Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Happili Google Redirect malware


  • This topic is locked This topic is locked
19 replies to this topic

#1 aaronak

aaronak

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 08 April 2012 - 11:01 AM

My computer is infected with malware which I think is a rootkit. When I do a Google search, the first result I click on is always redirected to Happili.com. If I go back and try again, the link goes through. This behavior started about a week or so ago. Symantec Antivirus and Windows Defender failed to catch the problem.

Here are the logs from DDS. I tried running GMER, but after executing for over 12 hours, my computer crashed to blue screen. By the way, MPK.exe is a personal-use keylogger (REFOG Keylogger) which I installed myself, have been running for about two years, and trust. Anti-virus programs often alert me to it, so I thought I would explain it to you as well.

Thank you in advance!


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Aaron Segal at 11:43:52 on 2012-04-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.1987 [GMT -4:00]
.
AV: SymantecAntiVirus *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: SymantecAntiVirus *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\System32\rpcnet.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\MPK\mpk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\mpk\mpk.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [eusmfmdk] c:\users\aaron segal\appdata\local\onqtgkegt\edjgqtptssd.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ogerf] rundll32.exe "c:\users\aarons~1\appdata\local\temp\ogerf.dll",WriteFileStamp
uRun: [nmapms] rundll32.exe "c:\users\aarons~1\appdata\local\temp\nmapms.dll",GetMCCustomSetName
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [<NO NAME>]
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Absolute Notifier] "c:\program files\absolute software\absolute notifier\AbsoluteNotifier.exe"
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\aarons~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\sonicc~1.lnk - c:\users\aaron segal\documents\SonicClock.py
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{69CC5DFC-75AA-4D76-B330-6680F4CAD98D} : DhcpNameServer = 192.168.11.1
TCP: Interfaces\{69CC5DFC-75AA-4D76-B330-6680F4CAD98D}\2456C6B696E6F574F505C65737F5D494D4F4F5030313345393 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{69CC5DFC-75AA-4D76-B330-6680F4CAD98D}\94E44554C4C494E45445 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{69CC5DFC-75AA-4D76-B330-6680F4CAD98D}\9516C656750514 : DhcpNameServer = 130.132.1.9 130.132.1.10 130.132.1.11
TCP: Interfaces\{69CC5DFC-75AA-4D76-B330-6680F4CAD98D}\9716C6560277962756C6563737 : DhcpNameServer = 130.132.1.9 130.132.1.10 130.132.1.11
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\aaron segal\appdata\roaming\mozilla\firefox\profiles\8ookxj8s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\aaron segal\appdata\roaming\facebook\npfbplugin_1_0_1.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AbsoluteNotifier;Absolute Notifier;c:\program files\absolute software\absolute notifier\AbsoluteNotifierService.exe [2011-5-10 10920]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-10-24 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-21 2218600]
R2 SavRoam;SavRoam;c:\program files\symantec antivirus\SavRoam.exe [2009-9-16 121744]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-4-7 378472]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2009-9-16 1961768]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-30 24652]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-9-24 232512]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-4-4 106104]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9e166f7f89f27;Google Update Service (gupdate1c9e166f7f89f27);c:\program files\google\update\GoogleUpdate.exe [2009-5-30 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-10-22 9728]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-10-22 3072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-30 133104]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-30 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-15 1361288]
S4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2009-5-26 209408]
.
=============== File Associations ===============
.
.txt=Notepad++_file
.
=============== Created Last 30 ================
.
2012-04-07 03:18:26 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cf96ffe7-b13a-421b-8251-5f06ffc9ea20}\offreg.dll
2012-04-07 03:07:35 -------- d-sh--w- C:\found.002
2012-04-06 06:48:55 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cf96ffe7-b13a-421b-8251-5f06ffc9ea20}\mpengine.dll
2012-04-03 14:36:29 -------- d-----w- c:\program files\iPod
2012-04-03 14:36:28 -------- d-----w- c:\program files\iTunes
2012-03-30 15:32:20 -------- d-----w- c:\users\aaron segal\appdata\local\{834DA18B-7A7D-11E1-826D-B8AC6F996F26}
2012-03-27 04:21:55 -------- d-----w- c:\users\aaron segal\appdata\roaming\enchant
2012-03-18 02:13:39 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 02:13:39 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-14 01:15:46 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 01:15:46 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 23:35:40 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:35:19 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:34:30 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 23:34:30 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 23:34:29 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 23:34:27 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 23:34:27 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 23:34:27 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-04-08 02:32:26 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-04-07 19:35:09 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-04-07 03:09:32 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2012-02-29 16:30:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 13:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 15:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 15:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-01-31 08:05:49 13160 ----a-w- c:\windows\system32\Upgrd.exe
2012-01-31 08:05:45 58288 ------w- c:\windows\system32\rpcnet.exe
.
============= FINISH: 11:44:20.38 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:40 PM

Posted 09 April 2012 - 01:13 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 aaronak

aaronak
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 09 April 2012 - 02:06 AM

Thanks for your quick response! I ran ComboFix. Everything went smoothly. Only one restart. I don't see the Google redirect happening anymore after several test searches, although I don't know if it will come back. Here is the log:

