Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Happilli Google Redirect, Extreme Processor Lag


  • This topic is locked This topic is locked
29 replies to this topic

#1 HeartBroken

HeartBroken

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 04 April 2012 - 04:09 PM

Hiya! Our computer issues started yesterday morning, was reading the MMO Champion forums when suddenly the site closed and the computer shut itself off. Nothing too weird, annoying Windows Update most likely. Bit later the computer never successfully shut down and I had to Force it to do so. Even then it didn't, and I had to hold the power button. When it turned back on the lag, likely processor/ram, was terrible. I checked background programs to see if anything looked off, and the only thing that caught my eye was a svhost process that was way too big, 80k or so, that I shut off. It seemed to help the lagginess, but it was still noticable.

Bit later I tried opening up a folder or file off the desktop. Double click, hour glass, and instead of loading it just doesn't open. It doesn't lag, it doesn't hang, it just loads like it should, but end result is nothing opens. After awhile I thought this was related to a buggy or rushed Windows Update as the computer did shut down in a similar fashion, as well I saw the orange exclamation point next to Shut Down that told me an update needed installing. Attempted to let it do so, but again it hung up on shut down and again I had to hold the power button.

This went on for all yesterday with relatively little change. I did many system restores, each time a little bit further back, I even got the Windows update Malware detector installed which found a trogan/virus that it partially deleted. At that time the PC seemed to speed along like normal and I was even able to use Internet Explorer after hours of trying. I went to google to see if the microsoft website version of Windows Update or Defender would be faster to download than waiting hours for the current version to work (as I was hoping an update would fix whatever went wrong the first time). It was then I noted the links I clicked loaded up to phishing or obviously doctored sites. After four in a row I tried googling "lol" and going to wikipedia which sent me to happilli or whatever the spelling is. Then I knew it was a virus and not an glitchy update.

And now I'm here!

----

I ran Defogger though I don't think we have any emulation stuff at all. It said Finished! but did not prompt me to reset the pc for it to take effect. I'll wait to enable as directed.

DDS has a loading bar made of X's that I didn't know was a loading bar, so about 5-10% in I pressed enter as I didn't see a "ok" or "start" text option. Shortly after the bar jumped forward so I hope I didn't mess with anything. Note, I ran this while offline as going online seemed to make the PC worse, but to be honest, after five minutes nothing really reaspons anyway so it could be a mix of both or a wash.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by user at 13:32:40 on 2012-04-04
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2700 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\atibtmon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
-netsvcs
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Users\user\Documents\RCA Detective\RCADetective.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\sppsvc.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Windows\System32\svchost.exe -k secsvcs
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\WerFault.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27360110b205l0374z1k5t4722a20p
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27360110b205l0374z1k5t4722a20p
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27360110b205l0374z1k5t4722a20p
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\PROGRA~2\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110921134626.dll
BHO: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - C:\PROGRA~2\WIA6EB~1\ToolBar\SearchquDx.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - C:\PROGRA~2\WIA6EB~1\ToolBar\SearchquDx.dll
uRun: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
uRun: [Easy Dock]
uRun: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [Easy Dock]
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RCADET~1.LNK - C:\Users\user\Documents\RCA Detective\RCADetective.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{628F5436-45B1-426D-81CE-C6C96C13A0AC} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{84F41A5E-3340-42FC-9F03-D7162E0F4E6A} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{84F41A5E-3340-42FC-9F03-D7162E0F4E6A}\2375942554137353 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{84F41A5E-3340-42FC-9F03-D7162E0F4E6A}\2656C6B696E6E253934383 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{84F41A5E-3340-42FC-9F03-D7162E0F4E6A}\2656C6B696E6E2664336 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{84F41A5E-3340-42FC-9F03-D7162E0F4E6A}\46F627375697 : DhcpNameServer = 192.168.1.1 68.87.72.134 68.87.77.134
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110921134626.dll
BHO-X64: scriptproxy - No File
BHO-X64: Searchqu Toolbar: {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~2\WIA6EB~1\ToolBar\SearchquDx.dll
BHO-X64: Searchqu Toolbar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Searchqu Toolbar: {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~2\WIA6EB~1\ToolBar\SearchquDx.dll
mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [Easy Dock]
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2009-8-27 107016]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-8-27 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2012-2-28 103440]
R2 McMPFSvc;McAfee Personal Firewall;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-19 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-19 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-9-19 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-9-19 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-9-19 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-6 311592]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-27 240160]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-04 16:40:20 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{01292933-439C-45D4-9156-1E4BDCFD0FCF}\mpengine.dll
2012-04-04 09:47:24 20480 ----a-w- C:\Windows\svchost.exe
2012-04-04 04:54:52 -------- d-----w- C:\Users\user\AppData\Local\ElevatedDiagnostics
2012-04-03 18:11:58 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\1102.tmp
2012-04-03 18:11:58 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\1101.tmp
2012-03-30 18:41:15 -------- d--h--w- C:\Windows\AxInstSV
2012-03-14 02:46:12 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 02:46:07 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-14 02:46:05 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-14 02:46:05 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-03-14 02:46:05 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 02:46:05 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 02:46:04 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-14 02:46:04 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-14 02:46:04 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-14 02:46:04 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-14 02:46:04 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-14 02:45:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 02:45:59 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 02:45:59 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 02:44:18 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 02:44:17 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 02:44:17 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 02:44:17 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-02-23 15:18:36 279656 ----a-w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 13:41:14.30 ===============


Pretty sure we don't have a 32bit system so I did not run GMER as the Preparation Guide suggested. Also, after awhile of not responding once getting online we are treated to a black screen we must, again, hold power button to turn off to get out of.

Thank you for the help, very much appreciated!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:17 AM

Posted 05 April 2012 - 01:52 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 HeartBroken

HeartBroken
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 05 April 2012 - 11:20 PM

Hey there, Gringo! Many thanks for the response! Unfortunately I've ran into a problem:

Did everything you said, shut down all the background firewalls, etc., and ran Combo. Green bar appeared, filled, menu went away. Beeps went off, and I got a message than Mcaffe was still running. I already closed it twice and even shut down the process with ctl+alt+delete, so I was at a loss. Did the task manager again, looked under the other tab for things running and sure enough, found four more Mc Affe related. I went and tried to End Process, no go. Did a google: http://www.ehow.com/how_5158488_remove-mcshieldexe.html

Using that method I can close all but two, mcshield.exe gives me a denied error (in use), while the other one doesn't give me an error (mfevtps.exe) but does not shut down.

I attempted to close Combo instead of hitting OK to avoid anything nasty, but it beeped at me again and now it's saying:

Warning !!
antivirus: McAfee Anti-Virus and Anti-Spyware
antispyware_ McAfee Anti-Virus and Anti-Spyware

The above real time scanner(s) are still active but ComboFix shall continue to run. Kindly note that this is at your own risk.

:/

If I hit OK it might get nasty, and if I close it with the red X in the corner it'll continue anyway and get nasty. I am currently letting the laptop run and I'll put a sign "do not touch" till I get some advice on this pickle. Thank you for the help so far, can't wait to hear back from you ^_^

-Edit-

Almost forgot! Well, I guess I did forget because I'm editing this post XD Anyway, Just before running Combo I saw yet again that there was an update needing to get installed on the Shut Down button. Since I figured Combo would wipe out whatever that might cause (and it happened earlier as I posted already) I decided to give the laptop another shot at fixing itself. It *actually* shut down this time, but did not turn back on so I helped it out. When it loaded up I saw that Microsoft Malware whatever thing say it was successfully installed (again) but I was able to write down what it caught this time: "Trojan:DOS/Alureon.a Partially Removed". Since it got caught twice and the pc is likely still affected I ran Combo shortly after.

Edited by HeartBroken, 05 April 2012 - 11:26 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:17 AM

Posted 05 April 2012 - 11:23 PM

go ahead and let it run


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 HeartBroken

HeartBroken
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 06 April 2012 - 01:17 AM

Hey Gringo!

Ran Combo as instructed. Didn't take too long, longer than 10 minutes as it said, but nothing
terrible. Sadly, it didn't seem to fix the problem as I have to send this from Safe Mode.
Tried normally but as soon as I connect to the net, pages drag then just don't load at all.
(The green bar that should appear than poof to full baaaarely stretches across the screen.) I
attempted to check the processor lag with the ctrl alt del graph thing, but that never popped
up and eventually the screen went to black with a error:

"Failure to display security and shut down options
The logon process was unable to display security and logon options when ctrl alt del was
paused. If the operating system does not respond, press Esc or testart the computer by using
the power switch."

Also, when I did load up the net it told me that IE was not currently the default browser (it's
the only one we got) so I went and told it to make it that.

--------------------

ComboFix 12-04-05.09 - user 04/05/2012 23:32:43.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2554 [GMT -5:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\user\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\windows\svchost.exe
c:\windows\system32\drivers\etc\lmhosts
.
.
((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 04:51 . 2012-04-06 04:51 -------- d-----w- c:\users\Guest.user-PC\AppData\Local\temp
2012-04-06 04:51 . 2012-04-06 04:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 01:29 . 2012-03-20 08:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{91C1B87D-950A-49A1-A61F-5AA16169FF5B}\mpengine.dll
2012-04-04 04:54 . 2012-04-04 06:15 -------- d-----w- c:\users\user\AppData\Local\ElevatedDiagnostics
2012-04-03 18:11 . 2012-04-03 18:11 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\1102.tmp
2012-04-03 18:11 . 2012-04-03 18:11 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\1101.tmp
2012-04-03 07:04 . 2012-04-03 07:04 -------- d-----w- c:\users\Guest.user-PC\AppData\Roaming\Apple Computer
2012-03-30 18:41 . 2012-03-30 18:41 -------- d--h--w- c:\windows\AxInstSV
2012-03-14 02:46 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 02:46 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-14 02:46 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 02:46 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 02:46 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 02:46 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-14 02:46 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 02:46 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 02:46 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 02:46 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-14 02:46 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-14 02:45 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 02:45 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 02:45 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 02:44 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 02:44 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 02:44 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 02:44 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 14:18 . 2011-10-05 00:47 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1486392]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RCA Detective.lnk - c:\users\user\Documents\RCA Detective\RCADetective.exe [2010-2-2 942592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2011-6-30 2588784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 cfwids98;McAfee Inc.;Device\cfwids98.sys [x]
R3 cfwids99;McAfee Inc.;Device\cfwids99.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2009-08-24 107016]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2012-01-13 103440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-06 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-02-18 22:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-06 7940128]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27360110b205l0374z1k5t4722a20p
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Easy Dock - (no file)
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\user\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKLM-Run-Easy Dock - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-RCA easyRip_is1 - c:\users\user\Documents\RCA easyRip\unins001.exe
AddRemove-RCA easyRip™_is1 - c:\users\user\Documents\RCA easyRip\unins000.exe
AddRemove-RCA Updater_is1 - c:\users\user\Documents\RCA Updater\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-448985409-2584287539-1750592253-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-448985409-2584287539-1750592253-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atibtmon.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
.
**************************************************************************
.
Completion time: 2012-04-06 00:08:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-06 05:08
.
Pre-Run: 30,176,993,280 bytes free
Post-Run: 33,349,197,824 bytes free
.
- - End Of File - - CFEAFDF717C985381DDBA1429DE90DB6


Also, I edited my last post but I'll retype it here, before I ran Combo the Windows Malware
thing told me the name of the virus it partially deleted and I was able to write it down this
time! Trojan: DOS/Alureon.a Saw a few other posts about that, just wanted to share what I knew
so far.

As far as the Happilli redirection goes, I cannot see if I get redirected on google outside of
Safe Mode as the sites lag way to much to get many if *any* results off google in the first place.

-Edit- Pardon the 'jagged' text reply. Had to type it into Notepad and attempt to 'snipe' a post before the net got unresponsive again.

Edited by HeartBroken, 06 April 2012 - 01:20 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:17 AM

Posted 06 April 2012 - 02:29 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 HeartBroken

HeartBroken
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 06 April 2012 - 02:58 PM

Hey Gringo! The tdskiller one worked just fine. The second one gave me a blue screen crash 'to prevent damage to my computer' right after it started (was able to download the updates first luckily) and as nothing looked worse for wear I ran it a second time. It scanned quite a bit of files but then gave me a second crash. Again to 'prevent harm'. Should I run it again as I don't think it was able to finish, those crashes just the virus lashin' out at getting caught?

