:34 . 2012-04-12 05:34 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\d362f68d3bf954ba55a4494a659492af\System.WorkflowServices.ni.dll
+ 2012-04-12 05:19 . 2012-04-12 05:19 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6d2f8bad410dae6049507d7bc097a62d\System.Workflow.ComponentModel.ni.dll
+ 2012-04-12 05:19 . 2012-04-12 05:19 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\31fd6842b7ccb502dc2f5f11c1f991bd\System.Workflow.Activities.ni.dll
+ 2012-04-12 05:34 . 2012-04-12 05:34 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\a118322b0f5ffc0e67c06658e8788e1d\System.Web.Mobile.ni.dll
+ 2012-04-12 05:34 . 2012-04-12 05:34 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e6747d0470e8a42907df14af10862844\System.Web.Extensions.ni.dll
+ 2012-04-12 05:19 . 2012-04-12 05:19 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0b27d6da6e6bc319c3805435b818c1e5\System.Printing.ni.dll
+ 2012-04-12 05:18 . 2012-04-12 05:18 1590784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
+ 2012-04-12 05:18 . 2012-04-12 05:18 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\e45611cad86870a7011bb18b9e993861\System.Deployment.ni.dll
+ 2012-04-12 05:32 . 2012-04-12 05:32 1310720 c:\windows\assembly\NativeImages_v2.0.50727_32\SmartAudio\7b12b27395a9393eafdf239588e3b19d\SmartAudio.ni.exe
+ 2012-04-12 05:19 . 2012-04-12 05:19 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\ffe872f5d03f8bf4d1e1aca71274aec4\ReachFramework.ni.dll
+ 2012-04-12 05:19 . 2012-04-12 05:19 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\167ae650f54f5cd46c07329972f179ad\PresentationUI.ni.dll
+ 2012-04-12 05:34 . 2012-04-12 05:34 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\a61a4567bd8a09a0068db7fcc46151e1\Narrator.ni.exe
+ 2012-04-12 05:34 . 2012-04-12 05:34 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\a8ac3e062a13d75ff8d632bed75358b0\MMCEx.ni.dll
+ 2012-04-12 05:33 . 2012-04-12 05:33 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\2a348513f0f83117bedeb39a7d10b034\MIGUIControls.ni.dll
+ 2012-04-12 05:33 . 2012-04-12 05:33 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ce70b84dbb9970e1893672c5d430c80\Microsoft.VisualBasic.ni.dll
+ 2012-04-12 05:33 . 2012-04-12 05:33 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a7364db379808ebdee5cd876d5af2656\Microsoft.PowerShell.Editor.ni.dll
+ 2012-04-12 05:33 . 2012-04-12 05:33 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2a9dff80feb7cf8dbac17adb959159ca\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-04-12 05:33 . 2012-04-12 05:33 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4a603d10666b9ee9487e7f0ce27c1c68\Microsoft.MediaCenter.UI.ni.dll
+ 2012-04-12 05:33 . 2012-04-12 05:33 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\142b59a72b233db75ede02941b86291d\Microsoft.MediaCenter.ni.dll
+ 2012-04-12 05:33 . 2012-04-12 05:33 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\ffc29e128c4ddebb991189d617ed1bf7\Microsoft.Ink.ni.dll
+ 2012-04-12 05:33 . 2012-04-12 05:33 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\0c9d80e810caa6aeb85bd4d253281434\Microsoft.Build.Tasks.ni.dll
+ 2012-04-12 05:33 . 2012-04-12 05:33 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\008b235de7df9c690e3f289f3c776eda\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-04-12 05:33 . 2012-04-12 05:33 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\227b7eaefe6ae6b78190516516793b4b\mcstore.ni.dll
+ 2012-04-11 21:07 . 2012-02-28 01:52 12281856 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2012-04-12 05:14 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-03-14 18:10 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-04-11 21:07 . 2012-02-28 07:34 17790976 c:\windows\system32\mshtml.dll
+ 2011-09-30 05:36 . 2012-04-11 21:03 57249312 c:\windows\system32\MRT.exe
+ 2012-04-11 21:07 . 2012-02-28 07:02 10888704 c:\windows\system32\ieframe.dll
- 2011-11-03 08:24 . 2012-04-11 04:57 30401044 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1508307326-1187430495-114805669-1001-12288.dat
+ 2011-11-03 08:24 . 2012-04-12 05:45 30401044 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1508307326-1187430495-114805669-1001-12288.dat
+ 2012-04-12 05:43 . 2012-04-12 05:43 17353728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\c80f2e11e938ed65b843f750add94b35\System.Windows.Forms.ni.dll
+ 2012-04-12 05:42 . 2012-04-12 05:42 24407040 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\b93196152e384bd43b9abf1e20c8d067\PresentationFramework.ni.dll
+ 2012-04-12 05:41 . 2012-04-12 05:41 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\fc074b5198bd925a4f5b48403bba0e34\PresentationCore.ni.dll
+ 2012-04-11 21:11 . 2012-04-11 21:11 13197312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\a36af74ac369a8c1f3171cd6fb18f3a6\System.Windows.Forms.ni.dll
+ 2012-04-11 21:12 . 2012-04-11 21:12 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\caf9fdf2957d955ccb07d837d095eae1\PresentationFramework.ni.dll
+ 2012-04-11 21:12 . 2012-04-11 21:12 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7a2fecd8284d0c427d16ff278a1e574f\PresentationCore.ni.dll
+ 2012-04-12 05:21 . 2012-04-12 05:21 17379840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\3466442b4168ba11787961fcfd410adf\System.Windows.Forms.ni.dll
+ 2012-04-12 05:23 . 2012-04-12 05:23 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\79c8a2e836c01784bb8e3e2d0ed26850\System.Web.ni.dll
+ 2012-04-12 05:23 . 2012-04-12 05:23 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\552733f73f5483946cce9229b27bdcb2\System.Design.ni.dll
+ 2012-04-12 05:22 . 2012-04-12 05:22 19195392 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\b87e4cff3eb13680c55a5f4ee9786b56\PresentationFramework.ni.dll
+ 2012-04-12 05:20 . 2012-04-12 05:20 16540160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\1233412b58120995b639428b5e6d998e\PresentationCore.ni.dll
+ 2012-04-12 05:37 . 2012-04-12 05:37 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\d9a8c2b82b4370a5b0f537a65d867f49\ehshell.ni.dll
+ 2012-04-12 05:18 . 2012-04-12 05:18 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
+ 2012-04-12 05:19 . 2012-04-12 05:19 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
+ 2012-04-12 05:19 . 2012-04-12 05:19 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\846a51eb446bee41a26a6914a95e38cd\System.Design.ni.dll
+ 2012-04-12 05:18 . 2012-04-12 05:18 14339072 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43e23da6683962ea1168aaf007bbc35d\PresentationFramework.ni.dll
+ 2012-04-12 05:17 . 2012-04-12 05:17 12234752 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74d980e52c1791f1b8608d767a393144\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe" [2010-03-03 4581280]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2012-03-01 438272]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-04-10 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"NBAgent"="c:\program files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-09 1086760]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Philips Device Listener"="c:\program files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2011-03-03 380416]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 136176]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RapportKE64;RapportKE64;c:\windows\system32\Drivers\RapportKE64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-07 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-07 61712]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-01-13 103440]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-07 931640]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 18:30]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-21 18:30]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-02-11 1050072]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to iPod Converter - c:\users\HOME\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
Trusted Zone: ebay.co.uk\cgi5
Trusted Zone: ebay.co.uk\www
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}\MiscStatus\1]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2012-04-12 06:55:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-12 05:55
ComboFix2.txt 2012-04-11 05:06
.
Pre-Run: 26,718,978,048 bytes free
Post-Run: 26,202,128,384 bytes free
.
- - End Of File - - C91973A0B1E4EA704860931D8ABAC421