ComboFix 12-04-08.02 - Aaron Segal 04/09/2012 2:22.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.2498 [GMT -4:00]
Running from: c:\users\Aaron Segal\Desktop\ComboFix.exe
AV: SymantecAntiVirus *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: SymantecAntiVirus *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\MPK
c:\programdata\MPK\1\D0000
c:\programdata\MPK\1\I40987_9763829051
c:\programdata\MPK\1\I40987_9781930903
c:\programdata\MPK\1\I40987_9782896528
c:\programdata\MPK\1\I40988_0349659144
c:\programdata\MPK\1\I40988_5364760880
c:\programdata\MPK\1\I40989_6215793750
c:\programdata\MPK\1\I40991_8766507986
c:\programdata\MPK\1\I40991_9299861574
c:\programdata\MPK\1\I40991_9321386574
c:\programdata\MPK\1\I40991_9336933333
c:\programdata\MPK\1\I40991_9392874769
c:\programdata\MPK\1\I40991_9507801157
c:\programdata\MPK\1\I40991_9529832755
c:\programdata\MPK\1\I40991_9530716898
c:\programdata\MPK\1\I40991_9570325463
c:\programdata\MPK\1\I40991_9715093866
c:\programdata\MPK\1\I40991_9753951620
c:\programdata\MPK\1\I40991_9878615162
c:\programdata\MPK\1\I40991_9892617824
c:\programdata\MPK\1\I40991_9892692245
c:\programdata\MPK\1\I40991_9903196181
c:\programdata\MPK\1\I40991_9904702315
c:\programdata\MPK\1\I40991_9906223148
c:\programdata\MPK\1\I40991_9975641782
c:\programdata\MPK\1\I40991_9976612500
c:\programdata\MPK\1\I40991_9981513542
c:\programdata\MPK\1\I40991_9982664005
c:\programdata\MPK\1\I40992_0017583796
c:\programdata\MPK\1\I40992_0034401620
c:\programdata\MPK\1\I40992_0296095602
c:\programdata\MPK\1\I40992_0526215972
c:\programdata\MPK\1\I40992_0558416782
c:\programdata\MPK\1\I40992_0568322338
c:\programdata\MPK\1\I40992_0599542708
c:\programdata\MPK\1\I40992_0616206944
c:\programdata\MPK\1\I40992_0818963426
c:\programdata\MPK\1\I40992_0827599074
c:\programdata\MPK\1\I40992_7778114352
c:\programdata\MPK\1\I40992_7778196412
c:\programdata\MPK\1\I40996_5978597569
c:\programdata\MPK\1\I40996_5978780787
c:\programdata\MPK\1\I41000_4918600579
c:\programdata\MPK\1\I41000_6787881366
c:\programdata\MPK\1\I41000_6788781713
c:\programdata\MPK\1\I41002_9884498148
c:\programdata\MPK\1\I41003_0187103704
c:\programdata\MPK\1\I41003_9043331366
c:\programdata\MPK\1\I41004_7044657060
c:\programdata\MPK\1\S0000
c:\programdata\MPK\2\D0000
c:\programdata\MPK\2\S0000
c:\programdata\MPK\CPDM\cpfm.bin
c:\programdata\MPK\M0000
c:\programdata\MPK\MalformedDB\D0000._40803.5570708912_1
c:\programdata\MPK\REFOG Free Keylogger\ REFOG Free Keylogger on the Web.lnk
c:\programdata\MPK\REFOG Free Keylogger\Get discount!.lnk
c:\programdata\MPK\REFOG Free Keylogger\Order now!.lnk
c:\programdata\MPK\REFOG Free Keylogger\REFOG Free Keylogger.lnk
c:\programdata\MPK\S0000
c:\users\Aaron Segal\AppData\Local\Temp\nmapms.dll
c:\users\Aaron Segal\AppData\Local\Temp\ogerf.dll
c:\users\Aaron Segal\AppData\Local\unzip.exe
c:\users\Aaron Segal\AppData\Roaming\Install.dat
c:\users\Aaron Segal\Documents\~WRL0003.tmp
c:\users\Aaron Segal\Documents\~WRL0005.tmp
c:\users\Aaron Segal\Documents\~WRL0525.tmp
c:\users\Aaron Segal\Documents\~WRL0564.tmp
c:\users\Aaron Segal\Documents\~WRL2415.tmp
c:\users\Aaron Segal\Documents\~WRL2783.tmp
c:\users\Aaron Segal\Documents\~WRL3098.tmp
c:\users\Aaron Segal\Documents\~WRL3236.tmp
c:\users\AARONS~1\AppData\Local\Temp\nmapms.dll
c:\users\AARONS~1\AppData\Local\Temp\ogerf.dll
c:\windows\system32\DCBFFF15F7.dll
c:\windows\system32\images
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 06:38 . 2012-04-09 06:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-09 06:38 . 2012-04-09 06:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-07 03:18 . 2012-04-08 09:52 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF96FFE7-B13A-421B-8251-5F06FFC9EA20}\offreg.dll
2012-04-07 03:07 . 2012-04-07 03:07 -------- d-----w- C:\found.002
2012-04-06 06:48 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF96FFE7-B13A-421B-8251-5F06FFC9EA20}\mpengine.dll
2012-04-03 14:36 . 2012-04-03 14:36 -------- d-----w- c:\program files\iPod
2012-04-03 14:36 . 2012-04-03 14:38 -------- d-----w- c:\program files\iTunes
2012-03-30 15:32 . 2012-03-30 15:32 -------- d-----w- c:\users\Aaron Segal\AppData\Local\{834DA18B-7A7D-11E1-826D-B8AC6F996F26}
2012-03-27 04:21 . 2012-03-27 04:21 -------- d-----w- c:\users\Aaron Segal\AppData\Roaming\enchant
2012-03-18 02:13 . 2012-03-18 02:13 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 02:13 . 2012-03-18 02:13 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-14 01:15 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 01:15 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 23:35 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:35 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:34 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 23:34 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 23:34 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 23:34 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 23:34 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 23:34 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-09 06:40 . 2009-10-24 21:55 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-04-09 06:40 . 2009-05-30 18:09 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-04-07 03:09 . 2009-10-24 21:55 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2012-02-29 16:30 . 2011-06-02 01:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 13:18 . 2009-10-03 01:51 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 15:01 . 2012-02-15 15:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-01-31 08:05 . 2010-04-13 04:59 13160 ----a-w- c:\windows\system32\Upgrd.exe
2012-01-31 08:05 . 2009-05-30 18:09 58288 ------w- c:\windows\system32\rpcnet.exe
2012-03-18 02:13 . 2011-05-07 05:17 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-30 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-18 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-04 198160]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-05-04 115560]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2009-09-16 136080]
"Absolute Notifier"="c:\program files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2011-05-10 85672]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-08 293992]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Aaron Segal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SonicClock 2009 by CSM.lnk - c:\users\Aaron Segal\Documents\SonicClock.py [2009-6-15 2395]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-05-26 03:50 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 04:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9e166f7f89f27;Google Update Service (gupdate1c9e166f7f89f27);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 133104]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-04-22 9728]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-04-22 3072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 133104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-26 1343400]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 1361288]
R4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-27 721904]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2011-05-10 10920]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2009-09-16 121744]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 ALSysIO;ALSysIO;c:\users\AARONS~1\AppData\Local\Temp\ALSysIO.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-24 232512]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-13 106104]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-30 20:51]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 20:40]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 20:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 192.168.11.1
FF - ProfilePath - c:\users\Aaron Segal\AppData\Roaming\Mozilla\Firefox\Profiles\8ookxj8s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
.
------- File Associations -------
.
.txt=Notepad++_file
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-eusmfmdk - c:\users\Aaron Segal\AppData\Local\onqtgkegt\edjgqtptssd.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4082460731-2849229238-2951310151-1000\Software\SecuROM\License information*]
"datasecu"=hex:f3,b0,ba,28,eb,e4,cc,53,65,6a,63,5b,7a,c8,8c,86,ea,47,5c,61,b5,
37,bb,e7,ca,7f,8a,8f,53,ab,12,80,d8,fc,11,1c,f6,40,ac,5a,8a,9a,fe,9f,ae,2e,\
"rkeysecu"=hex:2f,9d,b2,88,3b,31,0f,68,ef,52,35,9c,a4,84,e6,eb
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(636)
c:\windows\system32\psqlpwd.DLL
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
- - - - - - - > 'Explorer.exe'(5044)
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\nvshext.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Fingerprint Reader Suite\upeksvr.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\System32\rpcnet.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\STacSV.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
c:\program files\Core Temp\Core Temp.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-04-09 02:52:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-09 06:52
.
Pre-Run: 5,909,905,408 bytes free
Post-Run: 10,466,635,776 bytes free
.
- - End Of File - - 578AB625BD9C1BC441FA2BC7EBBC3844

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:40 PM

Posted 09 April 2012 - 02:14 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 aaronak

aaronak
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 10 April 2012 - 09:09 AM

Hello,

I ran TDSSKiller and aswMBR. Unfortunately, the redirects to Happili have started occurring again, so whatever the problem is, is still there. In fact, now I am also getting redirects to Infomash as well. Here are the logs:

TDSSKiller:
03:18:06.0038 8152 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
03:18:06.0287 8152 ============================================================
03:18:06.0287 8152 Current date / time: 2012/04/09 03:18:06.0287
03:18:06.0287 8152 SystemInfo:
03:18:06.0287 8152
03:18:06.0287 8152 OS Version: 6.1.7601 ServicePack: 1.0
03:18:06.0287 8152 Product type: Workstation
03:18:06.0287 8152 ComputerName: PENELOPE
03:18:06.0287 8152 UserName: Aaron Segal
03:18:06.0287 8152 Windows directory: C:\Windows
03:18:06.0287 8152 System windows directory: C:\Windows
03:18:06.0287 8152 Processor architecture: Intel x86
03:18:06.0287 8152 Number of processors: 2
03:18:06.0287 8152 Page size: 0x1000
03:18:06.0287 8152 Boot type: Normal boot
03:18:06.0287 8152 ============================================================
03:18:06.0833 8152 Drive \Device\Harddisk0\DR0 - Size: 0x3B9F0AC000 (238.49 Gb), SectorSize: 0x200, Cylinders: 0x799C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
03:18:06.0849 8152 \Device\Harddisk0\DR0:
03:18:06.0849 8152 MBR used
03:18:06.0849 8152 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x1E00000
03:18:06.0849 8152 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E33000, BlocksNum 0x18CC47E0
03:18:06.0849 8152 Initialize success
03:18:06.0849 8152 ============================================================
03:18:09.0641 7804 ============================================================
03:18:09.0641 7804 Scan started
03:18:09.0641 7804 Mode: Manual;
03:18:09.0641 7804 ============================================================
03:18:09.0891 7804 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
03:18:09.0891 7804 1394ohci - ok
03:18:09.0891 7804 AbsoluteNotifier (28d79aaa4e1c15577a86f930e8da5e50) C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
03:18:09.0891 7804 AbsoluteNotifier - ok
03:18:09.0907 7804 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
03:18:09.0907 7804 ACPI - ok
03:18:09.0922 7804 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
03:18:09.0922 7804 AcpiPmi - ok
03:18:09.0938 7804 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
03:18:09.0938 7804 AdobeARMservice - ok
03:18:09.0953 7804 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
03:18:09.0953 7804 adp94xx - ok
03:18:09.0969 7804 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
03:18:09.0969 7804 adpahci - ok
03:18:09.0985 7804 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
03:18:09.0985 7804 adpu320 - ok
03:18:10.0000 7804 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
03:18:10.0000 7804 AeLookupSvc - ok
03:18:10.0016 7804 AESTFilters (ef1142512bec12f1c2c87735da1755be) C:\Windows\system32\aestsrv.exe
03:18:10.0016 7804 AESTFilters - ok
03:18:10.0031 7804 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
03:18:10.0031 7804 AFD - ok
03:18:10.0047 7804 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
03:18:10.0047 7804 agp440 - ok
03:18:10.0063 7804 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
03:18:10.0063 7804 aic78xx - ok
03:18:10.0078 7804 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
03:18:10.0078 7804 ALG - ok
03:18:10.0078 7804 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
03:18:10.0078 7804 aliide - ok
03:18:10.0094 7804 ALSysIO - ok
03:18:10.0109 7804 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
03:18:10.0109 7804 amdagp - ok
03:18:10.0109 7804 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
03:18:10.0109 7804 amdide - ok
03:18:10.0125 7804 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
03:18:10.0125 7804 AmdK8 - ok
03:18:10.0141 7804 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
03:18:10.0141 7804 AmdPPM - ok
03:18:10.0156 7804 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
03:18:10.0156 7804 amdsata - ok
03:18:10.0172 7804 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
03:18:10.0172 7804 amdsbs - ok
03:18:10.0187 7804 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
03:18:10.0187 7804 amdxata - ok
03:18:10.0187 7804 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
03:18:10.0203 7804 ApfiltrService - ok
03:18:10.0203 7804 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
03:18:10.0203 7804 AppID - ok
03:18:10.0219 7804 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
03:18:10.0219 7804 AppIDSvc - ok
03:18:10.0234 7804 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
03:18:10.0234 7804 Appinfo - ok
03:18:10.0234 7804 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
03:18:10.0234 7804 Apple Mobile Device - ok
03:18:10.0265 7804 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
03:18:10.0265 7804 arc - ok
03:18:10.0281 7804 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
03:18:10.0281 7804 arcsas - ok
03:18:10.0297 7804 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
03:18:10.0297 7804 AsyncMac - ok
03:18:10.0312 7804 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
03:18:10.0312 7804 atapi - ok
03:18:10.0328 7804 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
03:18:10.0328 7804 AudioEndpointBuilder - ok
03:18:10.0343 7804 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
03:18:10.0343 7804 Audiosrv - ok
03:18:10.0359 7804 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
03:18:10.0359 7804 AxInstSV - ok
03:18:10.0375 7804 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
03:18:10.0375 7804 b06bdrv - ok
03:18:10.0390 7804 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
03:18:10.0390 7804 b57nd60x - ok
03:18:10.0406 7804 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
03:18:10.0406 7804 BCM42RLY - ok
03:18:10.0437 7804 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys
03:18:10.0437 7804 BCM43XX - ok
03:18:10.0453 7804 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
03:18:10.0453 7804 BDESVC - ok
03:18:10.0468 7804 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
03:18:10.0468 7804 Beep - ok
03:18:10.0484 7804 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
03:18:10.0484 7804 BFE - ok
03:18:10.0499 7804 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
03:18:10.0515 7804 BITS - ok
03:18:10.0515 7804 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
03:18:10.0515 7804 blbdrive - ok
03:18:10.0531 7804 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
03:18:10.0531 7804 Bonjour Service - ok
03:18:10.0546 7804 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
03:18:10.0546 7804 bowser - ok
03:18:10.0562 7804 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
03:18:10.0562 7804 BrFiltLo - ok
03:18:10.0562 7804 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
03:18:10.0577 7804 BrFiltUp - ok
03:18:10.0593 7804 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
03:18:10.0593 7804 BridgeMP - ok
03:18:10.0609 7804 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
03:18:10.0609 7804 Browser - ok
03:18:10.0624 7804 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
03:18:10.0624 7804 Brserid - ok
03:18:10.0640 7804 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
03:18:10.0640 7804 BrSerWdm - ok
03:18:10.0655 7804 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
03:18:10.0655 7804 BrUsbMdm - ok
03:18:10.0655 7804 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
03:18:10.0671 7804 BrUsbSer - ok
03:18:10.0671 7804 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
03:18:10.0671 7804 BTHMODEM - ok
03:18:10.0687 7804 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
03:18:10.0687 7804 bthserv - ok
03:18:10.0702 7804 catchme - ok
03:18:10.0702 7804 ccEvtMgr (975b74eea1c5e88ac974c50ccc158e30) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
03:18:10.0702 7804 ccEvtMgr - ok
03:18:10.0718 7804 ccSetMgr (975b74eea1c5e88ac974c50ccc158e30) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
03:18:10.0718 7804 ccSetMgr - ok
03:18:10.0718 7804 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
03:18:10.0718 7804 cdfs - ok
03:18:10.0733 7804 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
03:18:10.0733 7804 cdrom - ok
03:18:10.0749 7804 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
03:18:10.0749 7804 CertPropSvc - ok
03:18:10.0765 7804 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
03:18:10.0765 7804 circlass - ok
03:18:10.0780 7804 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
03:18:10.0780 7804 CLFS - ok
03:18:10.0780 7804 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:18:10.0796 7804 clr_optimization_v2.0.50727_32 - ok
03:18:10.0796 7804 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:18:10.0796 7804 clr_optimization_v4.0.30319_32 - ok
03:18:10.0811 7804 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
03:18:10.0811 7804 CmBatt - ok