---------------

14:18:42.0184 1888 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
14:18:42.0277 1888 ============================================================
14:18:42.0277 1888 Current date / time: 2012/04/06 14:18:42.0277
14:18:42.0277 1888 SystemInfo:
14:18:42.0277 1888
14:18:42.0277 1888 OS Version: 6.1.7600 ServicePack: 0.0
14:18:42.0277 1888 Product type: Workstation
14:18:42.0277 1888 ComputerName: USER-PC
14:18:42.0277 1888 UserName: user
14:18:42.0277 1888 Windows directory: C:\Windows
14:18:42.0277 1888 System windows directory: C:\Windows
14:18:42.0277 1888 Running under WOW64
14:18:42.0277 1888 Processor architecture: Intel x64
14:18:42.0277 1888 Number of processors: 2
14:18:42.0277 1888 Page size: 0x1000
14:18:42.0277 1888 Boot type: Normal boot
14:18:42.0277 1888 ============================================================
14:18:43.0666 1888 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:18:43.0681 1888 \Device\Harddisk0\DR0:
14:18:43.0681 1888 MBR used
14:18:43.0681 1888 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
14:18:43.0681 1888 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x1B990244
14:18:43.0712 1888 Initialize success
14:18:43.0712 1888 ============================================================
14:18:59.0515 4744 ============================================================
14:18:59.0515 4744 Scan started
14:18:59.0515 4744 Mode: Manual;
14:18:59.0515 4744 ============================================================
14:19:01.0996 4744 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
14:19:01.0996 4744 1394ohci - ok
14:19:02.0261 4744 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
14:19:02.0261 4744 ACPI - ok
14:19:02.0495 4744 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
14:19:02.0495 4744 AcpiPmi - ok
14:19:02.0620 4744 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:19:02.0620 4744 AdobeARMservice - ok
14:19:02.0744 4744 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:19:02.0760 4744 adp94xx - ok
14:19:02.0885 4744 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:19:02.0885 4744 adpahci - ok
14:19:03.0041 4744 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:19:03.0041 4744 adpu320 - ok
14:19:03.0181 4744 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:19:03.0181 4744 AeLookupSvc - ok
14:19:03.0322 4744 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
14:19:03.0337 4744 AFD - ok
14:19:03.0556 4744 AffinegyService (7f1130830b3ba85921519a5616e29803) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
14:19:03.0571 4744 AffinegyService - ok
14:19:03.0680 4744 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
14:19:03.0680 4744 agp440 - ok
14:19:03.0790 4744 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:19:03.0790 4744 ALG - ok
14:19:03.0899 4744 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
14:19:03.0899 4744 aliide - ok
14:19:04.0024 4744 AMD External Events Utility (bcc32bf5ebb5dfd4380fa053d3651949) C:\Windows\system32\atiesrxx.exe
14:19:04.0039 4744 AMD External Events Utility - ok
14:19:04.0133 4744 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
14:19:04.0133 4744 amdide - ok
14:19:04.0258 4744 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:19:04.0258 4744 AmdK8 - ok
14:19:04.0351 4744 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:19:04.0351 4744 AmdPPM - ok
14:19:04.0476 4744 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
14:19:04.0476 4744 amdsata - ok
14:19:04.0585 4744 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:19:04.0585 4744 amdsbs - ok
14:19:04.0694 4744 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
14:19:04.0694 4744 amdxata - ok
14:19:04.0788 4744 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
14:19:04.0788 4744 AppID - ok
14:19:04.0913 4744 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:19:04.0913 4744 AppIDSvc - ok
14:19:05.0038 4744 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
14:19:05.0038 4744 Appinfo - ok
14:19:05.0162 4744 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:19:05.0178 4744 arc - ok
14:19:05.0287 4744 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:19:05.0287 4744 arcsas - ok
14:19:05.0396 4744 aspnet_state - ok
14:19:05.0537 4744 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:19:05.0552 4744 AsyncMac - ok
14:19:05.0630 4744 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
14:19:05.0630 4744 atapi - ok
14:19:05.0786 4744 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
14:19:05.0818 4744 athr - ok
14:19:06.0098 4744 atikmdag (a29087680a1c3b049e3c05438e8ff2b8) C:\Windows\system32\DRIVERS\atikmdag.sys
14:19:06.0254 4744 atikmdag - ok
14:19:06.0395 4744 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
14:19:06.0395 4744 AtiPcie - ok
14:19:06.0520 4744 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
14:19:06.0535 4744 AudioEndpointBuilder - ok
14:19:06.0551 4744 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
14:19:06.0551 4744 AudioSrv - ok
14:19:06.0660 4744 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
14:19:06.0660 4744 AxInstSV - ok
14:19:06.0847 4744 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:19:06.0847 4744 b06bdrv - ok
14:19:06.0972 4744 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:19:06.0972 4744 b57nd60a - ok
14:19:07.0097 4744 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:19:07.0097 4744 BDESVC - ok
14:19:07.0206 4744 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:19:07.0206 4744 Beep - ok
14:19:07.0346 4744 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
14:19:07.0362 4744 BFE - ok
14:19:07.0487 4744 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
14:19:07.0502 4744 BITS - ok
14:19:07.0612 4744 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:19:07.0612 4744 blbdrive - ok
14:19:07.0721 4744 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
14:19:07.0721 4744 bowser - ok
14:19:07.0814 4744 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:19:07.0814 4744 BrFiltLo - ok
14:19:07.0908 4744 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:19:07.0908 4744 BrFiltUp - ok
14:19:08.0064 4744 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:19:08.0080 4744 BridgeMP - ok
14:19:08.0173 4744 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
14:19:08.0173 4744 Browser - ok
14:19:08.0298 4744 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:19:08.0298 4744 Brserid - ok
14:19:08.0407 4744 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:19:08.0407 4744 BrSerWdm - ok
14:19:08.0516 4744 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:19:08.0532 4744 BrUsbMdm - ok
14:19:08.0657 4744 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:19:08.0657 4744 BrUsbSer - ok
14:19:08.0750 4744 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:19:08.0750 4744 BTHMODEM - ok
14:19:08.0844 4744 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:19:08.0844 4744 bthserv - ok
14:19:08.0875 4744 catchme - ok
14:19:08.0984 4744 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:19:09.0000 4744 cdfs - ok
14:19:09.0125 4744 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
14:19:09.0140 4744 cdrom - ok
14:19:09.0234 4744 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
14:19:09.0250 4744 CertPropSvc - ok
14:19:09.0374 4744 cfwids (676535b3156fecf7133cf80b4d2f6cf7) C:\Windows\system32\drivers\cfwids.sys
14:19:09.0374 4744 cfwids - ok
14:19:09.0406 4744 cfwids98 - ok
14:19:09.0437 4744 cfwids99 - ok
14:19:09.0546 4744 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:19:09.0562 4744 circlass - ok
14:19:09.0655 4744 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:19:09.0655 4744 CLFS - ok
14:19:09.0764 4744 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:19:09.0780 4744 clr_optimization_v2.0.50727_32 - ok
14:19:09.0874 4744 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:19:09.0889 4744 clr_optimization_v2.0.50727_64 - ok
14:19:09.0998 4744 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:19:09.0998 4744 CmBatt - ok
14:19:10.0092 4744 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
14:19:10.0092 4744 cmdide - ok
14:19:10.0217 4744 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
14:19:10.0232 4744 CNG - ok
14:19:10.0357 4744 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:19:10.0357 4744 Compbatt - ok
14:19:10.0451 4744 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:19:10.0451 4744 CompositeBus - ok
14:19:10.0544 4744 COMSysApp - ok
14:19:10.0576 4744 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:19:10.0591 4744 crcdisk - ok
14:19:10.0685 4744 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
14:19:10.0700 4744 CryptSvc - ok
14:19:10.0825 4744 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
14:19:10.0841 4744 dc3d - ok
14:19:10.0966 4744 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
14:19:10.0966 4744 DcomLaunch - ok
14:19:11.0090 4744 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:19:11.0090 4744 defragsvc - ok
14:19:11.0215 4744 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
14:19:11.0215 4744 DfsC - ok
14:19:11.0340 4744 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
14:19:11.0340 4744 Dhcp - ok
14:19:11.0449 4744 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:19:11.0449 4744 discache - ok
14:19:11.0590 4744 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:19:11.0590 4744 Disk - ok
14:19:11.0714 4744 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys
14:19:11.0714 4744 DKbFltr - ok
14:19:11.0824 4744 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
14:19:11.0839 4744 Dnscache - ok
14:19:11.0933 4744 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
14:19:11.0933 4744 dot3svc - ok
14:19:12.0058 4744 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
14:19:12.0058 4744 DPS - ok
14:19:12.0151 4744 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:19:12.0151 4744 drmkaud - ok
14:19:12.0276 4744 DsiWMIService (edf7343acaab182c082f26ea97706e83) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
14:19:12.0276 4744 DsiWMIService - ok
14:19:12.0401 4744 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
14:19:12.0416 4744 DXGKrnl - ok
14:19:12.0541 4744 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:19:12.0541 4744 EapHost - ok
14:19:12.0728 4744 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:19:12.0838 4744 ebdrv - ok
14:19:12.0947 4744 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
14:19:12.0947 4744 EFS - ok
14:19:13.0228 4744 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
14:19:13.0243 4744 ehRecvr - ok
14:19:13.0321 4744 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:19:13.0321 4744 ehSched - ok
14:19:13.0446 4744 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:19:13.0462 4744 elxstor - ok
14:19:13.0555 4744 ePowerSvc (7c35c6865957289d9efe6cc73f4ab2e1) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
14:19:13.0571 4744 ePowerSvc - ok
14:19:13.0680 4744 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
14:19:13.0680 4744 ErrDev - ok
14:19:13.0820 4744 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:19:13.0836 4744 EventSystem - ok
14:19:13.0930 4744 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:19:13.0945 4744 exfat - ok
14:19:14.0039 4744 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:19:14.0039 4744 fastfat - ok
14:19:14.0164 4744 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
14:19:14.0179 4744 Fax - ok
14:19:14.0273 4744 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:19:14.0273 4744 fdc - ok
14:19:14.0366 4744 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:19:14.0366 4744 fdPHost - ok
14:19:14.0476 4744 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:19:14.0476 4744 FDResPub - ok
14:19:14.0569 4744 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:19:14.0585 4744 FileInfo - ok
14:19:14.0678 4744 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:19:14.0694 4744 Filetrace - ok
14:19:14.0803 4744 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:19:14.0819 4744 FLEXnet Licensing Service - ok
14:19:14.0928 4744 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:19:14.0928 4744 flpydisk - ok
14:19:15.0037 4744 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
14:19:15.0037 4744 FltMgr - ok
14:19:15.0178 4744 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
14:19:15.0193 4744 FontCache - ok
14:19:15.0287 4744 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:19:15.0287 4744 FontCache3.0.0.0 - ok
14:19:15.0349 4744 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:19:15.0349 4744 FsDepends - ok
14:19:15.0458 4744 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:19:15.0458 4744 Fs_Rec - ok
14:19:15.0583 4744 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:19:15.0583 4744 fvevol - ok
14:19:15.0708 4744 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:19:15.0708 4744 gagp30kx - ok
14:19:15.0848 4744 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:19:15.0848 4744 GamesAppService - ok
14:19:15.0958 4744 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
14:19:15.0973 4744 gpsvc - ok
14:19:16.0067 4744 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
14:19:16.0082 4744 Greg_Service - ok
14:19:16.0176 4744 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:19:16.0176 4744 hcw85cir - ok
14:19:16.0301 4744 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
14:19:16.0301 4744 HdAudAddService - ok
14:19:16.0410 4744 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:19:16.0410 4744 HDAudBus - ok
14:19:16.0504 4744 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:19:16.0519 4744 HidBatt - ok
14:19:16.0613 4744 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:19:16.0613 4744 HidBth - ok
14:19:16.0738 4744 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:19:16.0738 4744 HidIr - ok
14:19:16.0816 4744 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:19:16.0831 4744 hidserv - ok
14:19:16.0940 4744 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
14:19:16.0940 4744 HidUsb - ok
14:19:17.0034 4744 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
14:19:17.0034 4744 hkmsvc - ok
14:19:17.0143 4744 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
14:19:17.0143 4744 HomeGroupListener - ok
14:19:17.0237 4744 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
14:19:17.0252 4744 HomeGroupProvider - ok
14:19:17.0362 4744 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
14:19:17.0362 4744 HpSAMD - ok
14:19:17.0486 4744 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
14:19:17.0502 4744 HTTP - ok
14:19:17.0596 4744 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
14:19:17.0596 4744 hwpolicy - ok
14:19:17.0720 4744 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:19:17.0720 4744 i8042prt - ok
14:19:17.0845 4744 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
14:19:17.0845 4744 iaStorV - ok
14:19:17.0970 4744 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:19:17.0986 4744 idsvc - ok
14:19:18.0095 4744 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:19:18.0095 4744 iirsp - ok
14:19:18.0204 4744 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
14:19:18.0220 4744 IKEEXT - ok
14:19:18.0391 4744 IntcAzAudAddService (d8bce8176cb1084c6f5830c019d47166) C:\Windows\system32\drivers\RTKVHD64.sys
14:19:18.0407 4744 IntcAzAudAddService - ok
14:19:18.0516 4744 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
14:19:18.0532 4744 intelide - ok
14:19:18.0641 4744 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:19:18.0641 4744 intelppm - ok
14:19:18.0750 4744 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:19:18.0750 4744 IPBusEnum - ok
14:19:18.0875 4744 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:19:18.0875 4744 IpFilterDriver - ok
14:19:18.0968 4744 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
14:19:18.0984 4744 iphlpsvc - ok
14:19:19.0078 4744 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:19:19.0078 4744 IPMIDRV - ok
14:19:19.0202 4744 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:19:19.0218 4744 IPNAT - ok
14:19:19.0327 4744 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:19:19.0327 4744 IRENUM - ok
14:19:19.0436 4744 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
14:19:19.0436 4744 isapnp - ok
14:19:19.0546 4744 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
14:19:19.0546 4744 iScsiPrt - ok
14:19:19.0670 4744 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:19:19.0670 4744 kbdclass - ok
14:19:19.0780 4744 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
14:19:19.0780 4744 kbdhid - ok
14:19:19.0889 4744 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:19:19.0904 4744 KeyIso - ok
14:19:20.0014 4744 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
14:19:20.0014 4744 KSecDD - ok
14:19:20.0138 4744 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
14:19:20.0138 4744 KSecPkg - ok
14:19:20.0263 4744 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:19:20.0263 4744 ksthunk - ok
14:19:20.0357 4744 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:19:20.0372 4744 KtmRm - ok
14:19:20.0528 4744 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
14:19:20.0528 4744 LanmanServer - ok
14:19:20.0638 4744 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
14:19:20.0638 4744 LanmanWorkstation - ok
14:19:20.0778 4744 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:19:20.0778 4744 lltdio - ok
14:19:20.0887 4744 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:19:20.0887 4744 lltdsvc - ok
14:19:20.0981 4744 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:19:20.0996 4744 lmhosts - ok
14:19:21.0121 4744 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:19:21.0121 4744 LSI_FC - ok
14:19:21.0230 4744 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:19:21.0230 4744 LSI_SAS - ok
14:19:21.0511 4744 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:19:21.0511 4744 LSI_SAS2 - ok
14:19:21.0667 4744 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:19:21.0683 4744 LSI_SCSI - ok
14:19:21.0870 4744 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:19:21.0870 4744 luafv - ok
14:19:22.0104 4744 LVPr2M64 - ok
14:19:22.0369 4744 LVUVC64 - ok
14:19:23.0336 4744 McAfee SiteAdvisor Service (be8c524313db75fa26fb2b0c0aaff88e) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
14:19:23.0336 4744 McAfee SiteAdvisor Service - ok
14:19:23.0461 4744 McMPFSvc (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:19:23.0461 4744 McMPFSvc - ok
14:19:23.0586 4744 mcmscsvc (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:19:23.0586 4744 mcmscsvc - ok
14:19:23.0648 4744 McNaiAnn (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:19:23.0648 4744 McNaiAnn - ok
14:19:23.0711 4744 McNASvc (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:19:23.0711 4744 McNASvc - ok
14:19:23.0789 4744 McODS (07b89e7de2f7971cf7eef0262207c4de) C:\Program Files\McAfee\VirusScan\mcods.exe
14:19:23.0804 4744 McODS - ok
14:19:24.0179 4744 McProxy (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:19:24.0179 4744 McProxy - ok
14:19:24.0382 4744 McShield (87cc32f90123313a3febe6a71fc62dad) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
14:19:24.0397 4744 McShield - ok
14:19:24.0522 4744 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
14:19:24.0538 4744 Mcx2Svc - ok
14:19:24.0662 4744 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:19:24.0662 4744 megasas - ok
14:19:24.0943 4744 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:19:24.0959 4744 MegaSR - ok
14:19:25.0162 4744 mfeapfk (31338e489314ae2a29534fbaa7ad2f1b) C:\Windows\system32\drivers\mfeapfk.sys
14:19:25.0162 4744 mfeapfk - ok
14:19:25.0349 4744 mfeavfk (5822e70233218bcf22a65fcea74d012d) C:\Windows\system32\drivers\mfeavfk.sys
14:19:25.0364 4744 mfeavfk - ok
14:19:25.0505 4744 mfeavfk01 - ok
14:19:25.0598 4744 mfefire (ad2b622b46b78f212eb82330073b79e0) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
14:19:25.0598 4744 mfefire - ok
14:19:25.0723 4744 mfefirek (5a24e7c834576313d8c5eaf0825da844) C:\Windows\system32\drivers\mfefirek.sys
14:19:25.0739 4744 mfefirek - ok
14:19:26.0113 4744 mfehidk (a2607740bb18d631da01e01dcb81843b) C:\Windows\system32\drivers\mfehidk.sys
14:19:26.0113 4744 mfehidk - ok
14:19:26.0472 4744 mfenlfk (50c3a9d7465d385061c0601deefb5a8e) C:\Windows\system32\DRIVERS\mfenlfk.sys
14:19:26.0472 4744 mfenlfk - ok
14:19:26.0768 4744 mferkdet (edf5ee799a0b3ed6dce8bb16a51f3d1f) C:\Windows\system32\drivers\mferkdet.sys
14:19:26.0768 4744 mferkdet - ok
14:19:26.0987 4744 mfevtp (39e1dfb1700294e6c829465bd39e58b2) C:\Windows\system32\mfevtps.exe
14:19:27.0002 4744 mfevtp - ok
14:19:27.0174 4744 mfewfpk (9182faf9addd5ea6308d155ceb502c6f) C:\Windows\system32\drivers\mfewfpk.sys
14:19:27.0190 4744 mfewfpk - ok
14:19:27.0408 4744 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:19:27.0408 4744 MMCSS - ok
14:19:27.0626 4744 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:19:27.0626 4744 Modem - ok
14:19:27.0985 4744 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:19:27.0985 4744 monitor - ok
14:19:28.0344 4744 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:19:28.0360 4744 mouclass - ok
14:19:28.0687 4744 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:19:28.0687 4744 mouhid - ok
14:19:28.0890 4744 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
14:19:28.0890 4744 mountmgr - ok
14:19:29.0249 4744 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
14:19:29.0249 4744 mpio - ok
14:19:29.0483 4744 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:19:29.0483 4744 mpsdrv - ok
14:19:29.0670 4744 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
14:19:29.0686 4744 MpsSvc - ok
14:19:29.0920 4744 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
14:19:29.0935 4744 MRxDAV - ok
14:19:30.0154 4744 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:19:30.0169 4744 mrxsmb - ok
14:19:30.0512 4744 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:19:30.0528 4744 mrxsmb10 - ok
14:19:30.0762 4744 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:19:30.0762 4744 mrxsmb20 - ok
14:19:30.0918 4744 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
14:19:30.0918 4744 msahci - ok
14:19:31.0152 4744 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
14:19:31.0152 4744 msdsm - ok
14:19:31.0511 4744 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:19:31.0511 4744 MSDTC - ok
14:19:31.0698 4744 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:19:31.0698 4744 Msfs - ok
14:19:32.0104 4744 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:19:32.0104 4744 mshidkmdf - ok
14:19:32.0338 4744 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
14:19:32.0338 4744 msisadrv - ok
14:19:32.0587 4744 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:19:32.0587 4744 MSiSCSI - ok
14:19:32.0681 4744 msiserver - ok
14:19:32.0915 4744 MSK80Service (458a013df72eaab91877fa03533e2c8b) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:19:32.0915 4744 MSK80Service - ok
14:19:33.0196 4744 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:19:33.0196 4744 MSKSSRV - ok
14:19:33.0554 4744 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:19:33.0554 4744 MSPCLOCK - ok
14:19:33.0820 4744 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:19:33.0820 4744 MSPQM - ok
14:19:33.0991 4744 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
14:19:33.0991 4744 MsRPC - ok
14:19:34.0116 4744 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:19:34.0116 4744 mssmbios - ok
14:19:34.0615 4744 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:19:34.0615 4744 MSTEE - ok
14:19:34.0756 4744 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:19:34.0756 4744 MTConfig - ok
14:19:34.0943 4744 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:19:34.0958 4744 Mup - ok
14:19:35.0146 4744 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
14:19:35.0146 4744 mwlPSDFilter - ok