Kind Regards

Allan

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:26 AM

Posted 12 April 2012 - 01:18 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Java™ 6 Update 29
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 amedcalf

amedcalf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 12 April 2012 - 11:43 PM

Hi Gringo

I have I have removed the 2 programs you said using Revo.

I've installed the latest Java.

Used CCleaner

Malwarebytes log below -

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.12.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
HOME :: HOME-TOSH [administrator]

13/04/2012 05:28:16
mbam-log-2012-04-13 (05-28-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 275049
Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Hijack this log -

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 05:42:13, on 13/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111220192707.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe
O4 - HKCU\..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\HOME\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://cgi5.ebay.co.uk
O15 - Trusted Zone: http://www.ebay.co.uk
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13589 bytes


Computer seems to be running good at the moment and my firewall is still staying on.

Kind Regards

Allan

#12 amedcalf

amedcalf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 12 April 2012 - 11:43 PM

Hi Gringo

I have I have removed the 2 programs you said using Revo.

I've installed the latest Java.

Used CCleaner

Malwarebytes log below -

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.12.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
HOME :: HOME-TOSH [administrator]

13/04/2012 05:28:16
mbam-log-2012-04-13 (05-28-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 275049
Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Hijack this log -

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 05:42:13, on 13/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111220192707.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe
O4 - HKCU\..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\HOME\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://cgi5.ebay.co.uk
O15 - Trusted Zone: http://www.ebay.co.uk
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13589 bytes


Computer seems to be running good at the moment and my firewall is still staying on.

Kind Regards

Allan

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:26 AM

Posted 13 April 2012 - 03:07 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
      O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe
      O4 - HKCU\..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
      O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
      O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 amedcalf

amedcalf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 13 April 2012 - 02:04 PM

Hi Gringo

I used Hijackthis and removed the items you suggested.

I also ran ESAT which found nothing and no log was created.

Computer seems to be running good.

Kind Regards

Allan

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:26 AM

Posted 13 April 2012 - 05:01 PM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users