03:18:10.0827 7804 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
03:18:10.0827 7804 cmdide - ok
03:18:10.0843 7804 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
03:18:10.0843 7804 CNG - ok
03:18:10.0858 7804 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
03:18:10.0858 7804 Compbatt - ok
03:18:10.0858 7804 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
03:18:10.0874 7804 CompositeBus - ok
03:18:10.0874 7804 COMSysApp - ok
03:18:10.0889 7804 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
03:18:10.0889 7804 crcdisk - ok
03:18:10.0889 7804 Creative Labs Licensing Service (0c629820aad9c90e456b221c94d640ca) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
03:18:10.0905 7804 Creative Labs Licensing Service - ok
03:18:10.0905 7804 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\Windows\system32\CTsvcCDA.exe
03:18:10.0905 7804 Creative Service for CDROM Access - ok
03:18:10.0921 7804 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
03:18:10.0921 7804 CryptSvc - ok
03:18:10.0952 7804 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
03:18:10.0952 7804 DcomLaunch - ok
03:18:10.0967 7804 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
03:18:10.0967 7804 defragsvc - ok
03:18:10.0967 7804 DefWatch (20ebbf7e2a86b2bf9bf5072762d321d7) C:\Program Files\Symantec AntiVirus\DefWatch.exe
03:18:10.0967 7804 DefWatch - ok
03:18:10.0983 7804 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
03:18:10.0983 7804 DfsC - ok
03:18:10.0999 7804 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
03:18:10.0999 7804 Dhcp - ok
03:18:11.0014 7804 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
03:18:11.0014 7804 discache - ok
03:18:11.0030 7804 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
03:18:11.0030 7804 Disk - ok
03:18:11.0045 7804 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
03:18:11.0045 7804 Dnscache - ok
03:18:11.0045 7804 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
03:18:11.0045 7804 DockLoginService - ok
03:18:11.0061 7804 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
03:18:11.0061 7804 dot3svc - ok
03:18:11.0077 7804 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
03:18:11.0077 7804 Dot4 - ok
03:18:11.0092 7804 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
03:18:11.0092 7804 Dot4Print - ok
03:18:11.0092 7804 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
03:18:11.0108 7804 dot4usb - ok
03:18:11.0108 7804 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
03:18:11.0108 7804 DPS - ok
03:18:11.0123 7804 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
03:18:11.0123 7804 drmkaud - ok
03:18:11.0139 7804 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
03:18:11.0139 7804 dtsoftbus01 - ok
03:18:11.0155 7804 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
03:18:11.0170 7804 DXGKrnl - ok
03:18:11.0186 7804 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
03:18:11.0186 7804 EapHost - ok
03:18:11.0248 7804 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
03:18:11.0264 7804 ebdrv - ok
03:18:11.0279 7804 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
03:18:11.0279 7804 eeCtrl - ok
03:18:11.0295 7804 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
03:18:11.0295 7804 EFS - ok
03:18:11.0311 7804 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
03:18:11.0311 7804 ehRecvr - ok
03:18:11.0326 7804 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
03:18:11.0326 7804 ehSched - ok
03:18:11.0342 7804 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
03:18:11.0342 7804 elxstor - ok
03:18:11.0342 7804 epmntdrv (6eceb0ce18d352af410dd50ee13eaa9a) C:\Windows\system32\epmntdrv.sys
03:18:11.0357 7804 epmntdrv - ok
03:18:11.0357 7804 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
03:18:11.0357 7804 EraserUtilRebootDrv - ok
03:18:11.0373 7804 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
03:18:11.0373 7804 ErrDev - ok
03:18:11.0389 7804 EuGdiDrv (5f779f5edab787f2d090c71a9051f365) C:\Windows\system32\EuGdiDrv.sys
03:18:11.0389 7804 EuGdiDrv - ok
03:18:11.0404 7804 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
03:18:11.0404 7804 EventSystem - ok
03:18:11.0420 7804 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
03:18:11.0420 7804 exfat - ok
03:18:11.0435 7804 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
03:18:11.0435 7804 fastfat - ok
03:18:11.0451 7804 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
03:18:11.0451 7804 Fax - ok
03:18:11.0467 7804 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
03:18:11.0467 7804 fdc - ok
03:18:11.0482 7804 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
03:18:11.0482 7804 fdPHost - ok
03:18:11.0498 7804 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
03:18:11.0498 7804 FDResPub - ok
03:18:11.0498 7804 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
03:18:11.0513 7804 FileInfo - ok
03:18:11.0513 7804 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
03:18:11.0513 7804 Filetrace - ok
03:18:11.0529 7804 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
03:18:11.0529 7804 flpydisk - ok
03:18:11.0545 7804 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
03:18:11.0545 7804 FltMgr - ok
03:18:11.0560 7804 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
03:18:11.0576 7804 FontCache - ok
03:18:11.0576 7804 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
03:18:11.0576 7804 FontCache3.0.0.0 - ok
03:18:11.0591 7804 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
03:18:11.0591 7804 FsDepends - ok
03:18:11.0623 7804 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
03:18:11.0623 7804 Fs_Rec - ok
03:18:11.0638 7804 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
03:18:11.0638 7804 fvevol - ok
03:18:11.0638 7804 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
03:18:11.0638 7804 gagp30kx - ok
03:18:11.0654 7804 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
03:18:11.0654 7804 GEARAspiWDM - ok
03:18:11.0669 7804 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
03:18:11.0669 7804 giveio - ok
03:18:11.0669 7804 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
03:18:11.0669 7804 GoToAssist - ok
03:18:11.0701 7804 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
03:18:11.0701 7804 gpsvc - ok
03:18:11.0701 7804 gupdate1c9e166f7f89f27 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
03:18:11.0701 7804 gupdate1c9e166f7f89f27 - ok
03:18:11.0716 7804 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
03:18:11.0716 7804 gupdatem - ok
03:18:11.0716 7804 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
03:18:11.0716 7804 gusvc - ok
03:18:11.0732 7804 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
03:18:11.0732 7804 hamachi - ok
03:18:11.0763 7804 Hamachi2Svc (2b2917d15d14ad1e7c5cc10cdc481cb5) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
03:18:11.0763 7804 Hamachi2Svc - ok
03:18:11.0779 7804 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
03:18:11.0779 7804 hcw85cir - ok
03:18:11.0794 7804 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
03:18:11.0794 7804 HDAudBus - ok
03:18:11.0794 7804 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
03:18:11.0794 7804 HidBatt - ok
03:18:11.0810 7804 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
03:18:11.0810 7804 HidBth - ok
03:18:11.0825 7804 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
03:18:11.0825 7804 HidIr - ok
03:18:11.0841 7804 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
03:18:11.0841 7804 hidserv - ok
03:18:11.0857 7804 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
03:18:11.0857 7804 HidUsb - ok
03:18:11.0857 7804 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
03:18:11.0872 7804 hkmsvc - ok
03:18:11.0872 7804 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
03:18:11.0872 7804 HomeGroupListener - ok
03:18:11.0888 7804 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
03:18:11.0888 7804 HomeGroupProvider - ok
03:18:11.0903 7804 hpqcxs08 (ed377b3c83fdea8d906109a085d219ba) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
03:18:11.0903 7804 hpqcxs08 - ok
03:18:11.0919 7804 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
03:18:11.0919 7804 hpqddsvc - ok
03:18:11.0919 7804 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
03:18:11.0919 7804 HpSAMD - ok
03:18:11.0935 7804 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
03:18:11.0950 7804 HTTP - ok
03:18:11.0950 7804 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
03:18:11.0950 7804 hwpolicy - ok
03:18:11.0966 7804 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
03:18:11.0966 7804 i8042prt - ok
03:18:11.0981 7804 IAANTMON (ae38a12f79a4980ddb88f36514f8a1da) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