14:19:35.0364 4744 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
14:19:35.0364 4744 mwlPSDNServ - ok
14:19:35.0567 4744 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
14:19:35.0567 4744 mwlPSDVDisk - ok
14:19:35.0785 4744 MWLService (0f5faac852db4c340b7a2f187e3358b8) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
14:19:35.0785 4744 MWLService - ok
14:19:35.0941 4744 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
14:19:35.0957 4744 napagent - ok
14:19:36.0191 4744 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:19:36.0206 4744 NativeWifiP - ok
14:19:36.0394 4744 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
14:19:36.0409 4744 NDIS - ok
14:19:36.0550 4744 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:19:36.0565 4744 NdisCap - ok
14:19:36.0784 4744 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:19:36.0784 4744 NdisTapi - ok
14:19:36.0971 4744 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
14:19:36.0971 4744 Ndisuio - ok
14:19:37.0158 4744 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:19:37.0158 4744 NdisWan - ok
14:19:37.0345 4744 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
14:19:37.0345 4744 NDProxy - ok
14:19:37.0595 4744 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:19:37.0595 4744 NetBIOS - ok
14:19:37.0829 4744 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
14:19:37.0844 4744 NetBT - ok
14:19:38.0110 4744 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:19:38.0110 4744 Netlogon - ok
14:19:38.0297 4744 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:19:38.0312 4744 Netman - ok
14:19:38.0515 4744 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:19:38.0531 4744 netprofm - ok
14:19:38.0656 4744 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:19:38.0656 4744 NetTcpPortSharing - ok
14:19:38.0765 4744 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:19:38.0765 4744 nfrd960 - ok
14:19:39.0030 4744 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
14:19:39.0046 4744 NlaSvc - ok
14:19:39.0217 4744 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:19:39.0217 4744 Npfs - ok
14:19:39.0342 4744 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:19:39.0342 4744 nsi - ok
14:19:39.0514 4744 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:19:39.0514 4744 nsiproxy - ok
14:19:39.0888 4744 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
14:19:39.0950 4744 Ntfs - ok
14:19:40.0122 4744 NTIBackupSvc (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
14:19:40.0122 4744 NTIBackupSvc - ok
14:19:40.0309 4744 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
14:19:40.0309 4744 NTIDrvr - ok
14:19:40.0481 4744 NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
14:19:40.0512 4744 NTISchedulerSvc - ok
14:19:40.0668 4744 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:19:40.0668 4744 Null - ok
14:19:40.0886 4744 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
14:19:40.0886 4744 nvraid - ok
14:19:41.0120 4744 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
14:19:41.0120 4744 nvstor - ok
14:19:41.0354 4744 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
14:19:41.0354 4744 nv_agp - ok
14:19:41.0542 4744 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:19:41.0573 4744 odserv - ok
14:19:41.0729 4744 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
14:19:41.0729 4744 ohci1394 - ok
14:19:41.0947 4744 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:19:41.0994 4744 ose - ok
14:19:42.0181 4744 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:19:42.0181 4744 p2pimsvc - ok
14:19:42.0337 4744 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:19:42.0353 4744 p2psvc - ok
14:19:42.0524 4744 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:19:42.0524 4744 Parport - ok
14:19:42.0758 4744 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
14:19:42.0758 4744 partmgr - ok
14:19:42.0868 4744 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:19:42.0868 4744 PcaSvc - ok
14:19:43.0039 4744 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
14:19:43.0055 4744 pci - ok
14:19:43.0180 4744 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
14:19:43.0180 4744 pciide - ok
14:19:43.0336 4744 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:19:43.0336 4744 pcmcia - ok
14:19:43.0616 4744 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:19:43.0616 4744 pcw - ok
14:19:43.0788 4744 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:19:43.0804 4744 PEAUTH - ok
14:19:44.0006 4744 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:19:44.0272 4744 PerfHost - ok
14:19:44.0662 4744 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
14:19:44.0693 4744 pla - ok
14:19:44.0880 4744 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
14:19:44.0880 4744 PlugPlay - ok
14:19:45.0130 4744 PnkBstrA - ok
14:19:45.0192 4744 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:19:45.0208 4744 PNRPAutoReg - ok
14:19:45.0442 4744 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:19:45.0457 4744 PNRPsvc - ok
14:19:45.0707 4744 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
14:19:45.0707 4744 Point64 - ok
14:19:45.0956 4744 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
14:19:45.0956 4744 PolicyAgent - ok
14:19:46.0175 4744 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:19:46.0175 4744 Power - ok
14:19:46.0393 4744 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
14:19:46.0393 4744 PptpMiniport - ok
14:19:46.0643 4744 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:19:46.0643 4744 Processor - ok
14:19:46.0799 4744 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
14:19:46.0799 4744 ProfSvc - ok
14:19:46.0939 4744 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:19:46.0939 4744 ProtectedStorage - ok
14:19:47.0126 4744 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
14:19:47.0142 4744 Psched - ok
14:19:47.0470 4744 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:19:47.0485 4744 ql2300 - ok
14:19:47.0610 4744 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:19:47.0610 4744 ql40xx - ok
14:19:47.0735 4744 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:19:47.0750 4744 QWAVE - ok
14:19:47.0875 4744 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:19:47.0875 4744 QWAVEdrv - ok
14:19:48.0000 4744 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:19:48.0016 4744 RasAcd - ok
14:19:48.0140 4744 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:19:48.0140 4744 RasAgileVpn - ok
14:19:48.0328 4744 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:19:48.0343 4744 RasAuto - ok
14:19:48.0593 4744 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:19:48.0593 4744 Rasl2tp - ok
14:19:48.0796 4744 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
14:19:48.0811 4744 RasMan - ok
14:19:48.0998 4744 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:19:48.0998 4744 RasPppoe - ok
14:19:49.0139 4744 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:19:49.0139 4744 RasSstp - ok
14:19:49.0264 4744 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
14:19:49.0264 4744 rdbss - ok
14:19:49.0388 4744 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:19:49.0388 4744 rdpbus - ok
14:19:49.0513 4744 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:19:49.0513 4744 RDPCDD - ok
14:19:49.0669 4744 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:19:49.0669 4744 RDPENCDD - ok
14:19:49.0794 4744 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:19:49.0794 4744 RDPREFMP - ok
14:19:49.0903 4744 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
14:19:49.0919 4744 RDPWD - ok
14:19:50.0059 4744 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
14:19:50.0059 4744 rdyboost - ok
14:19:50.0231 4744 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:19:50.0231 4744 RemoteAccess - ok
14:19:50.0340 4744 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:19:50.0340 4744 RemoteRegistry - ok
14:19:50.0465 4744 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:19:50.0480 4744 RpcEptMapper - ok
14:19:50.0605 4744 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:19:50.0605 4744 RpcLocator - ok
14:19:50.0761 4744 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
14:19:50.0777 4744 RpcSs - ok
14:19:51.0026 4744 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:19:51.0026 4744 rspndr - ok
14:19:51.0292 4744 RSUSBSTOR (fb39af63d6617f028ba0ebc21b83360d) C:\Windows\System32\Drivers\RtsUStor.sys
14:19:51.0307 4744 RSUSBSTOR - ok
14:19:51.0510 4744 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:19:51.0526 4744 RTL8167 - ok
14:19:51.0713 4744 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:19:51.0713 4744 SamSs - ok
14:19:51.0869 4744 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
14:19:51.0869 4744 sbp2port - ok
14:19:51.0994 4744 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:19:51.0994 4744 SCardSvr - ok
14:19:52.0150 4744 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
14:19:52.0150 4744 scfilter - ok
14:19:52.0384 4744 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
14:19:52.0430 4744 Schedule - ok
14:19:52.0649 4744 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
14:19:52.0649 4744 SCPolicySvc - ok
14:19:52.0789 4744 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
14:19:52.0805 4744 SDRSVC - ok
14:19:53.0039 4744 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:19:53.0039 4744 secdrv - ok
14:19:53.0164 4744 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
14:19:53.0164 4744 seclogon - ok
14:19:53.0288 4744 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:19:53.0288 4744 SENS - ok
14:19:53.0444 4744 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:19:53.0460 4744 SensrSvc - ok
14:19:53.0632 4744 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:19:53.0647 4744 Serenum - ok
14:19:53.0819 4744 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:19:53.0819 4744 Serial - ok
14:19:53.0928 4744 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:19:53.0928 4744 sermouse - ok
14:19:54.0115 4744 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
14:19:54.0131 4744 SessionEnv - ok
14:19:54.0271 4744 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:19:54.0271 4744 sffdisk - ok
14:19:54.0458 4744 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:19:54.0474 4744 sffp_mmc - ok
14:19:54.0583 4744 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
14:19:54.0583 4744 sffp_sd - ok
14:19:54.0724 4744 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:19:54.0724 4744 sfloppy - ok
14:19:54.0973 4744 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:19:54.0973 4744 SharedAccess - ok
14:19:55.0145 4744 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
14:19:55.0161 4744 ShellHWDetection - ok
14:19:55.0317 4744 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:19:55.0317 4744 SiSRaid2 - ok
14:19:55.0457 4744 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:19:55.0457 4744 SiSRaid4 - ok
14:19:55.0597 4744 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:19:55.0597 4744 Smb - ok
14:19:55.0753 4744 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:19:55.0753 4744 SNMPTRAP - ok
14:19:55.0956 4744 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:19:55.0956 4744 spldr - ok
14:19:56.0175 4744 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
14:19:56.0206 4744 Spooler - ok
14:19:56.0533 4744 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
14:19:56.0580 4744 sppsvc - ok
14:19:56.0705 4744 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:19:56.0721 4744 sppuinotify - ok
14:19:56.0861 4744 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
14:19:56.0877 4744 srv - ok
14:19:57.0064 4744 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
14:19:57.0064 4744 srv2 - ok
14:19:57.0267 4744 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
14:19:57.0267 4744 srvnet - ok
14:19:57.0376 4744 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:19:57.0376 4744 SSDPSRV - ok
14:19:57.0501 4744 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:19:57.0501 4744 SstpSvc - ok
14:19:57.0672 4744 Steam Client Service - ok
14:19:57.0813 4744 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:19:57.0813 4744 stexstor - ok
14:19:57.0969 4744 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
14:19:57.0984 4744 stisvc - ok
14:19:58.0140 4744 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:19:58.0140 4744 swenum - ok
14:19:58.0265 4744 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:19:58.0281 4744 swprv - ok
14:19:58.0437 4744 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
14:19:58.0452 4744 SynTP - ok
14:19:58.0671 4744 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
14:19:58.0702 4744 SysMain - ok
14:19:58.0842 4744 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
14:19:58.0842 4744 TabletInputService - ok
14:19:58.0998 4744 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
14:19:59.0014 4744 TapiSrv - ok
14:19:59.0279 4744 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:19:59.0279 4744 TBS - ok
14:19:59.0560 4744 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
14:19:59.0575 4744 Tcpip - ok
14:19:59.0825 4744 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
14:19:59.0887 4744 TCPIP6 - ok
14:20:00.0043 4744 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
14:20:00.0043 4744 tcpipreg - ok
14:20:00.0215 4744 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:20:00.0215 4744 TDPIPE - ok
14:20:00.0433 4744 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
14:20:00.0433 4744 TDTCP - ok
14:20:00.0574 4744 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
14:20:00.0574 4744 tdx - ok
14:20:00.0823 4744 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
14:20:00.0839 4744 TermDD - ok
14:20:00.0979 4744 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
14:20:00.0995 4744 TermService - ok
14:20:01.0167 4744 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:20:01.0167 4744 Themes - ok
14:20:01.0276 4744 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:20:01.0276 4744 THREADORDER - ok
14:20:01.0416 4744 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:20:01.0479 4744 TrkWks - ok
14:20:01.0588 4744 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
14:20:01.0588 4744 TrustedInstaller - ok
14:20:01.0775 4744 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:20:01.0775 4744 tssecsrv - ok
14:20:01.0900 4744 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
14:20:01.0900 4744 tunnel - ok
14:20:02.0040 4744 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:20:02.0056 4744 uagp35 - ok
14:20:02.0196 4744 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
14:20:02.0196 4744 UBHelper - ok
14:20:02.0305 4744 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
14:20:02.0305 4744 udfs - ok
14:20:02.0461 4744 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:20:02.0461 4744 UI0Detect - ok
14:20:02.0898 4744 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
14:20:02.0898 4744 uliagpkx - ok
14:20:03.0023 4744 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
14:20:03.0023 4744 umbus - ok
14:20:03.0163 4744 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:20:03.0163 4744 UmPass - ok
14:20:03.0241 4744 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
14:20:03.0257 4744 Updater Service - ok
14:20:03.0366 4744 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:20:03.0382 4744 upnphost - ok
14:20:03.0538 4744 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
14:20:03.0553 4744 usbaudio - ok
14:20:03.0709 4744 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
14:20:03.0709 4744 usbccgp - ok
14:20:03.0819 4744 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
14:20:03.0834 4744 usbcir - ok
14:20:03.0943 4744 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
14:20:03.0943 4744 usbehci - ok
14:20:04.0115 4744 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
14:20:04.0115 4744 usbfilter - ok
14:20:04.0287 4744 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
14:20:04.0287 4744 usbhub - ok
14:20:04.0396 4744 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
14:20:04.0411 4744 usbohci - ok
14:20:04.0521 4744 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:20:04.0521 4744 usbprint - ok
14:20:04.0786 4744 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:20:04.0786 4744 usbscan - ok
14:20:04.0926 4744 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:20:04.0926 4744 USBSTOR - ok
14:20:05.0020 4744 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
14:20:05.0020 4744 usbuhci - ok
14:20:05.0176 4744 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
14:20:05.0191 4744 usbvideo - ok
14:20:05.0301 4744 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:20:05.0316 4744 UxSms - ok
14:20:05.0441 4744 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:20:05.0441 4744 VaultSvc - ok
14:20:05.0566 4744 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
14:20:05.0566 4744 vdrvroot - ok
14:20:05.0691 4744 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
14:20:05.0691 4744 vds - ok
14:20:05.0815 4744 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:20:05.0815 4744 vga - ok
14:20:05.0971 4744 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:20:05.0971 4744 VgaSave - ok
14:20:06.0081 4744 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
14:20:06.0096 4744 vhdmp - ok
14:20:06.0205 4744 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
14:20:06.0205 4744 viaide - ok
14:20:06.0315 4744 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
14:20:06.0315 4744 volmgr - ok
14:20:06.0455 4744 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
14:20:06.0455 4744 volmgrx - ok
14:20:06.0642 4744 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
14:20:06.0642 4744 volsnap - ok
14:20:06.0767 4744 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:20:06.0783 4744 vsmraid - ok
14:20:07.0001 4744 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
14:20:07.0017 4744 VSS - ok
14:20:07.0110 4744 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:20:07.0126 4744 vwifibus - ok
14:20:07.0547 4744 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:20:07.0547 4744 vwififlt - ok
14:20:07.0656 4744 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:20:07.0672 4744 W32Time - ok
14:20:07.0828 4744 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:20:07.0828 4744 WacomPen - ok
14:20:07.0953 4744 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:20:07.0953 4744 WANARP - ok
14:20:07.0984 4744 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:20:07.0984 4744 Wanarpv6 - ok
14:20:08.0343 4744 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:20:08.0436 4744 WatAdminSvc - ok
14:20:08.0592 4744 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
14:20:08.0623 4744 wbengine - ok
14:20:08.0795 4744 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:20:08.0811 4744 WbioSrvc - ok
14:20:08.0951 4744 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
14:20:08.0951 4744 wcncsvc - ok
14:20:09.0076 4744 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:20:09.0091 4744 WcsPlugInService - ok
14:20:09.0185 4744 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:20:09.0185 4744 Wd - ok
14:20:09.0341 4744 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:20:09.0357 4744 Wdf01000 - ok
14:20:09.0481 4744 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:20:09.0481 4744 WdiServiceHost - ok
14:20:09.0513 4744 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:20:09.0513 4744 WdiSystemHost - ok
14:20:09.0637 4744 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
14:20:09.0653 4744 WebClient - ok
14:20:09.0778 4744 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:20:09.0793 4744 Wecsvc - ok
14:20:09.0903 4744 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:20:09.0934 4744 wercplsupport - ok
14:20:10.0074 4744 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:20:10.0074 4744 WerSvc - ok
14:20:10.0199 4744 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:20:10.0199 4744 WfpLwf - ok
14:20:10.0339 4744 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:20:10.0339 4744 WIMMount - ok
14:20:10.0417 4744 WinDefend - ok
14:20:10.0449 4744 WinHttpAutoProxySvc - ok
14:20:10.0589 4744 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:20:10.0589 4744 Winmgmt - ok
14:20:10.0932 4744 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
14:20:10.0979 4744 WinRM - ok
14:20:11.0229 4744 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:20:11.0291 4744 Wlansvc - ok
14:20:11.0509 4744 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:20:11.0541 4744 wlidsvc - ok
14:20:12.0102 4744 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:20:14.0707 4744 WmiAcpi - ok
14:20:15.0846 4744 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:20:16.0033 4744 wmiApSrv - ok
14:20:16.0127 4744 WMPNetworkSvc - ok
14:20:16.0439 4744 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:20:16.0439 4744 WPCSvc - ok
14:20:16.0595 4744 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
14:20:16.0595 4744 WPDBusEnum - ok
14:20:16.0969 4744 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:20:16.0969 4744 ws2ifsl - ok
14:20:17.0812 4744 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:20:17.0812 4744 wscsvc - ok
14:20:18.0139 4744 WSearch - ok
14:20:18.0545 4744 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
14:20:18.0623 4744 wuauserv - ok
14:20:18.0919 4744 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
14:20:18.0919 4744 WudfPf - ok
14:20:19.0169 4744 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:20:19.0169 4744 WUDFRd - ok
14:20:19.0294 4744 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
14:20:19.0294 4744 wudfsvc - ok
14:20:19.0465 4744 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:20:19.0465 4744 WwanSvc - ok
14:20:19.0590 4744 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
14:20:20.0152 4744 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
14:20:20.0152 4744 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
14:20:20.0214 4744 Boot (0x1200) (9153e8d2f7cb7b0803b5069b54dbfb0d) \Device\Harddisk0\DR0\Partition0
14:20:20.0214 4744 \Device\Harddisk0\DR0\Partition0 - ok
14:20:20.0292 4744 Boot (0x1200) (93b278424cd4e57849bfaa636738eb9e) \Device\Harddisk0\DR0\Partition1
14:20:20.0292 4744 \Device\Harddisk0\DR0\Partition1 - ok
14:20:20.0292 4744 ============================================================
14:20:20.0292 4744 Scan finished
14:20:20.0292 4744 ============================================================
14:20:20.0323 1080 Detected object count: 1
14:20:20.0323 1080 Actual detected object count: 1
14:20:54.0097 1080 \Device\Harddisk0\DR0\# - copied to quarantine
14:20:54.0097 1080 \Device\Harddisk0\DR0 - copied to quarantine
14:20:54.0160 1080 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
14:20:54.0160 1080 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
14:20:54.0160 1080 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:20:54.0175 1080 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:20:54.0238 1080 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
14:20:54.0253 1080 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
14:20:54.0253 1080 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
14:20:54.0269 1080 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
14:20:54.0269 1080 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
14:20:54.0269 1080 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
14:20:54.0285 1080 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
14:20:54.0285 1080 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
14:20:54.0456 1080 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
14:20:54.0456 1080 \Device\Harddisk0\DR0 - ok
14:20:55.0205 1080 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
14:21:10.0867 3132 Deinitialize success