03:18:11.0981 7804 IAANTMON - ok
03:18:11.0997 7804 iaNvStor (92b37e0a61cd710a0c66dc3567a8bf3c) C:\Windows\system32\drivers\ianvstor.sys
03:18:11.0997 7804 iaNvStor - ok
03:18:12.0013 7804 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\DRIVERS\iaStor.sys
03:18:12.0013 7804 iaStor - ok
03:18:12.0028 7804 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
03:18:12.0028 7804 iaStorV - ok
03:18:12.0044 7804 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
03:18:12.0059 7804 idsvc - ok
03:18:12.0059 7804 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
03:18:12.0059 7804 iirsp - ok
03:18:12.0091 7804 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
03:18:12.0091 7804 IKEEXT - ok
03:18:12.0106 7804 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
03:18:12.0106 7804 intelide - ok
03:18:12.0122 7804 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
03:18:12.0122 7804 intelppm - ok
03:18:12.0122 7804 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
03:18:12.0137 7804 IPBusEnum - ok
03:18:12.0137 7804 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:18:12.0137 7804 IpFilterDriver - ok
03:18:12.0169 7804 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
03:18:12.0169 7804 iphlpsvc - ok
03:18:12.0200 7804 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
03:18:12.0200 7804 IPMIDRV - ok
03:18:12.0215 7804 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
03:18:12.0215 7804 IPNAT - ok
03:18:12.0231 7804 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
03:18:12.0231 7804 iPod Service - ok
03:18:12.0247 7804 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
03:18:12.0247 7804 IRENUM - ok
03:18:12.0262 7804 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
03:18:12.0262 7804 isapnp - ok
03:18:12.0278 7804 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
03:18:12.0278 7804 iScsiPrt - ok
03:18:12.0293 7804 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
03:18:12.0293 7804 kbdclass - ok
03:18:12.0309 7804 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
03:18:12.0309 7804 kbdhid - ok
03:18:12.0325 7804 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
03:18:12.0325 7804 KeyIso - ok
03:18:12.0340 7804 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
03:18:12.0340 7804 KSecDD - ok
03:18:12.0356 7804 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
03:18:12.0356 7804 KSecPkg - ok
03:18:12.0356 7804 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
03:18:12.0371 7804 KtmRm - ok
03:18:12.0387 7804 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
03:18:12.0387 7804 LanmanServer - ok
03:18:12.0403 7804 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
03:18:12.0403 7804 LanmanWorkstation - ok
03:18:12.0449 7804 LiveUpdate (e8a9ac5f30833cd62e3530e2fdbf81df) C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE
03:18:12.0465 7804 LiveUpdate - ok
03:18:12.0481 7804 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
03:18:12.0481 7804 lltdio - ok
03:18:12.0496 7804 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
03:18:12.0496 7804 lltdsvc - ok
03:18:12.0512 7804 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
03:18:12.0512 7804 lmhosts - ok
03:18:12.0527 7804 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
03:18:12.0527 7804 LSI_FC - ok
03:18:12.0543 7804 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
03:18:12.0543 7804 LSI_SAS - ok
03:18:12.0543 7804 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
03:18:12.0543 7804 LSI_SAS2 - ok
03:18:12.0559 7804 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
03:18:12.0559 7804 LSI_SCSI - ok
03:18:12.0574 7804 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
03:18:12.0574 7804 luafv - ok
03:18:12.0590 7804 MCSTRM - ok
03:18:12.0605 7804 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
03:18:12.0605 7804 Mcx2Svc - ok
03:18:12.0637 7804 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
03:18:12.0637 7804 megasas - ok
03:18:12.0652 7804 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
03:18:12.0652 7804 MegaSR - ok
03:18:12.0652 7804 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
03:18:12.0652 7804 MMCSS - ok
03:18:12.0668 7804 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
03:18:12.0668 7804 Modem - ok
03:18:12.0683 7804 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
03:18:12.0683 7804 monitor - ok
03:18:12.0699 7804 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
03:18:12.0699 7804 mouclass - ok
03:18:12.0715 7804 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
03:18:12.0715 7804 mouhid - ok
03:18:12.0730 7804 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
03:18:12.0730 7804 mountmgr - ok
03:18:12.0730 7804 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
03:18:12.0746 7804 mpio - ok
03:18:12.0746 7804 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
03:18:12.0746 7804 mpsdrv - ok
03:18:12.0777 7804 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
03:18:12.0777 7804 MpsSvc - ok
03:18:12.0793 7804 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
03:18:12.0793 7804 MRxDAV - ok
03:18:12.0808 7804 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
03:18:12.0808 7804 mrxsmb - ok
03:18:12.0824 7804 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:18:12.0824 7804 mrxsmb10 - ok
03:18:12.0839 7804 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:18:12.0839 7804 mrxsmb20 - ok
03:18:12.0855 7804 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
03:18:12.0855 7804 msahci - ok
03:18:12.0855 7804 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
03:18:12.0871 7804 msdsm - ok
03:18:12.0871 7804 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
03:18:12.0871 7804 MSDTC - ok
03:18:12.0886 7804 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
03:18:12.0886 7804 Msfs - ok
03:18:12.0902 7804 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
03:18:12.0902 7804 mshidkmdf - ok
03:18:12.0917 7804 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
03:18:12.0917 7804 msisadrv - ok
03:18:12.0933 7804 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
03:18:12.0933 7804 MSiSCSI - ok
03:18:12.0949 7804 msiserver - ok
03:18:12.0949 7804 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
03:18:12.0949 7804 MSKSSRV - ok
03:18:12.0964 7804 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
03:18:12.0964 7804 MSPCLOCK - ok
03:18:12.0980 7804 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
03:18:12.0980 7804 MSPQM - ok
03:18:12.0995 7804 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
03:18:12.0995 7804 MsRPC - ok
03:18:13.0011 7804 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
03:18:13.0011 7804 mssmbios - ok
03:18:13.0027 7804 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
03:18:13.0027 7804 MSTEE - ok
03:18:13.0042 7804 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
03:18:13.0042 7804 MTConfig - ok
03:18:13.0042 7804 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
03:18:13.0042 7804 Mup - ok
03:18:13.0058 7804 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
03:18:13.0073 7804 napagent - ok
03:18:13.0089 7804 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
03:18:13.0089 7804 NativeWifiP - ok
03:18:13.0089 7804 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120407.016\NAVENG.SYS
03:18:13.0089 7804 NAVENG - ok
03:18:13.0120 7804 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120407.016\NAVEX15.SYS
03:18:13.0120 7804 NAVEX15 - ok
03:18:13.0136 7804 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
03:18:13.0151 7804 NDIS - ok
03:18:13.0167 7804 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
03:18:13.0167 7804 NdisCap - ok
03:18:13.0183 7804 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
03:18:13.0183 7804 NdisTapi - ok
03:18:13.0215 7804 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
03:18:13.0215 7804 Ndisuio - ok
03:18:13.0230 7804 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
03:18:13.0230 7804 NdisWan - ok
03:18:13.0246 7804 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
03:18:13.0246 7804 NDProxy - ok
03:18:13.0262 7804 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
03:18:13.0262 7804 NetBIOS - ok
03:18:13.0277 7804 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
03:18:13.0277 7804 NetBT - ok
03:18:13.0277 7804 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
03:18:13.0277 7804 Netlogon - ok
03:18:13.0293 7804 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
03:18:13.0308 7804 Netman - ok
03:18:13.0308 7804 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
03:18:13.0324 7804 netprofm - ok
03:18:13.0324 7804 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:18:13.0324 7804 NetTcpPortSharing - ok
03:18:13.0340 7804 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
03:18:13.0340 7804 nfrd960 - ok
03:18:13.0355 7804 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
03:18:13.0355 7804 NlaSvc - ok
03:18:13.0371 7804 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
03:18:13.0371 7804 Npfs - ok
03:18:13.0386 7804 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
03:18:13.0386 7804 nsi - ok
03:18:13.0402 7804 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
03:18:13.0402 7804 nsiproxy - ok
03:18:13.0418 7804 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
03:18:13.0433 7804 Ntfs - ok
03:18:13.0449 7804 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
03:18:13.0449 7804 Null - ok
03:18:13.0574 7804 nvlddmkm (1f144bd1fecb52fe4dc18fafe70ff7af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
03:18:13.0652 7804 nvlddmkm - ok
03:18:13.0652 7804 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
03:18:13.0667 7804 nvraid - ok
03:18:13.0667 7804 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
03:18:13.0667 7804 nvstor - ok
03:18:13.0698 7804 nvsvc (63391020bc1fd82e8f8073024276b0b7) C:\Windows\system32\nvvsvc.exe
03:18:13.0698 7804 nvsvc - ok
03:18:13.0730 7804 nvUpdatusService (71e63293328bca65b9dbbc6fdce04b3c) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
03:18:13.0745 7804 nvUpdatusService - ok
03:18:13.0761 7804 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
03:18:13.0761 7804 nv_agp - ok
03:18:13.0761 7804 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
03:18:13.0776 7804 odserv - ok
03:18:13.0792 7804 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
03:18:13.0792 7804 OEM02Dev - ok
03:18:13.0792 7804 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
03:18:13.0792 7804 OEM02Vfx - ok
03:18:13.0808 7804 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
03:18:13.0808 7804 ohci1394 - ok
03:18:13.0823 7804 OpenVPNService (05dfaea115d262088f50ed176bf0c8d4) C:\Program Files\OpenVPN\bin\openvpnserv.exe
03:18:13.0823 7804 OpenVPNService - ok
03:18:13.0823 7804 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:18:13.0823 7804 ose - ok
03:18:13.0839 7804 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
03:18:13.0839 7804 p2pimsvc - ok
03:18:13.0854 7804 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
03:18:13.0870 7804 p2psvc - ok
03:18:13.0870 7804 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
03:18:13.0870 7804 Parport - ok
03:18:13.0886 7804 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
03:18:13.0886 7804 partmgr - ok
03:18:13.0901 7804 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
03:18:13.0901 7804 Parvdm - ok
03:18:13.0917 7804 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
03:18:13.0917 7804 PcaSvc - ok
03:18:13.0932 7804 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
03:18:13.0932 7804 pci - ok
03:18:13.0932 7804 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
03:18:13.0932 7804 pciide - ok
03:18:13.0948 7804 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
03:18:13.0948 7804 pcmcia - ok
03:18:13.0964 7804 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
03:18:13.0964 7804 pcw - ok
03:18:13.0979 7804 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
03:18:13.0995 7804 PEAUTH - ok
03:18:14.0026 7804 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
03:18:14.0042 7804 pla - ok
03:18:14.0057 7804 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
03:18:14.0057 7804 PlugPlay - ok
03:18:14.0073 7804 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
03:18:14.0073 7804 PNRPAutoReg - ok
03:18:14.0088 7804 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
03:18:14.0088 7804 PNRPsvc - ok
03:18:14.0104 7804 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
03:18:14.0104 7804 PolicyAgent - ok
03:18:14.0120 7804 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
03:18:14.0120 7804 Power - ok
03:18:14.0135 7804 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
03:18:14.0135 7804 PptpMiniport - ok
03:18:14.0151 7804 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
03:18:14.0151 7804 Processor - ok
03:18:14.0166 7804 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
03:18:14.0166 7804 ProfSvc - ok
03:18:14.0182 7804 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
03:18:14.0182 7804 ProtectedStorage - ok
03:18:14.0198 7804 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
03:18:14.0198 7804 Psched - ok
03:18:14.0198 7804 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
03:18:14.0198 7804 PxHelp20 - ok
03:18:14.0230 7804 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
03:18:14.0245 7804 ql2300 - ok
03:18:14.0261 7804 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
03:18:14.0261 7804 ql40xx - ok
03:18:14.0277 7804 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
03:18:14.0277 7804 QWAVE - ok
03:18:14.0292 7804 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
03:18:14.0292 7804 QWAVEdrv - ok
03:18:14.0308 7804 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
03:18:14.0308 7804 RasAcd - ok
03:18:14.0323 7804 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
03:18:14.0323 7804 RasAgileVpn - ok
03:18:14.0339 7804 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
03:18:14.0339 7804 RasAuto - ok
03:18:14.0355 7804 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
03:18:14.0355 7804 Rasl2tp - ok
03:18:14.0370 7804 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
03:18:14.0370 7804 RasMan - ok
03:18:14.0386 7804 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
03:18:14.0386 7804 RasPppoe - ok
03:18:14.0386 7804 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
03:18:14.0401 7804 RasSstp - ok
03:18:14.0401 7804 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
03:18:14.0417 7804 rdbss - ok
03:18:14.0417 7804 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
03:18:14.0417 7804 rdpbus - ok
03:18:14.0433 7804 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
03:18:14.0433 7804 RDPCDD - ok
03:18:14.0448 7804 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
03:18:14.0448 7804 RDPENCDD - ok
03:18:14.0464 7804 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
03:18:14.0464 7804 RDPREFMP - ok
03:18:14.0479 7804 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
03:18:14.0479 7804 RDPWD - ok
03:18:14.0495 7804 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
03:18:14.0495 7804 rdyboost - ok
03:18:14.0511 7804 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
03:18:14.0511 7804 RemoteAccess - ok
03:18:14.0526 7804 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
03:18:14.0526 7804 RemoteRegistry - ok
03:18:14.0542 7804 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
03:18:14.0542 7804 rimmptsk - ok
03:18:14.0557 7804 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
03:18:14.0557 7804 rimsptsk - ok
03:18:14.0557 7804 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
03:18:14.0557 7804 rismxdp - ok
03:18:14.0573 7804 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
03:18:14.0573 7804 RpcEptMapper - ok
03:18:14.0589 7804 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
03:18:14.0589 7804 RpcLocator - ok
03:18:14.0604 7804 rpcnet (3297445bb9fd3e8363e7559010ed2ae7) C:\Windows\System32\rpcnet.exe
03:18:14.0604 7804 rpcnet - ok
03:18:14.0620 7804 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
03:18:14.0620 7804 RpcSs - ok
03:18:14.0635 7804 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
03:18:14.0635 7804 rspndr - ok
03:18:14.0651 7804 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
03:18:14.0667 7804 SamSs - ok
03:18:14.0667 7804 SavRoam (c2320ef4c3d759f8abc679ece791ce34) C:\Program Files\Symantec AntiVirus\SavRoam.exe
03:18:14.0667 7804 SavRoam - ok
03:18:14.0682 7804 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
03:18:14.0682 7804 sbp2port - ok
03:18:14.0698 7804 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
03:18:14.0698 7804 SCardSvr - ok
03:18:14.0713 7804 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\Windows\system32\drivers\SCDEmu.sys
03:18:14.0713 7804 SCDEmu - ok
03:18:14.0713 7804 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
03:18:14.0729 7804 scfilter - ok
03:18:14.0745 7804 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
03:18:14.0745 7804 Schedule - ok
03:18:14.0760 7804 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
03:18:14.0760 7804 SCPolicySvc - ok
03:18:14.0776 7804 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
03:18:14.0776 7804 sdbus - ok
03:18:14.0791 7804 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