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:17 AM

Posted 06 April 2012 - 03:34 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\programdata\Microsoft\Windows\DRM

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 HeartBroken

HeartBroken
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 06 April 2012 - 03:59 PM

Made the text file as you said and it ran Combo. After a bit the screen went white. Then black. Laptop reset, I think. No log file on desktop and the one in the C drive is the same one I posted before. Should I drop the text file onto it again? Last time I did it in normal mode, should I do it in Safe Mode?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:17 AM

Posted 06 April 2012 - 04:26 PM

Try it in safe mode and how is the computer doing


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 HeartBroken

HeartBroken
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 06 April 2012 - 04:47 PM

Ran it in safe mode, actually loaded up everything and started to scan this time around. Got to Step 4-6 and I got another blue "saftey" shutdown message. Should I disregard and run it in safe mode again?

The laptop hasn't really changed. Websites *seem* to load a little faster, but after connecting I again am unable to open up anything (music, pictures, etc.) off the desktop or anywhere after about five minutes. If I got them started before then it's fine, like running WoW for example. After that 'grace period' I can double click on things but nothing loads still.

#12 HeartBroken

HeartBroken
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 06 April 2012 - 05:28 PM

Was able to open up the task manager in normal mode. The Performance chart is still outta whack. It should be stable and low, but the thing is still jumping from 0 to 45 to 98 and then back down. I allow it to connect and sure enough it takes a few seconds but it hits 100% and stays there. I went to the Processes tab, Show processors from all users and can see the top three are svchost.exe, the top one is svchost.exe*32 with, currently climbing, 438,876K. Second has 115K and slowing rising, third on 96k slowly rising. The 32 one has a description of winrscmde adn the other two say Host Proess for Windows Services.

I gave it a few minutes and the top one surpassed 500 but then fell down to about 420ish, the second one is slowly rising at 118, and third at 103, also slowly rising. Eventually the intesive CPU stuff stopped and now they are coasting at 120, 111, and *32 is at the lowest with 77K.

Current CPU usage is at 10-20%, fairly level, but if I double click something it doesn't open, while folders do. Just got an error on the pictures I tried opening, both stating "server execution failed"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:17 AM

Posted 06 April 2012 - 06:01 PM

go ahead and run combofix without the script


run in safe mode if needed


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 HeartBroken

HeartBroken
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 06 April 2012 - 07:30 PM

Ran it twice on normal mode, both times it gave the blue "safety shutdown" erros at the same spot. (When it stops Extracting and does two lines of Output Folder.) Ran it in Sade Mode and it loaded all the way and started doing Stage 1, Stage 2, etc., but still ended up crashing. Ran it once more back in normal mode and it actually completed. Hung up around stages 4, 32, 48, and a LONG time after it reset and I was waiting for it to make a text file. Seems that it is random on if the laptop decides the scanning works or not.

Below is the log from Normal mode that just finished. Should I attempt the script/Combo scan a few more times and see if it eventually takes like this one did, or am I stressing and tempting Fate by doing so?


ComboFix 12-04-05.09 - user 04/06/2012 18:35:45.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2402 [GMT -5:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Windows Searchqu Toolbar
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\.#searchqutb.js.1.3
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\engines.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\search.xsl
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\about.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\external.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\modules\datastore.jsm
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\preferences.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\searchqutb.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.htm
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.xul
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-mdl.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tl.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tr.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-dragresize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-down.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-over.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-down.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-over.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\navico-home.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\panel.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\powered-mystart.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\tb_icon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-mdl.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tl.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tr.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-dragresize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-down.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-over.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-down.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-over.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\navico-home.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\panel.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\powered-mystart.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\tb_icon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-mdl.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tl.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tr.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-dragresize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-down.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-over.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-down.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-over.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\navico-home.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\panel.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\powered-mystart.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\tb_icon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217.zip
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-mdl.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tl.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tr.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-dragresize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-down.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-over.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-down.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-over.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize.PNG
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\navico-home.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\panel.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\powered-mystart.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\tb_icon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluelite.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluesky.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn_settings.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back-ff.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-splitter.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-back.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-splitter.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back-ff.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-splitter.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\ca.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\dictionary.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\divider.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\downloadcom.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\email.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\email_on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\games.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0_5.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\grey.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\headsup.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\ico-shield.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\images.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\add.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\aol.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\blank.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\checkmark.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\chevron.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\collapse.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\comcast.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\dtx.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\expand.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\found.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\gmail.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\hotmail.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\imap.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lock.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\mailcom.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\move.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\movetarget.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\pop.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\remove.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rename.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rss.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search-go.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\yahoo.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lichen.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-about.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\maps.bmp
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify-save.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\modifyhot.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\music.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\news.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-main.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-weather.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\orange.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\pixsy.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\relatedlinks.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-collapse.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-delete.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-expand.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-feed.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-found.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-reload.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-subscribe.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rssback.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\rsstopback.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\search-over.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\search.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchqutb.css
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\settings.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\shopping.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\siteinfo.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluelite.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluesky.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-grey.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-lichen.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-orange.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-yellow.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\technorati.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\throbber.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\video.bmp
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\weather.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\web.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_allocine.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_bliptv.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calcal.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calculator.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_gservices.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_sudoku.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.jpg
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_trio.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_uconverter.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\wikipedia.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\yahoosearch.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\yellow.gif
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\youtube.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\zoom.png
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\components\windowmediator.js
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\manifest.xml
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquTb.dll
c:\program files (x86)\Windows Searchqu Toolbar\ToolBar\uninstall.exe
c:\program files (x86)\Windows Searchqu Toolbar\uninstall.exe
c:\users\user\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))
.
.
2012-04-07 00:06 . 2012-04-07 00:06 -------- d-----w- c:\users\Guest.user-PC\AppData\Local\temp
2012-04-07 00:06 . 2012-04-07 00:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 23:29 . 2012-03-20 08:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{697A9185-398D-4B11-B8AD-F8F3CB320803}\mpengine.dll
2012-04-06 19:20 . 2012-04-06 19:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-04 04:54 . 2012-04-04 06:15 -------- d-----w- c:\users\user\AppData\Local\ElevatedDiagnostics
2012-04-03 18:11 . 2012-04-03 18:11 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\1102.tmp
2012-04-03 18:11 . 2012-04-03 18:11 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\1101.tmp
2012-04-03 07:04 . 2012-04-03 07:04 -------- d-----w- c:\users\Guest.user-PC\AppData\Roaming\Apple Computer
2012-03-30 18:41 . 2012-03-30 18:41 -------- d--h--w- c:\windows\AxInstSV
2012-03-14 02:46 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 02:46 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-14 02:46 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 02:46 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 02:46 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 02:46 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-14 02:46 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 02:46 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 02:46 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 02:46 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-14 02:46 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-14 02:45 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 02:45 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 02:45 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 02:44 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 02:44 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 02:44 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 02:44 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 14:18 . 2011-10-05 00:47 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-06_04.56.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-06 19:22 . 2012-04-06 19:22 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2012-04-06 19:22 . 2012-04-06 19:22 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2012-04-06 19:22 . 2012-04-06 19:22 54272 c:\windows\SysWOW64\pngfilt.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 48640 c:\windows\SysWOW64\mshtmler.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 11776 c:\windows\SysWOW64\mshta.exe
+ 2012-04-06 19:22 . 2012-04-06 19:22 10752 c:\windows\SysWOW64\msfeedssync.exe
+ 2012-04-06 19:22 . 2012-04-06 19:22 41472 c:\windows\SysWOW64\msfeedsbs.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 23552 c:\windows\SysWOW64\licmgr10.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 78848 c:\windows\SysWOW64\inseng.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 35840 c:\windows\SysWOW64\imgutil.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 86528 c:\windows\SysWOW64\iesysprep.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 74752 c:\windows\SysWOW64\iesetup.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 31744 c:\windows\SysWOW64\iernonce.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 74240 c:\windows\SysWOW64\ie4uinit.exe
+ 2012-04-06 19:22 . 2012-04-06 19:22 66048 c:\windows\SysWOW64\icardie.dll
+ 2012-04-06 05:44 . 2012-04-06 22:10 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040620120407\index.dat
+ 2012-04-04 09:50 . 2012-04-06 19:55 49120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2012-04-04 16:43 . 2012-04-06 22:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-04-04 16:43 . 2012-04-06 00:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2009-08-27 20:48 . 2012-04-07 00:09 79638 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-07 00:09 43298 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-30 05:23 . 2012-04-06 23:28 31294 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-448985409-2584287539-1750592253-1000_UserData.bin
+ 2012-04-06 19:22 . 2012-04-06 19:22 91648 c:\windows\system32\SetIEInstalledDate.exe
+ 2012-04-06 19:22 . 2012-04-06 19:22 89088 c:\windows\system32\RegisterIEPKEYs.exe
+ 2012-04-06 19:22 . 2012-04-06 19:22 65024 c:\windows\system32\pngfilt.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 48640 c:\windows\system32\mshtmler.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 96256 c:\windows\system32\mshtmled.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 12288 c:\windows\system32\mshta.exe
+ 2012-04-06 19:22 . 2012-04-06 19:22 10752 c:\windows\system32\msfeedssync.exe
+ 2012-04-06 19:22 . 2012-04-06 19:22 55296 c:\windows\system32\msfeedsbs.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 30720 c:\windows\system32\licmgr10.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 85504 c:\windows\system32\jsproxy.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 49664 c:\windows\system32\imgutil.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 85504 c:\windows\system32\iesetup.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 39936 c:\windows\system32\iernonce.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 89088 c:\windows\system32\ie4uinit.exe
+ 2012-04-06 19:22 . 2012-04-06 19:22 82432 c:\windows\system32\icardie.dll
+ 2010-01-30 05:05 . 2012-04-06 23:46 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-30 05:05 . 2012-04-06 03:56 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-30 05:05 . 2012-04-06 23:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-30 05:05 . 2012-04-06 03:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-06 23:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-06 03:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-06 01:31 . 2010-11-20 13:39 19968 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-h...netlistmgr.interop_31bf3856ad364e35_6.1.7601.17514_none_3f569315a5a75cde\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.dll
- 2012-04-06 01:31 . 2010-11-20 13:25 46080 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_07f91de77125e78d\atmlib.dll
- 2012-04-06 01:31 . 2010-11-20 13:24 48128 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-ftp_31bf3856ad364e35_6.1.7601.17514_none_0b11635f6f2987f7\ftp.exe
- 2012-04-06 01:31 . 2010-11-20 13:27 16896 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-font-registrysettings_31bf3856ad364e35_6.1.7601.17514_none_f3d758aac7bc3445\muifontsetup.dll
- 2012-04-06 01:31 . 2010-11-20 13:24 71168 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-findstr_31bf3856ad364e35_6.1.7601.17514_none_855590d1705431c5\findstr.exe
- 2012-04-06 01:31 . 2010-11-20 13:26 72192 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-fdeploy_31bf3856ad364e35_6.1.7601.17514_none_3ddb97ac675ddf20\fdeploy.dll
- 2012-04-06 01:31 . 2010-11-20 13:24 18432 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-fax-service_31bf3856ad364e35_6.1.7601.17514_none_0b499f2c96e8f6b2\FXSUNATD.exe
- 2012-04-06 01:31 . 2010-11-20 13:26 41984 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-fax-service_31bf3856ad364e35_6.1.7601.17514_none_0b499f2c96e8f6b2\FXSMON.dll
- 2012-04-06 01:30 . 2010-11-20 13:24 14336 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-eudc-settings_31bf3856ad364e35_6.1.7601.17514_none_b84dc938eed78546\eudcsettings.exe
- 2012-04-06 01:30 . 2010-11-20 13:25 26112 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7601.17514_none_ce2d22115368db7a\WerFaultSecure.exe
- 2012-04-06 01:30 . 2010-11-20 13:03 42496 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-ehome-markup_31bf3856ad364e35_6.1.7601.17514_none_6d43de9140a6e312\markup.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 84992 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-ehome-devices-mcx2svc_31bf3856ad364e35_6.1.7601.17514_none_c0c61d2e94ec5676\Mcx2Svc.dll
- 2012-04-06 01:30 . 2010-11-20 13:27 88576 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-e..e-devices-netbridge_31bf3856ad364e35_6.1.7601.17514_none_93f3ad825cfa22ce\NetBridge.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 84992 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-dot3svc_31bf3856ad364e35_6.1.7601.17514_none_c99214378a23d63b\dot3api.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 69120 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-dot3-netsh-helper_31bf3856ad364e35_6.1.7601.17514_none_38cd19d2dab6f4ad\dot3cfg.dll
- 2012-04-06 01:30 . 2010-11-20 13:33 27520 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-diskdump_31bf3856ad364e35_6.1.7601.17514_none_c4e43b7bade5bb1e\Diskdump.sys