03:18:14.0791 7804 SDRSVC - ok
03:18:14.0807 7804 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
03:18:14.0807 7804 SeaPort - ok
03:18:14.0807 7804 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
03:18:14.0807 7804 secdrv - ok
03:18:14.0823 7804 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
03:18:14.0823 7804 seclogon - ok
03:18:14.0838 7804 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
03:18:14.0838 7804 SENS - ok
03:18:14.0854 7804 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
03:18:14.0854 7804 SensrSvc - ok
03:18:14.0869 7804 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
03:18:14.0869 7804 Serenum - ok
03:18:14.0869 7804 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
03:18:14.0885 7804 Serial - ok
03:18:14.0885 7804 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
03:18:14.0885 7804 sermouse - ok
03:18:14.0916 7804 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
03:18:14.0916 7804 SessionEnv - ok
03:18:14.0932 7804 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
03:18:14.0932 7804 sffdisk - ok
03:18:14.0932 7804 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
03:18:14.0932 7804 sffp_mmc - ok
03:18:14.0947 7804 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
03:18:14.0947 7804 sffp_sd - ok
03:18:14.0963 7804 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
03:18:14.0963 7804 sfloppy - ok
03:18:14.0979 7804 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
03:18:14.0979 7804 SharedAccess - ok
03:18:14.0994 7804 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
03:18:14.0994 7804 ShellHWDetection - ok
03:18:15.0010 7804 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
03:18:15.0010 7804 sisagp - ok
03:18:15.0025 7804 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
03:18:15.0025 7804 SiSRaid2 - ok
03:18:15.0041 7804 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
03:18:15.0041 7804 SiSRaid4 - ok
03:18:15.0057 7804 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
03:18:15.0057 7804 Smb - ok
03:18:15.0072 7804 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
03:18:15.0072 7804 SNMPTRAP - ok
03:18:15.0088 7804 SPBBCDrv (38c030777dabfc771dac7873443cfcba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
03:18:15.0088 7804 SPBBCDrv - ok
03:18:15.0103 7804 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\Windows\system32\speedfan.sys
03:18:15.0103 7804 speedfan - ok
03:18:15.0119 7804 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
03:18:15.0119 7804 spldr - ok
03:18:15.0135 7804 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
03:18:15.0135 7804 Spooler - ok
03:18:15.0197 7804 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
03:18:15.0245 7804 sppsvc - ok
03:18:15.0245 7804 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
03:18:15.0245 7804 sppuinotify - ok
03:18:15.0276 7804 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\System32\Drivers\sptd.sys
03:18:15.0276 7804 sptd - ok
03:18:15.0292 7804 SRTSP (3cb2f35789632f0bae8a1b9edb08e965) C:\Windows\system32\Drivers\SRTSP.SYS
03:18:15.0292 7804 SRTSP - ok
03:18:15.0307 7804 SRTSPL (d69f1be5fd6da685a4c0e36d58a29e85) C:\Windows\system32\Drivers\SRTSPL.SYS
03:18:15.0307 7804 SRTSPL - ok
03:18:15.0323 7804 SRTSPX (1af60c53c43e2e672bbda3ba9a947d48) C:\Windows\system32\Drivers\SRTSPX.SYS
03:18:15.0323 7804 SRTSPX - ok
03:18:15.0338 7804 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
03:18:15.0338 7804 srv - ok
03:18:15.0354 7804 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
03:18:15.0354 7804 srv2 - ok
03:18:15.0370 7804 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
03:18:15.0370 7804 srvnet - ok
03:18:15.0385 7804 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
03:18:15.0385 7804 sscdbus - ok
03:18:15.0401 7804 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
03:18:15.0401 7804 sscdmdfl - ok
03:18:15.0416 7804 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
03:18:15.0416 7804 sscdmdm - ok
03:18:15.0416 7804 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
03:18:15.0432 7804 sscdserd - ok
03:18:15.0432 7804 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
03:18:15.0448 7804 SSDPSRV - ok
03:18:15.0448 7804 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
03:18:15.0463 7804 SstpSvc - ok
03:18:15.0463 7804 STacSV (7e6dd4b34acd36af6c711d2bde91b040) C:\Windows\system32\STacSV.exe
03:18:15.0479 7804 STacSV - ok
03:18:15.0479 7804 Steam Client Service - ok
03:18:15.0494 7804 Stereo Service (a2abc52cd8a5b60262b220a17a92eb31) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
03:18:15.0494 7804 Stereo Service - ok
03:18:15.0510 7804 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
03:18:15.0510 7804 stexstor - ok
03:18:15.0526 7804 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
03:18:15.0526 7804 STHDA - ok
03:18:15.0541 7804 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
03:18:15.0557 7804 StiSvc - ok
03:18:15.0557 7804 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
03:18:15.0557 7804 stllssvr - ok
03:18:15.0572 7804 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
03:18:15.0572 7804 swenum - ok
03:18:15.0588 7804 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
03:18:15.0588 7804 swprv - ok
03:18:15.0619 7804 Symantec AntiVirus (1fda6b0527dd0dd71b324fcfc60a5f29) C:\Program Files\Symantec AntiVirus\Rtvscan.exe
03:18:15.0635 7804 Symantec AntiVirus - ok
03:18:15.0650 7804 Symantec RemoteAssist (267c914667c94e5f47d342311c1c577f) C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
03:18:15.0650 7804 Symantec RemoteAssist - ok
03:18:15.0682 7804 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\Windows\system32\Drivers\SYMEVENT.SYS
03:18:15.0682 7804 SymEvent - ok
03:18:15.0697 7804 SYMREDRV (829830a3ca1c5e329d68e26c9cd2de8d) C:\Windows\System32\Drivers\SYMREDRV.SYS
03:18:15.0697 7804 SYMREDRV - ok
03:18:15.0713 7804 SYMTDI (b1aa9704124b494c34e8d372e6654196) C:\Windows\System32\Drivers\SYMTDI.SYS
03:18:15.0713 7804 SYMTDI - ok
03:18:15.0728 7804 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
03:18:15.0744 7804 SysMain - ok
03:18:15.0760 7804 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
03:18:15.0760 7804 TabletInputService - ok
03:18:15.0775 7804 tap0901 (d8c94d074fe516a8509dfa1d81f8ad17) C:\Windows\system32\DRIVERS\tap0901.sys
03:18:15.0775 7804 tap0901 - ok
03:18:15.0791 7804 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
03:18:15.0791 7804 TapiSrv - ok
03:18:15.0806 7804 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
03:18:15.0806 7804 TBS - ok
03:18:15.0822 7804 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
03:18:15.0838 7804 Tcpip - ok
03:18:15.0869 7804 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
03:18:15.0869 7804 TCPIP6 - ok
03:18:15.0884 7804 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
03:18:15.0884 7804 tcpipreg - ok
03:18:15.0900 7804 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\Windows\system32\Drivers\tcusb.sys
03:18:15.0900 7804 TcUsb - ok
03:18:15.0916 7804 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
03:18:15.0916 7804 TDPIPE - ok
03:18:15.0931 7804 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
03:18:15.0931 7804 TDTCP - ok
03:18:15.0947 7804 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
03:18:15.0947 7804 tdx - ok
03:18:15.0947 7804 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
03:18:15.0947 7804 TermDD - ok
03:18:15.0978 7804 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
03:18:15.0978 7804 TermService - ok
03:18:15.0994 7804 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
03:18:15.0994 7804 Themes - ok
03:18:15.0994 7804 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
03:18:16.0009 7804 THREADORDER - ok
03:18:16.0009 7804 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
03:18:16.0009 7804 TrkWks - ok
03:18:16.0025 7804 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
03:18:16.0025 7804 TrustedInstaller - ok
03:18:16.0040 7804 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
03:18:16.0040 7804 tssecsrv - ok
03:18:16.0056 7804 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
03:18:16.0056 7804 TsUsbFlt - ok
03:18:16.0072 7804 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
03:18:16.0072 7804 tunnel - ok
03:18:16.0087 7804 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
03:18:16.0087 7804 uagp35 - ok
03:18:16.0103 7804 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
03:18:16.0103 7804 udfs - ok
03:18:16.0118 7804 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
03:18:16.0118 7804 UI0Detect - ok
03:18:16.0134 7804 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
03:18:16.0134 7804 uliagpkx - ok