- 2012-04-06 01:30 . 2010-11-20 13:27 68096 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-directshow-vfw-capture_31bf3856ad364e35_6.1.7601.17514_none_34a42c333d8f8d28\vfwwdm32.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 41472 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-directshow-other_31bf3856ad364e35_6.1.7601.17514_none_6b778d68f75a1a54\mciqtz32.dll
- 2012-04-06 01:30 . 2010-11-20 13:25 89088 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-directshow-other_31bf3856ad364e35_6.1.7601.17514_none_6b778d68f75a1a54\amstream.dll
- 2012-04-06 01:30 . 2010-11-20 13:27 35840 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-directshow-dmo_31bf3856ad364e35_6.1.7601.17514_none_78bc46bd15489e90\msdmo.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 36864 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-dhcpds_31bf3856ad364e35_6.1.7601.17514_none_1c77be6ebf25c03d\dsauth.dll
- 2012-04-06 01:30 . 2010-11-20 13:27 67584 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..services-sam-netapi_31bf3856ad364e35_6.1.7601.17514_none_e4e845f8dcca9f23\samcli.dll
- 2012-04-06 01:30 . 2010-11-20 13:27 14848 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..olorspaceconverters_31bf3856ad364e35_6.1.7601.17514_none_c3ab12c1c499b774\tsbyuv.dll
- 2012-04-06 01:30 . 2010-11-20 13:27 25600 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..olorspaceconverters_31bf3856ad364e35_6.1.7601.17514_none_c3ab12c1c499b774\msyuv.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 54272 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..olorspaceconverters_31bf3856ad364e35_6.1.7601.17514_none_c3ab12c1c499b774\iyuv_32.dll
- 2012-04-06 01:30 . 2010-11-20 13:27 78848 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7601.17514_none_fb3795fb0be32033\WUDFSvc.dll
- 2012-04-06 01:30 . 2010-11-20 13:27 44544 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7601.17514_none_fb3795fb0be32033\WUDFCoinstaller.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 76800 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.17514_none_83784bb654f0d178\imagehlp.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 41472 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-content-filter-mime_31bf3856ad364e35_7.0.7601.17514_none_a697591bb72ee778\mimefilt.dll
- 2012-04-06 01:29 . 2010-11-20 13:24 36864 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-choice_31bf3856ad364e35_6.1.7601.17514_none_218cf07ba262766c\choice.exe
- 2012-04-06 01:29 . 2010-11-20 13:25 94720 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-cabinet_31bf3856ad364e35_6.1.7601.17514_none_9565568bf88b3e87\cabinet.dll
- 2012-04-06 01:29 . 2010-11-20 13:25 14848 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-bwunpairelevated_31bf3856ad364e35_6.1.7601.17514_none_be41ad3ba23872dd\BWUnpairElevated.dll
- 2012-04-06 01:29 . 2010-11-20 13:27 47104 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-bth-user_31bf3856ad364e35_6.1.7601.17514_none_c33f455aebcd9dbb\wshbth.dll
- 2012-04-06 01:29 . 2010-11-20 13:25 14336 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-browseui_31bf3856ad364e35_6.1.7601.17514_none_8f08e721fcf5575d\browseui.dll
- 2012-04-06 01:29 . 2010-11-20 13:25 58880 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-browserservice-netapi_31bf3856ad364e35_6.1.7601.17514_none_8bb36948ae5a5afc\browcli.dll
- 2012-04-06 01:29 . 2010-11-20 12:54 52736 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-blb-events-main_31bf3856ad364e35_6.1.7601.17514_none_590326050266f2c7\BlbEvents.dll
- 2012-04-06 01:29 . 2010-11-20 13:25 24576 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-bits-perf_31bf3856ad364e35_6.1.7601.17514_none_914aa0fa1749a409\bitsperf.dll
- 2012-04-06 01:29 . 2010-11-20 13:24 71168 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-b..vironment-servicing_31bf3856ad364e35_6.1.7601.17514_none_843a86a1bc33fcd1\bfsvc.exe
- 2012-04-06 01:29 . 2010-11-20 13:25 31744 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-azman_31bf3856ad364e35_6.1.7601.17514_none_b47d1ea4c958e6da\AzSqlExt.dll
- 2012-04-06 01:29 . 2010-11-20 13:24 27648 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-authentication-logonui_31bf3856ad364e35_6.1.7601.17514_none_c3b917fd89d834f3\LogonUI.exe
- 2012-04-06 01:29 . 2010-11-20 10:14 61440 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_b57215bac8c6d647\appid.sys
- 2012-04-06 01:29 . 2010-11-20 13:27 36352 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-a..vesqmmanifestplugin_31bf3856ad364e35_6.1.7601.17514_none_756ad8eef4d0f1d0\wdiasqmmodule.dll
- 2012-04-06 01:29 . 2010-11-20 13:25 53248 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-a..on-experience-tools_31bf3856ad364e35_6.1.7601.17514_none_f2f02c72bf119df2\acppage.dll
- 2012-04-06 01:29 . 2010-11-20 10:43 32768 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mdmcpq.inf_31bf3856ad364e35_6.1.7601.17514_none_d13aa360cb6ad78e\usbser.sys
- 2012-04-06 01:29 . 2010-11-20 10:34 12800 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mchgr.inf_31bf3856ad364e35_6.1.7601.17514_none_7320af8f6febd179\spctramc.sys
- 2012-04-06 01:29 . 2010-11-20 10:34 15360 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mchgr.inf_31bf3856ad364e35_6.1.7601.17514_none_7320af8f6febd179\sonymc.sys
- 2012-04-06 01:29 . 2010-11-20 10:34 12288 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mchgr.inf_31bf3856ad364e35_6.1.7601.17514_none_7320af8f6febd179\snyaitmc.sys
- 2012-04-06 01:29 . 2010-11-20 10:34 12800 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mchgr.inf_31bf3856ad364e35_6.1.7601.17514_none_7320af8f6febd179\seaddsmc.sys
- 2012-04-06 01:29 . 2010-11-20 10:34 11264 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mchgr.inf_31bf3856ad364e35_6.1.7601.17514_none_7320af8f6febd179\qntmmc.sys
- 2012-04-06 01:29 . 2010-11-20 10:34 13824 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mchgr.inf_31bf3856ad364e35_6.1.7601.17514_none_7320af8f6febd179\qlstrmc.sys
- 2012-04-06 01:29 . 2010-11-20 10:34 15360 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mchgr.inf_31bf3856ad364e35_6.1.7601.17514_none_7320af8f6febd179\powerfil.sys
- 2012-04-06 01:29 . 2010-11-20 10:34 12800 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mchgr.inf_31bf3856ad364e35_6.1.7601.17514_none_7320af8f6febd179\pnrmc.sys
- 2012-04-06 01:29 . 2010-11-20 10:34 14848 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mchgr.inf_31bf3856ad364e35_6.1.7601.17514_none_7320af8f6febd179\plasmc.sys
- 2012-04-06 01:29 . 2010-11-20 10:34 12800 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mchgr.inf_31bf3856ad364e35_6.1.7601.17514_none_7320af8f6febd179\nsmmc.sys
- 2012-04-06 01:29 . 2010-11-20 10:34 11264 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mchgr.inf_31bf3856ad364e35_6.1.7601.17514_none_7320af8f6febd179\m4mc.sys
- 2012-04-06 01:29 . 2010-11-20 10:34 13824 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mchgr.inf_31bf3856ad364e35_6.1.7601.17514_none_7320af8f6febd179\libxprmc.sys
- 2012-04-06 01:29 . 2010-11-20 10:34 12800 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mchgr.inf_31bf3856ad364e35_6.1.7601.17514_none_7320af8f6febd179\jvcmc.sys
- 2012-04-06 01:29 . 2010-11-20 10:34 17920 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mchgr.inf_31bf3856ad364e35_6.1.7601.17514_none_7320af8f6febd179\hpmc.sys
- 2012-04-06 01:29 . 2010-11-20 10:34 15360 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mchgr.inf_31bf3856ad364e35_6.1.7601.17514_none_7320af8f6febd179\examc.sys
- 2012-04-06 01:29 . 2010-11-20 10:34 12288 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mchgr.inf_31bf3856ad364e35_6.1.7601.17514_none_7320af8f6febd179\elmsmc.sys
- 2012-04-06 01:29 . 2010-11-20 10:34 13312 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mchgr.inf_31bf3856ad364e35_6.1.7601.17514_none_7320af8f6febd179\ddsmc.sys
- 2012-04-06 01:29 . 2010-11-20 10:34 12288 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mchgr.inf_31bf3856ad364e35_6.1.7601.17514_none_7320af8f6febd179\breecemc.sys
- 2012-04-06 01:29 . 2010-11-20 10:34 12800 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mchgr.inf_31bf3856ad364e35_6.1.7601.17514_none_7320af8f6febd179\atlmc.sys
- 2012-04-06 01:29 . 2010-11-20 10:34 12800 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mchgr.inf_31bf3856ad364e35_6.1.7601.17514_none_7320af8f6febd179\adicvls.sys
- 2012-04-06 01:29 . 2010-11-20 10:34 13824 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mchgr.inf_31bf3856ad364e35_6.1.7601.17514_none_7320af8f6febd179\adicsc.sys
- 2012-04-06 01:29 . 2010-11-20 13:34 71552 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\volmgr.sys
- 2012-04-06 01:29 . 2010-11-20 13:33 63360 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\termdd.sys
- 2012-04-06 01:29 . 2010-11-20 10:33 33280 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdhid.sys
- 2012-04-06 01:28 . 2010-11-05 01:56 89600 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_isymwrapper_b03f5f7f11d50a3a_6.1.7601.17514_none_950ac106bb47950c\ISymWrapper.dll
- 2012-04-06 01:28 . 2010-11-20 10:04 78848 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_ipmidrv.inf_31bf3856ad364e35_6.1.7601.17514_none_59cef7610231e41b\IPMIDrv.sys
- 2012-04-06 01:28 . 2010-11-05 01:56 24576 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_installutil_b03f5f7f11d50a3a_6.1.7601.17514_none_0826be6cc9481df4\InstallUtil.exe
- 2012-04-06 01:28 . 2010-11-20 10:43 30208 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_input.inf_31bf3856ad364e35_6.1.7601.17514_none_7e959f3636bd3a1c\hidusb.sys
- 2012-04-06 01:28 . 2010-11-20 10:43 76800 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_input.inf_31bf3856ad364e35_6.1.7601.17514_none_7e959f3636bd3a1c\hidclass.sys
- 2012-04-06 01:28 . 2010-11-20 13:33 78720 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_hpsamd.inf_31bf3856ad364e35_6.1.7601.17514_none_5b5cf553a3ff2443\HpSAMD.sys
- 2012-04-06 01:28 . 2010-11-20 13:26 74240 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_fdproxy_31bf3856ad364e35_6.1.7601.17514_none_d98c575f8530e950\fdProxy.dll
- 2012-04-06 01:28 . 2010-11-20 10:32 19968 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_dot4prt.inf_31bf3856ad364e35_6.1.7601.17514_none_cb6128e5835622ff\Dot4Prt.sys
- 2012-04-06 01:28 . 2010-11-05 01:56 80896 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_custommarshalers_b03f5f7f11d50a3a_6.1.7601.17514_none_feee409b39e33eea\CustomMarshalers.dll
- 2012-04-06 01:28 . 2010-11-20 10:33 38912 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_compositebus.inf_31bf3856ad364e35_6.1.7601.17514_none_177ed93b056892f1\CompositeBus.sys
- 2012-04-06 01:28 . 2010-11-20 10:44 80384 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_bth.inf_31bf3856ad364e35_6.1.7601.17514_none_d06ac9aad230c1d6\BTHUSB.SYS
- 2012-04-06 01:28 . 2010-11-20 13:32 27008 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_amdsata.inf_31bf3856ad364e35_6.1.7601.17514_none_aa92dcaf988a9119\amdxata.sys
- 2012-04-06 01:28 . 2010-11-05 01:53 38744 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_addinprocess32_b77a5c561934e089_6.1.7601.17514_none_df35b5ac03866e22\AddInProcess32.exe
- 2012-04-06 01:28 . 2010-11-20 09:30 12800 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_acpipmi.inf_31bf3856ad364e35_6.1.7601.17514_none_05a4bc65d71b80df\acpipmi.sys
+ 2010-01-30 07:24 . 2012-04-06 19:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-30 07:24 . 2012-04-06 04:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-04-06 22:16 80672 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-04-04 02:43 . 2012-04-06 19:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-04-04 02:43 . 2012-04-06 04:53 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-04-04 02:43 . 2012-04-06 04:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2012-04-04 02:43 . 2012-04-06 19:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-04-04 02:43 . 2012-04-06 04:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2012-04-04 02:43 . 2012-04-06 19:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2010-01-30 07:24 . 2012-04-06 04:53 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-30 07:24 . 2012-04-06 19:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-30 07:24 . 2012-04-06 19:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-30 07:24 . 2012-04-06 04:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-30 05:59 . 2012-04-06 19:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-30 05:59 . 2012-04-06 04:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-30 05:59 . 2012-04-06 04:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-30 05:59 . 2012-04-06 19:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-06 01:30 . 2010-11-20 12:58 3072 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.1.7601.17514_none_d6fc8d83d55eb77c\dpnaddr.dll
- 2012-04-06 01:29 . 2010-11-20 12:51 3072 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-baseapinamespace_31bf3856ad364e35_6.1.7601.17514_none_a4272f399040a523\api-ms-win-core-ums-l1-1-0.dll
+ 2012-04-07 00:07 . 2012-04-07 00:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-06 04:53 . 2012-04-06 04:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-07 00:07 . 2012-04-07 00:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-06 04:53 . 2012-04-06 04:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-06 19:22 . 2012-04-06 19:22 152064 c:\windows\SysWOW64\wextract.exe
+ 2012-04-06 19:22 . 2012-04-06 19:22 203776 c:\windows\SysWOW64\webcheck.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 420864 c:\windows\SysWOW64\vbscript.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 231936 c:\windows\SysWOW64\url.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 123392 c:\windows\SysWOW64\occache.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 162304 c:\windows\SysWOW64\msrating.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 161792 c:\windows\SysWOW64\msls31.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 580608 c:\windows\SysWOW64\msfeeds.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 716800 c:\windows\SysWOW64\jscript.dll
- 2011-04-14 03:12 . 2011-02-18 05:35 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 150528 c:\windows\SysWOW64\iexpress.exe
+ 2012-04-06 19:22 . 2012-04-06 19:22 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-04-06 19:22 . 2012-04-06 19:22 176640 c:\windows\SysWOW64\ieui.dll
- 2012-02-16 05:48 . 2011-12-16 07:58 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 118784 c:\windows\SysWOW64\iepeers.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 353584 c:\windows\SysWOW64\iedkcs32.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 434176 c:\windows\SysWOW64\ieapfltr.dll
- 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 163840 c:\windows\SysWOW64\ieakui.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 227840 c:\windows\SysWOW64\ieaksie.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 130560 c:\windows\SysWOW64\ieakeng.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 110592 c:\windows\SysWOW64\IEAdvpack.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 223232 c:\windows\SysWOW64\dxtrans.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 353792 c:\windows\SysWOW64\dxtmsft.dll
- 2010-01-31 16:41 . 2012-04-06 04:54 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-01-31 16:41 . 2012-04-07 00:08 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-04-07 00:08 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-07 00:08 983040 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-06 19:22 . 2012-04-06 19:22 101888 c:\windows\SysWOW64\admparse.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 160256 c:\windows\system32\wextract.exe
+ 2012-04-06 19:22 . 2012-04-06 19:22 249344 c:\windows\system32\webcheck.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 603648 c:\windows\system32\vbscript.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 236544 c:\windows\system32\url.dll
- 2009-07-14 02:36 . 2012-04-06 02:15 624128 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 23:31 624128 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 23:31 107728 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-06 02:15 107728 c:\windows\system32\perfc009.dat
+ 2012-04-06 19:22 . 2012-04-06 19:22 149504 c:\windows\system32\occache.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 197120 c:\windows\system32\msrating.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 222208 c:\windows\system32\msls31.dll
- 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 697344 c:\windows\system32\msfeeds.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 818176 c:\windows\system32\jscript.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 103936 c:\windows\system32\inseng.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 165888 c:\windows\system32\iexpress.exe
+ 2012-04-06 19:22 . 2012-04-06 19:22 173056 c:\windows\system32\ieUnatt.exe
+ 2012-04-06 19:22 . 2012-04-06 19:22 248320 c:\windows\system32\ieui.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 111616 c:\windows\system32\iesysprep.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 145920 c:\windows\system32\iepeers.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 403248 c:\windows\system32\iedkcs32.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 534528 c:\windows\system32\ieapfltr.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 163840 c:\windows\system32\ieakui.dll
- 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 267776 c:\windows\system32\ieaksie.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 160256 c:\windows\system32\ieakeng.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 135168 c:\windows\system32\IEAdvpack.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 282112 c:\windows\system32\dxtrans.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 452608 c:\windows\system32\dxtmsft.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 114176 c:\windows\system32\admparse.dll
- 2012-04-06 01:31 . 2010-11-20 13:26 777728 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.1.7601.17514_none_8649674dfda23046\gpsvc.dll
- 2012-04-06 01:31 . 2010-11-20 13:26 403968 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-gdi32_31bf3856ad364e35_6.1.7601.17514_none_b7a4af6b5ff115ac\gdi32.dll
- 2012-04-06 01:31 . 2010-11-20 09:49 367104 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_07f91de77125e78d\atmfd.dll
- 2012-04-06 01:31 . 2010-11-20 13:26 784896 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-g..ppolicy-policymaker_31bf3856ad364e35_6.1.7601.17514_none_956f3a625f9b7e23\gpprefcl.dll
- 2012-04-06 01:31 . 2010-11-20 13:25 479232 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-g..policy-admin-appmgr_31bf3856ad364e35_6.1.7601.17514_none_58df6170cc98ffe6\appmgr.dll
- 2012-04-06 01:31 . 2010-11-20 13:25 577024 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\AdmTmpl.dll
- 2012-04-06 01:31 . 2010-11-20 13:27 568832 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-g..licy-admin-scrptadm_31bf3856ad364e35_6.1.7601.17514_none_2f8f952e7b710a73\scrptadm.dll
- 2012-04-06 01:31 . 2010-11-20 13:26 861184 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-fontext_31bf3856ad364e35_6.1.7601.17514_none_fcab9df20a3cd55f\fontext.dll
- 2012-04-06 01:31 . 2010-11-20 13:26 116224 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-font-fms_31bf3856ad364e35_6.1.7601.17514_none_a5f8bb0ccaefbe07\fms.dll
- 2012-04-06 01:31 . 2010-11-20 13:27 148992 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-font-embedding_31bf3856ad364e35_6.1.7601.17514_none_13e628b635935244\t2embed.dll
- 2012-04-06 01:31 . 2010-11-20 13:33 289664 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-filtermanager-core_31bf3856ad364e35_6.1.7601.17514_none_6f2f7861416b9bc6\fltMgr.sys
- 2012-04-06 01:31 . 2010-11-20 13:26 171520 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-fde_31bf3856ad364e35_6.1.7601.17514_none_063200e5724abc1a\fde.dll
- 2012-04-06 01:31 . 2010-11-20 13:24 689152 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-fax-service_31bf3856ad364e35_6.1.7601.17514_none_0b499f2c96e8f6b2\FXSSVC.exe
- 2012-04-06 01:31 . 2010-11-20 13:26 434688 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-fax-common_31bf3856ad364e35_6.1.7601.17514_none_6a2ab458674011dc\FXSTIFF.dll
- 2012-04-06 01:31 . 2010-11-20 13:26 623104 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-fax-common_31bf3856ad364e35_6.1.7601.17514_none_6a2ab458674011dc\FXSAPI.dll
- 2012-04-06 01:31 . 2010-11-20 13:26 180736 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-f..temutilitylibraries_31bf3856ad364e35_6.1.7601.17514_none_47bc5d47064ce3d9\ifsutil.dll
- 2012-04-06 01:31 . 2010-11-20 13:25 314368 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-f..rcluster-clientcore_31bf3856ad364e35_6.1.7601.17514_none_ef6d8ddb4eff2674\clusapi.dll
- 2012-04-06 01:30 . 2010-11-20 13:27 403968 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-f..mutilityntfslibrary_31bf3856ad364e35_6.1.7601.17514_none_5ce9bd3c0a8cb522\untfs.dll
- 2012-04-06 01:30 . 2010-11-20 13:24 267264 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_6.1.7601.17514_none_d71fb1d63f05ef22\FXSCOVER.exe
- 2012-04-06 01:30 . 2010-11-20 13:24 359936 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-eudcedit_31bf3856ad364e35_6.1.7601.17514_none_b7be8a14d61db17a\eudcedit.exe
- 2012-04-06 01:30 . 2010-11-20 13:26 355328 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7601.17514_none_ce2d22115368db7a\Faultrep.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 630272 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-enhancedvideorenderer_31bf3856ad364e35_6.1.7601.17514_none_edc8831ae3260955\evr.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 144896 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-enhancedstorage-api_31bf3856ad364e35_6.1.7601.17514_none_3354d4592666036f\EhStorAPI.dll
- 2012-04-06 01:30 . 2010-11-20 13:27 190976 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-ehome-wtv2dvrms_31bf3856ad364e35_6.1.7601.17514_none_60a75eeaa7a6eeb3\wtv2dvrms.dll
- 2012-04-06 01:30 . 2010-11-20 13:24 696832 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7601.17514_none_1b8f8373383de46a\ehrecvr.exe
- 2012-04-06 01:30 . 2010-11-20 13:27 465920 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-ehome-mstvcapn_31bf3856ad364e35_6.1.7601.17514_none_b876d1bf1122f9dc\mstvcapn.dll
- 2012-04-06 01:30 . 2010-11-20 13:27 571904 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-ehome-mspbda_31bf3856ad364e35_6.1.7601.17514_none_97ddd8f55fe49f33\mspbda.dll
- 2012-04-06 01:30 . 2010-11-20 13:27 552960 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-ehome-msdri_31bf3856ad364e35_6.1.7601.17514_none_c42ec687fee190a5\msdri.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 962048 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-ehome-mcplayer_31bf3856ad364e35_6.1.7601.17514_none_c1bb5f0dce81d663\mcplayer.dll
- 2012-04-06 01:30 . 2010-11-20 13:24 288256 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-ehome-ehvid_31bf3856ad364e35_6.1.7601.17514_none_a98ec3ba6b5b3e54\ehvid.exe
- 2012-04-06 01:30 . 2010-11-20 13:24 163328 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-ehome-ehtray_31bf3856ad364e35_6.1.7601.17514_none_88ff132e83a8a275\ehtray.exe
- 2012-04-06 01:30 . 2010-11-20 13:26 394752 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-ehome-ehskb_31bf3856ad364e35_6.1.7601.17514_none_a8a886f06bf01c83\ehskb.dll
- 2012-04-06 01:30 . 2010-11-20 13:24 295936 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-ehome-ehprivjob_31bf3856ad364e35_6.1.7601.17514_none_53393627486ae37b\ehprivjob.exe
- 2012-04-06 01:30 . 2010-11-20 13:26 150528 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-ehome-ehpresenter_31bf3856ad364e35_6.1.7601.17514_none_84ee9d077899aeab\ehPresenter.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 758784 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-ehome-ehglid_31bf3856ad364e35_6.1.7601.17514_none_8d61dfe880c198b7\ehglid.dll
- 2012-04-06 01:30 . 2010-11-20 13:27 303104 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-ehome-cbva_31bf3856ad364e35_6.1.7601.17514_none_2c49a970e066e812\cbva.dll
- 2012-04-06 01:30 . 2010-11-20 13:25 408576 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-ehome-bmldatacarousel_31bf3856ad364e35_6.1.7601.17514_none_665e242c66aed12f\BmlDataCarousel.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 304128 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-efs-core-library_31bf3856ad364e35_6.1.7601.17514_none_b4c7e8f4ae2a1921\efscore.dll
- 2012-04-06 01:30 . 2010-11-20 13:27 444416 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-edition-transmogrifier_31bf3856ad364e35_6.1.7601.17514_none_73b6d86e51cdee82\TransmogProvider.dll
- 2012-04-06 01:30 . 2010-11-05 02:11 433512 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-e..mcewmdrmndbootstrap_31bf3856ad364e35_6.1.7601.17514_none_916b7987c832cdee\MCEWMDRMNDBootstrap.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 303616 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.1.7601.17514_none_c239909bda09b2ac\eapphost.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 103936 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.1.7601.17514_none_c239909bda09b2ac\eappgnui.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 348160 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.1.7601.17514_none_c239909bda09b2ac\eapp3hst.dll
- 2012-04-06 01:30 . 2010-11-20 13:34 363392 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-dynamicvolumemanager_31bf3856ad364e35_6.1.7601.17514_none_3b28c7719cc8612d\volmgrx.sys
- 2012-04-06 01:30 . 2010-11-20 13:26 675328 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-dxptasks-ringtone_31bf3856ad364e35_6.1.7601.17514_none_0cb2f60328a1fa24\DXPTaskRingtone.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 459776 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-dxp-deviceexperience_31bf3856ad364e35_6.1.7601.17514_none_a54b31331066c8e2\DXP.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 239616 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-dskquoui_31bf3856ad364e35_6.1.7601.17514_none_dc547f3bcaf49b08\dskquoui.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 422912 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-drvstore_31bf3856ad364e35_6.1.7601.17514_none_4f1a5a9a5a24b7ca\drvstore.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 313344 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-dot3ui_31bf3856ad364e35_6.1.7601.17514_none_8707edeb6be1399d\dot3ui.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 252416 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-dot3svc_31bf3856ad364e35_6.1.7601.17514_none_c99214378a23d63b\dot3svc.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 103936 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-dot3svc_31bf3856ad364e35_6.1.7601.17514_none_c99214378a23d63b\dot3msm.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 118272 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-dns-clientsnapin_31bf3856ad364e35_6.1.7601.17514_none_d87694fddc641eab\dnscmmc.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 183296 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsrslvr.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 357888 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsapi.dll
- 2012-04-06 01:30 . 2010-11-20 13:24 363520 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-diskraid_31bf3856ad364e35_6.1.7601.17514_none_c3afa97fae99bbe4\diskraid.exe
- 2012-04-06 01:30 . 2010-11-20 13:24 166400 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-diskpart_31bf3856ad364e35_6.1.7601.17514_none_c6fe6ac9ac8c7105\diskpart.exe
- 2012-04-06 01:30 . 2010-11-20 13:26 658944 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-directx-dxgi_31bf3856ad364e35_6.1.7601.17514_none_98a47dc2352c4409\dxgi.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 787968 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-directx-direct3d11_31bf3856ad364e35_6.1.7601.17514_none_4dde5445e44ba1a3\d3d11.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 321024 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_6.1.7601.17514_none_ae4f82d4c031a13b\d3d10_1core.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 573952 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-directx-d3d10level9_31bf3856ad364e35_6.1.7601.17514_none_41847221b63220e2\d3d10level9.dll
- 2012-04-06 01:30 . 2010-11-20 13:27 366592 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-directshow-dvdsupport_31bf3856ad364e35_6.1.7601.17514_none_b2483040ea781d9d\qdvd.dll
- 2012-04-06 01:30 . 2010-11-20 13:27 250880 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-directshow-dv_31bf3856ad364e35_6.1.7601.17514_none_5afccbb236c20f24\qdv.dll
- 2012-04-06 01:30 . 2010-11-20 13:27 181248 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-directshow-capture_31bf3856ad364e35_6.1.7601.17514_none_16ff28a2362a4060\qcap.dll
- 2012-04-06 01:30 . 2010-11-20 13:27 254464 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-directshow-asf_31bf3856ad364e35_6.1.7601.17514_none_78e385451529fc1e\qasf.dll
- 2012-04-06 01:30 . 2010-11-20 13:27 758784 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.1.7601.17514_none_10145eccb79418a5\samsrv.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 317952 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.1.7601.17514_none_35802f0f452f59bb\dhcpcore.dll
- 2012-04-06 01:30 . 2010-11-20 09:26 102400 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7601.17514_none_e5c0334cfcbb6f1f\dfsc.sys
- 2012-04-06 01:30 . 2010-11-20 13:26 225280 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-devicepairingfolder_31bf3856ad364e35_6.1.7601.17514_none_aa5840a43e46d34f\DevicePairingFolder.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 508928 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-devicecenter_31bf3856ad364e35_6.1.7601.17514_none_068abb3d15ae0afc\DeviceCenter.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 399872 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.1.7601.17514_none_c8049b9e4ba7658c\dpx.dll
- 2012-04-06 01:30 . 2010-11-20 13:24 606208 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-defrag-adminui_31bf3856ad364e35_6.1.7601.17514_none_f73c142da6e47daa\dfrgui.exe
- 2012-04-06 01:30 . 2010-11-20 13:25 902144 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d2d_31bf3856ad364e35_6.1.7601.17514_none_05c2ec3372908373\d2d1.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 279552 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_81e99da174638311\dxdiagn.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 128512 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.1.7601.17514_none_ebc99983d3d18578\dwmredir.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 665600 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\IMETIP.DLL
- 2012-04-06 01:30 . 2010-11-20 13:26 111616 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..ing-management-core_31bf3856ad364e35_6.1.7601.17514_none_895a2b74415ea575\DismCorePS.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 289792 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..ing-management-core_31bf3856ad364e35_6.1.7601.17514_none_895a2b74415ea575\DismCore.dll
- 2012-04-06 01:30 . 2010-11-20 13:24 301568 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\IMEPADSV.EXE
- 2012-04-06 01:30 . 2010-11-20 13:26 313344 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.17514_none_1573bf06bb8baa0c\IntlProvider.dll
- 2012-04-06 01:30 . 2010-11-20 13:25 762368 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..gement-winproviders_31bf3856ad364e35_6.1.7601.17514_none_1573bf06bb8baa0c\CbsProvider.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 162816 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..frastructure-server_31bf3856ad364e35_6.1.7601.17514_none_c6507604b2d0f333\dps.dll
- 2012-04-06 01:30 . 2010-11-20 13:27 681472 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7601.17514_none_fb3795fb0be32033\WUDFx.dll
- 2012-04-06 01:30 . 2010-11-20 10:43 172544 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7601.17514_none_fb3795fb0be32033\WUDFRd.sys
- 2012-04-06 01:30 . 2010-11-20 13:27 182784 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7601.17514_none_fb3795fb0be32033\WUDFPlatform.dll
- 2012-04-06 01:30 . 2010-11-20 10:42 112128 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7601.17514_none_fb3795fb0be32033\WUDFPf.sys
- 2012-04-06 01:30 . 2010-11-20 13:25 226816 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7601.17514_none_fb3795fb0be32033\WUDFHost.exe
- 2012-04-06 01:30 . 2010-11-20 13:24 141312 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_6.1.7601.17514_none_696354579779eadf\imjpuexc.exe
- 2012-04-06 01:30 . 2010-11-20 13:26 551936 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..-mmc-usersandgroups_31bf3856ad364e35_6.1.7601.17514_none_62031a1b9887a2a0\localsec.dll
- 2012-04-06 01:30 . 2010-11-20 13:24 406528 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..-japanese-utilities_31bf3856ad364e35_6.1.7601.17514_none_4b57445488ba33fd\IMJPDCT.EXE
- 2012-04-06 01:30 . 2010-11-20 13:25 177152 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
- 2012-04-06 01:30 . 2010-11-20 13:25 197120 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-credui_31bf3856ad364e35_6.1.7601.17514_none_395d5230a58cfe49\credui.dll
- 2012-04-06 01:30 . 2010-11-20 13:27 960512 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-cpfilters_31bf3856ad364e35_6.1.7601.17514_none_9590f6f7f4cdd9cb\CPFilters.dll
- 2012-04-06 01:30 . 2010-11-20 13:27 404480 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.1.7601.17514_none_d527b0a5438b8346\umpnpmgr.dll
- 2012-04-06 01:30 . 2010-11-20 13:25 207872 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.1.7601.17514_none_d527b0a5438b8346\cfgmgr32.dll
- 2012-04-06 01:30 . 2010-11-20 13:24 793088 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-convert_31bf3856ad364e35_6.1.7601.17514_none_fafb502abef1be40\autoconv.exe
- 2012-04-06 01:30 . 2010-11-20 13:24 337920 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17514_none_d281ccc018b94ff4\conhost.exe
- 2012-04-06 01:30 . 2010-11-20 13:27 165376 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-computer-name-ui_31bf3856ad364e35_6.1.7601.17514_none_6c2d2cfe0522b8a3\netid.dll
- 2012-04-06 01:30 . 2010-11-20 13:24 345088 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-commandprompt_31bf3856ad364e35_6.1.7601.17514_none_e932cc2c30fc13b0\cmd.exe
- 2012-04-06 01:30 . 2010-11-20 13:25 594432 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-comdlg32_31bf3856ad364e35_6.1.7601.17514_none_13d71710bc471de6\comdlg32.dll
- 2012-04-06 01:29 . 2010-11-20 13:27 512000 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
- 2012-04-06 01:29 . 2010-11-20 13:28 780008 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-codeintegrity_31bf3856ad364e35_6.1.7601.17514_none_fe9df6ad1b5f6e87\ci.dll
- 2012-04-06 01:29 . 2010-11-20 13:25 125952 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-cmiadapter_31bf3856ad364e35_6.1.7601.17514_none_1c3b3f6c27d2a999\cmiadapter.dll
- 2012-04-06 01:29 . 2010-11-20 13:27 334336 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-cmi_31bf3856ad364e35_6.1.7601.17514_none_07f44fb7712a68da\cmisetup.dll
- 2012-04-06 01:29 . 2010-11-20 13:27 303104 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-clipsinthelibrary_31bf3856ad364e35_6.1.7601.17514_none_9c24039fbeb72625\WMM2CLIP.dll
- 2012-04-06 01:29 . 2010-11-20 13:32 179072 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-classpnp_31bf3856ad364e35_6.1.7601.17514_none_73a9340ac2b15f83\Classpnp.sys
- 2012-04-06 01:29 . 2010-11-20 13:25 139264 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-cabview_31bf3856ad364e35_6.1.7601.17514_none_96285ba7f81e38a6\cabview.dll
- 2012-04-06 01:29 . 2010-11-20 13:25 460800 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.1.7601.17514_none_35a3baeb53471267\certcli.dll
- 2012-04-06 01:29 . 2010-11-20 13:27 229888 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-c..nt-xpsrasterservice_31bf3856ad364e35_6.1.7601.17514_none_78c3627042a0892a\XpsRasterService.dll
- 2012-04-06 01:29 . 2010-11-20 13:27 470016 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-c..ent-xpsgdiconverter_31bf3856ad364e35_6.1.7601.17514_none_71127af901f051ca\XpsGdiConverter.dll
- 2012-04-06 01:29 . 2010-11-20 13:27 372736 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-c..dtc-runtime-cluster_31bf3856ad364e35_6.1.7601.17514_none_f4ae54a1a351cc34\mtxclu.dll
- 2012-04-06 01:29 . 2010-11-20 13:24 899584 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-bubbles_31bf3856ad364e35_6.1.7601.17514_none_cca44baae0912bbe\Bubbles.scr
- 2012-04-06 01:29 . 2010-11-20 13:25 136192 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17514_none_d70f2c28b49dffae\browser.dll
- 2012-04-06 01:29 . 2010-11-20 13:27 849920 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
- 2012-04-06 01:29 . 2010-11-20 13:24 232448 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_6.1.7601.17514_none_ab379671230b963f\bitsadmin.exe
- 2012-04-06 01:29 . 2010-11-20 13:25 504320 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-biometrics-cpl_31bf3856ad364e35_6.1.7601.17514_none_0fb97f78b54ac9be\biocpl.dll
- 2012-04-06 01:29 . 2010-11-20 13:28 298104 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-bcrypt-primitives-dll_31bf3856ad364e35_6.1.7601.17514_none_70577ed42da9d71d\bcryptprimitives.dll
- 2012-04-06 01:29 . 2010-11-20 13:24 175616 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-bcdboot-cmdlinetool_31bf3856ad364e35_6.1.7601.17514_none_bf7bea0454c3f0cf\bcdboot.exe
- 2012-04-06 01:29 . 2010-11-20 13:25 749568 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-batmeter_31bf3856ad364e35_6.1.7601.17514_none_74921c8bdf36be8b\batmeter.dll
- 2012-04-06 01:29 . 2010-11-20 13:27 762368 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-backup-cpl_31bf3856ad364e35_6.1.7601.17514_none_0fa9f57005bdc2e1\sdcpl.dll
- 2012-04-06 01:29 . 2010-11-20 13:28 518672 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89\winresume.exe
- 2012-04-06 01:29 . 2010-11-20 13:28 605552 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89\winload.exe
- 2012-04-06 01:29 . 2010-11-20 13:25 168448 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-b..tiondata-com-server_31bf3856ad364e35_6.1.7601.17514_none_3dc961517b5bd485\bcdsrv.dll
- 2012-04-06 01:29 . 2010-11-20 13:24 346112 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-b..iondata-cmdlinetool_31bf3856ad364e35_6.1.7601.17514_none_e6510234bbcb2a8c\bcdedit.exe
- 2012-04-06 01:29 . 2010-11-20 13:28 518672 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a\winresume.exe
- 2012-04-06 01:29 . 2010-11-20 13:28 605552 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-b..environment-windows_31bf3856ad364e35_6.1.7601.17514_none_c75e9c99a36a285a\winload.exe
- 2012-04-06 01:29 . 2010-11-20 13:25 897536 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-azman_31bf3856ad364e35_6.1.7601.17514_none_b47d1ea4c958e6da\azroles.dll
- 2012-04-06 01:29 . 2010-11-20 13:25 114688 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-axinstallservice_31bf3856ad364e35_6.1.7601.17514_none_352b5454878cd498\AxInstSv.dll
- 2012-04-06 01:29 . 2010-11-20 13:25 155136 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-autoplay_31bf3856ad364e35_6.1.7601.17514_none_04c88123045c625c\autoplay.dll
- 2012-04-06 01:29 . 2010-11-20 13:24 763904 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-autofmt_31bf3856ad364e35_6.1.7601.17514_none_441a424cd5cda219\autofmt.exe
- 2012-04-06 01:29 . 2010-11-20 13:24 777728 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
- 2012-04-06 01:29 . 2010-11-20 13:25 472064 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-authorizationmanagerui_31bf3856ad364e35_6.1.7601.17514_none_7ffffc0c16450377\azroleui.dll
- 2012-04-06 01:29 . 2010-11-20 13:27 225280 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_6.1.7601.17514_none_244e76d61e1989e5\SndVolSSO.dll
- 2012-04-06 01:29 . 2010-11-20 13:25 273920 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_6.1.7601.17514_none_244e76d61e1989e5\SndVol.exe
- 2012-04-06 01:29 . 2010-11-20 13:25 679424 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7601.17514_none_d4c5c995fb3f4a1b\audiosrv.dll
- 2012-04-06 01:29 . 2010-11-20 13:25 296448 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7601.17514_none_d4c5c995fb3f4a1b\AudioSes.dll
- 2012-04-06 01:29 . 2010-11-20 13:24 126464 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7601.17514_none_d4c5c995fb3f4a1b\audiodg.exe
- 2012-04-06 01:29 . 2010-11-20 13:25 958464 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-activexproxy_31bf3856ad364e35_6.1.7601.17514_none_703438df00e9e0d7\actxprxy.dll
- 2012-04-06 01:29 . 2010-11-20 13:25 412160 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-a..rience-program-data_31bf3856ad364e35_6.1.7601.17514_none_cf8e57a399a81456\aepdu.dll
- 2012-04-06 01:29 . 2010-11-20 12:51 424448 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-a..rience-program-data_31bf3856ad364e35_6.1.7601.17514_none_cf8e57a399a81456\aeinv.dll
- 2012-04-06 01:29 . 2010-11-20 13:24 217088 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-a..o-mmecore-wdm-audio_31bf3856ad364e35_6.1.7601.17514_none_a8745195fc51aa48\wdmaud.drv
- 2012-04-06 01:29 . 2010-11-20 13:24 122880 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574c7d41010b\aitagent.exe
- 2012-04-06 01:29 . 2010-11-20 13:25 294912 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-a..ime-upgrade-results_31bf3856ad364e35_6.1.7601.17514_none_21de7e134213566a\WindowsAnytimeUpgradeResults.exe
- 2012-04-06 01:29 . 2010-11-20 13:25 350208 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.1.7601.17514_none_6a4c3ec108e85b6a\AcLayers.dll
- 2012-04-06 01:29 . 2010-11-20 13:25 342016 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.1.7601.17514_none_3337092d63596104\apphelp.dll
- 2012-04-06 01:29 . 2010-11-20 13:27 189952 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.1.7601.17514_none_a030aa28d92cdba3\SmartcardCredentialProvider.dll
- 2012-04-06 01:29 . 2010-11-20 13:44 133120 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mcx2dvcs_31bf3856ad364e35_6.1.7601.17514_none_ad345321d7fe965e\Mcx2Dvcs.dll
- 2012-04-06 01:29 . 2010-11-20 13:44 198656 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mcupdate_31bf3856ad364e35_6.1.7601.17514_none_26c2d72ec26de8d9\mcupdate.exe
- 2012-04-06 01:29 . 2010-11-20 13:44 139264 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_mcstoredb_31bf3856ad364e35_6.1.7601.17514_none_aaca59b1f8f20129\mcstoredb.dll
- 2012-04-06 01:29 . 2010-11-20 13:33 184704 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\pci.sys
- 2012-04-06 01:28 . 2010-11-20 13:33 273792 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_iscsi.inf_31bf3856ad364e35_6.1.7601.17514_none_9ae9cb230a463c6f\msiscsi.sys
- 2012-04-06 01:28 . 2010-11-05 01:52 856400 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_infocard_b77a5c561934e089_6.1.7601.17514_none_583a8c60c0b305a1\infocard.exe
- 2012-04-06 01:28 . 2010-11-20 13:33 410496 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
- 2012-04-06 01:28 . 2010-11-20 10:44 350208 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_hdaudio.inf_31bf3856ad364e35_6.1.7601.17514_none_73863b3e7e0f937c\HdAudio.sys
- 2012-04-06 01:28 . 2010-11-20 10:43 122368 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_hdaudbus.inf_31bf3856ad364e35_6.1.7601.17514_none_d54798509d26ab2a\hdaudbus.sys
- 2012-04-06 01:28 . 2010-11-20 13:44 139264 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_ehome-mcstoredb_31bf3856ad364e35_6.1.7601.17514_none_e0c92ff471b6c7a2\mcstoredb.dll
- 2012-04-06 01:28 . 2010-11-20 13:39 249344 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_ehome-bdatunepia_31bf3856ad364e35_6.1.7601.17514_none_4bcd40fd63f3f7b4\BDATunePIA.dll
- 2012-04-06 01:28 . 2010-11-20 13:26 701440 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_ds-ui-ext_31bf3856ad364e35_6.1.7601.17514_none_ce73310d1634318a\dsuiext.dll
- 2012-04-06 01:28 . 2010-11-20 13:27 340992 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_desktop_shell-search-srchadmin_31bf3856ad364e35_7.0.7601.17514_none_a9f0ab75af7a5b5c\srchadmin.dll
- 2012-04-06 01:28 . 2010-11-20 13:27 898560 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_desktop_shell-gettingstarted_31bf3856ad364e35_6.1.7601.17514_none_5d1e01379f4d67ed\OobeFldr.dll
- 2012-04-06 01:28 . 2010-11-20 09:19 147456 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
- 2012-04-06 01:28 . 2010-11-05 01:56 102400 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_caspol_b03f5f7f11d50a3a_6.1.7601.17514_none_f885d1129806720d\CasPol.exe
- 2012-04-06 01:28 . 2010-11-20 13:24 229376 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_bth.inf_31bf3856ad364e35_6.1.7601.17514_none_d06ac9aad230c1d6\fsquirt.exe
- 2012-04-06 01:28 . 2010-11-20 10:44 552448 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_bth.inf_31bf3856ad364e35_6.1.7601.17514_none_d06ac9aad230c1d6\bthport.sys
- 2012-04-06 01:28 . 2010-11-20 13:39 249344 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_bdatunepia_31bf3856ad364e35_6.1.7601.17514_none_c81348afa0c88995\BDATunePIA.dll
- 2012-04-06 01:28 . 2010-11-20 13:32 107904 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_amdsata.inf_31bf3856ad364e35_6.1.7601.17514_none_aa92dcaf988a9119\amdsata.sys
- 2012-04-06 01:28 . 2010-11-20 13:32 334208 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_acpi.inf_31bf3856ad364e35_6.1.7601.17514_none_80aec972e4a75989\acpi.sys
- 2012-04-06 01:28 . 2010-11-20 10:44 229888 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_1394.inf_31bf3856ad364e35_6.1.7601.17514_none_59555c0e1c877c53\1394ohci.sys
+ 2009-07-14 05:01 . 2012-04-07 00:07 284796 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-06 04:52 284796 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-06 19:22 . 2012-04-06 19:22 1126912 c:\windows\SysWOW64\wininet.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 1102336 c:\windows\SysWOW64\urlmon.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 1797632 c:\windows\SysWOW64\jscript9.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 1785344 c:\windows\SysWOW64\iertutil.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 9702400 c:\windows\SysWOW64\ieframe.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 3695416 c:\windows\SysWOW64\ieapfltr.dat
+ 2009-07-14 04:54 . 2012-04-07 00:08 3342336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-04-06 19:22 . 2012-04-06 19:22 1389056 c:\windows\system32\wininet.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 1344000 c:\windows\system32\urlmon.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 2303488 c:\windows\system32\jscript9.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 2136064 c:\windows\system32\iertutil.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 3695416 c:\windows\system32\ieapfltr.dat
- 2012-04-06 01:31 . 2010-11-20 13:27 1852928 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-gpupipeline_31bf3856ad364e35_6.1.7601.17514_none_5a5226e685faba67\Pipeline.dll
- 2012-04-06 01:31 . 2010-11-20 13:26 2746880 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-gameexplorer_31bf3856ad364e35_6.1.7601.17514_none_a026547dd7dc8bbc\gameux.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 1866240 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-explorerframe_31bf3856ad364e35_6.1.7601.17514_none_20a30ed28a70711b\ExplorerFrame.dll
- 2012-04-06 01:30 . 2010-11-20 13:24 2872320 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
- 2012-04-06 01:30 . 2010-11-20 13:27 1646080 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-eventlog_31bf3856ad364e35_6.1.7601.17514_none_3aea61892978b9c5\wevtsvc.dll
- 2012-04-06 01:30 . 2010-11-20 13:27 1281024 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-errorreportingconsole_31bf3856ad364e35_6.1.7601.17514_none_b43336e6398511dc\werconcpl.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 1668608 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-ehome-ehuihlp_31bf3856ad364e35_6.1.7601.17514_none_9a3113f141dd0119\ehuihlp.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 1195520 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-ehome-ehui_31bf3856ad364e35_6.1.7601.17514_none_2cea21bae0074c77\ehui.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 2565632 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.1.7601.17514_none_500a4c5042ab494a\esent.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 2613248 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-e..-devices-mcx2filter_31bf3856ad364e35_6.1.7601.17514_none_9434f03c300b9c9a\Mcx2Filter.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 1457664 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-dxptasks-sync_31bf3856ad364e35_6.1.7601.17514_none_ecd0036bc4402d67\DxpTaskSync.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 1066496 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-display_31bf3856ad364e35_6.1.7601.17514_none_b66e6297f95421b9\Display.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 1838080 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-directx-warp10_31bf3856ad364e35_6.1.7601.17514_none_4889a9536d4be8c2\d3d10warp.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 2067456 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_207372147765c03a\d3d9.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 1544192 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.17514_none_30c37491160e99f5\DWrite.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 1137664 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-directwrite-fontcache_31bf3856ad364e35_6.1.7601.17514_none_62d013bb27eebf5d\FntCache.dll
- 2012-04-06 01:30 . 2010-11-20 13:27 1572352 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-directshow-core_31bf3856ad364e35_6.1.7601.17514_none_04963d500485b5cd\quartz.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 1202176 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-diagcpl_31bf3856ad364e35_6.1.7601.17514_none_38e0b39aee9579c3\DiagCpl.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 1632256 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..opwindowmanager-api_31bf3856ad364e35_6.1.7601.17514_none_3e34e9fc569ce535\dwmcore.dll
- 2012-04-06 01:30 . 2010-11-20 13:26 1242112 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-d..e-coretipjpnprofile_31bf3856ad364e35_6.1.7601.17514_none_40000a14149c4d20\IMJPTIP.DLL
- 2012-04-06 01:30 . 2010-11-20 13:25 1065984 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-cryptui-dll_31bf3856ad364e35_6.1.7601.17514_none_e41460cdaec2dd58\cryptui.dll
- 2012-04-06 01:30 . 2010-11-20 13:25 1456128 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.1.7601.17514_none_b995c74af473511b\crypt32.dll
- 2012-04-06 01:30 . 2010-11-20 13:27 1911808 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-component-opcom_31bf3856ad364e35_6.1.7601.17514_none_015d0742c9308ce9\OpcServices.dll
- 2012-04-06 01:29 . 2010-11-20 13:27 1509888 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-com-dtc-runtime-tm_31bf3856ad364e35_6.1.7601.17514_none_f7be9391315f6cc3\msdtctm.dll
- 2012-04-06 01:29 . 2010-11-20 13:27 2086912 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_0a43accb08f0eac5\ole32.dll
- 2012-04-06 01:29 . 2010-11-20 13:25 1133568 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-cdosys_31bf3856ad364e35_6.1.7601.17514_none_7c6c058f3c03e7a2\cdosys.dll
- 2012-04-06 01:29 . 2010-11-20 13:27 3008000 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-c..t-xpsomandstreaming_31bf3856ad364e35_6.1.7601.17514_none_0d3e7fe8fbc0cf07\xpsservices.dll
- 2012-04-06 01:29 . 2010-11-20 13:26 1340416 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-c..rformance-xperfcore_31bf3856ad364e35_6.1.7601.17514_none_353779038537f286\diagperf.dll
- 2012-04-06 01:29 . 2010-11-20 13:27 2055680 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-c..ent-indexing-common_31bf3856ad364e35_6.1.7601.17514_none_64da1339edafdc37\Query.dll
- 2012-04-06 01:29 . 2010-11-20 13:25 1796096 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-c..atemanagersnapindll_31bf3856ad364e35_6.1.7601.17514_none_b3468cdac22c0118\certmgr.dll
- 2012-04-06 01:29 . 2010-11-20 13:32 2217856 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-bootres_31bf3856ad364e35_6.1.7601.17514_none_9d42c69298905ee5\bootres.dll
- 2012-04-06 01:29 . 2010-11-20 13:25 1504256 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-blb-engine-main_31bf3856ad364e35_6.1.7601.17514_none_4207fb67165f731a\wbengine.exe
- 2012-04-06 01:29 . 2010-11-20 09:19 1474560 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-b..ironment-dvd-efisys_31bf3856ad364e35_6.1.7601.17514_none_c0c6eceaf97c4827\efisys.bin
- 2012-04-06 01:29 . 2010-11-20 13:25 1927680 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-authentication-authui_31bf3856ad364e35_6.1.7601.17514_none_6a1982860c076c38\authui.dll
- 2012-04-06 01:29 . 2010-11-20 13:25 3745792 c:\windows\SoftwareDistribution\Download\a88203c5831df77ae060d14f2bd14310\amd64_microsoft-windows-accessibilitycpl_31bf3856ad364e35_6.1.7601.17514_none_b783c6426a7b1abc\accessibilitycpl.dll
+ 2009-07-14 04:45 . 2012-04-06 19:29 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-04-04 09:50 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-04-29 18:24 . 2012-04-07 00:07 1088316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-448985409-2584287539-1750592253-1000-8192.dat
- 2010-04-29 18:24 . 2012-04-04 02:33 1088316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-448985409-2584287539-1750592253-1000-8192.dat
+ 2012-04-06 19:22 . 2012-04-06 19:22 12268544 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2012-04-06 23:40 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-04-06 19:22 . 2012-04-06 19:22 17773056 c:\windows\system32\mshtml.dll
+ 2012-04-06 19:22 . 2012-04-06 19:22 10884096 c:\windows\system32\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-05 98304]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1486392]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RCA Detective.lnk - c:\users\user\Documents\RCA Detective\RCADetective.exe [2010-2-2 942592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2011-6-30 2588784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 cfwids98;McAfee Inc.;Device\cfwids98.sys [x]
R3 cfwids99;McAfee Inc.;Device\cfwids99.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2009-08-24 107016]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2012-01-13 103440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-07 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-02-18 22:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-06 7940128]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27360110b205l0374z1k5t4722a20p
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-448985409-2584287539-1750592253-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-448985409-2584287539-1750592253-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atibtmon.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\\.\globalroot\systemroot\svchost.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
.
**************************************************************************
.
Completion time: 2012-04-06 19:23:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-07 00:23
ComboFix2.txt 2012-04-06 05:55
.
Pre-Run: 32,919,138,304 bytes free
Post-Run: 32,536,580,096 bytes free
.
- - End Of File - - 1356D3C9382DDA0F4BEF123665047686

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:17 AM

Posted 06 April 2012 - 08:51 PM

Greetings

Looks like you were reinfected with something else


tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users