03:18:16.0150 7804 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
03:18:16.0150 7804 umbus - ok
03:18:16.0165 7804 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
03:18:16.0165 7804 UmPass - ok
03:18:16.0196 7804 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
03:18:16.0212 7804 upnphost - ok
03:18:16.0228 7804 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
03:18:16.0228 7804 USBAAPL - ok
03:18:16.0228 7804 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
03:18:16.0243 7804 usbaudio - ok
03:18:16.0244 7804 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
03:18:16.0244 7804 usbccgp - ok
03:18:16.0260 7804 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
03:18:16.0260 7804 usbcir - ok
03:18:16.0275 7804 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
03:18:16.0275 7804 usbehci - ok
03:18:16.0291 7804 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
03:18:16.0291 7804 usbhub - ok
03:18:16.0307 7804 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
03:18:16.0307 7804 usbohci - ok
03:18:16.0322 7804 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
03:18:16.0322 7804 usbprint - ok
03:18:16.0322 7804 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
03:18:16.0338 7804 usbscan - ok
03:18:16.0338 7804 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:18:16.0338 7804 USBSTOR - ok
03:18:16.0353 7804 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
03:18:16.0353 7804 usbuhci - ok
03:18:16.0369 7804 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
03:18:16.0369 7804 usb_rndisx - ok
03:18:16.0385 7804 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
03:18:16.0385 7804 UxSms - ok
03:18:16.0400 7804 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
03:18:16.0400 7804 VaultSvc - ok
03:18:16.0416 7804 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
03:18:16.0416 7804 vdrvroot - ok
03:18:16.0431 7804 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
03:18:16.0431 7804 vds - ok
03:18:16.0447 7804 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
03:18:16.0447 7804 vga - ok
03:18:16.0463 7804 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
03:18:16.0463 7804 VgaSave - ok
03:18:16.0478 7804 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
03:18:16.0478 7804 vhdmp - ok
03:18:16.0494 7804 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
03:18:16.0494 7804 viaagp - ok
03:18:16.0494 7804 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
03:18:16.0509 7804 ViaC7 - ok
03:18:16.0509 7804 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
03:18:16.0509 7804 viaide - ok
03:18:16.0525 7804 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
03:18:16.0525 7804 Viewpoint Manager Service - ok
03:18:16.0541 7804 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
03:18:16.0541 7804 volmgr - ok
03:18:16.0556 7804 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
03:18:16.0556 7804 volmgrx - ok
03:18:16.0572 7804 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
03:18:16.0572 7804 volsnap - ok
03:18:16.0587 7804 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
03:18:16.0587 7804 vsmraid - ok
03:18:16.0603 7804 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
03:18:16.0619 7804 VSS - ok
03:18:16.0619 7804 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
03:18:16.0619 7804 vwifibus - ok
03:18:16.0650 7804 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
03:18:16.0650 7804 W32Time - ok
03:18:16.0665 7804 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
03:18:16.0665 7804 WacomPen - ok
03:18:16.0681 7804 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
03:18:16.0681 7804 WANARP - ok
03:18:16.0697 7804 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
03:18:16.0697 7804 Wanarpv6 - ok
03:18:16.0728 7804 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
03:18:16.0728 7804 WatAdminSvc - ok
03:18:16.0759 7804 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
03:18:16.0759 7804 wbengine - ok
03:18:16.0775 7804 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
03:18:16.0775 7804 WbioSrvc - ok
03:18:16.0790 7804 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
03:18:16.0806 7804 wcncsvc - ok
03:18:16.0806 7804 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
03:18:16.0821 7804 WcsPlugInService - ok
03:18:16.0821 7804 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
03:18:16.0821 7804 Wd - ok
03:18:16.0837 7804 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
03:18:16.0853 7804 Wdf01000 - ok
03:18:16.0853 7804 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
03:18:16.0868 7804 WdiServiceHost - ok
03:18:16.0868 7804 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
03:18:16.0868 7804 WdiSystemHost - ok
03:18:16.0884 7804 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
03:18:16.0884 7804 WebClient - ok
03:18:16.0899 7804 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
03:18:16.0899 7804 Wecsvc - ok
03:18:16.0915 7804 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
03:18:16.0915 7804 wercplsupport - ok
03:18:16.0931 7804 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
03:18:16.0931 7804 WerSvc - ok
03:18:16.0946 7804 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
03:18:16.0946 7804 WfpLwf - ok
03:18:16.0962 7804 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
03:18:16.0962 7804 WIMMount - ok
03:18:16.0977 7804 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
03:18:16.0977 7804 WinDefend - ok
03:18:16.0977 7804 WinHttpAutoProxySvc - ok
03:18:16.0993 7804 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
03:18:17.0009 7804 Winmgmt - ok
03:18:17.0024 7804 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
03:18:17.0040 7804 WinRM - ok
03:18:17.0055 7804 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
03:18:17.0055 7804 WinUsb - ok
03:18:17.0071 7804 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
03:18:17.0087 7804 Wlansvc - ok
03:18:17.0118 7804 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:18:17.0118 7804 wlidsvc - ok
03:18:17.0133 7804 wltrysvc - ok
03:18:17.0149 7804 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
03:18:17.0149 7804 WmiAcpi - ok
03:18:17.0165 7804 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
03:18:17.0165 7804 wmiApSrv - ok
03:18:17.0196 7804 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
03:18:17.0211 7804 WMPNetworkSvc - ok
03:18:17.0227 7804 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
03:18:17.0227 7804 WPCSvc - ok
03:18:17.0243 7804 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
03:18:17.0243 7804 WPDBusEnum - ok
03:18:17.0259 7804 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
03:18:17.0259 7804 ws2ifsl - ok
03:18:17.0259 7804 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
03:18:17.0275 7804 wscsvc - ok
03:18:17.0275 7804 WSearch - ok
03:18:17.0322 7804 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
03:18:17.0337 7804 wuauserv - ok
03:18:17.0353 7804 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
03:18:17.0353 7804 WudfPf - ok
03:18:17.0368 7804 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
03:18:17.0368 7804 WUDFRd - ok
03:18:17.0368 7804 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
03:18:17.0384 7804 wudfsvc - ok
03:18:17.0400 7804 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
03:18:17.0400 7804 WwanSvc - ok
03:18:17.0415 7804 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys
03:18:17.0415 7804 yukonw7 - ok
03:18:17.0431 7804 MBR (0x1B8) (d83f94e05deced58921d4d8b25a861b7) \Device\Harddisk0\DR0
03:18:17.0431 7804 \Device\Harddisk0\DR0 - ok
03:18:17.0446 7804 Boot (0x1200) (d55bd7e19863dad0903d07284606a169) \Device\Harddisk0\DR0\Partition0
03:18:17.0446 7804 \Device\Harddisk0\DR0\Partition0 - ok
03:18:17.0446 7804 Boot (0x1200) (60d4910dd911c9cc8db98cd2630b3082) \Device\Harddisk0\DR0\Partition1
03:18:17.0446 7804 \Device\Harddisk0\DR0\Partition1 - ok
03:18:17.0446 7804 ============================================================
03:18:17.0446 7804 Scan finished
03:18:17.0446 7804 ============================================================
03:18:17.0462 6768 Detected object count: 0
03:18:17.0462 6768 Actual detected object count: 0
03:18:37.0973 5976 Deinitialize success

aswMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-10 00:12:30
-----------------------------
00:12:30.463 OS Version: Windows 6.1.7601 Service Pack 1
00:12:30.463 Number of processors: 2 586 0x170A
00:12:30.465 ComputerName: PENELOPE UserName:
00:12:32.560 Initialize success
00:13:39.677 AVAST engine defs: 12040901
00:14:19.201 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
00:14:19.206 Disk 0 Vendor: SAMSUNG_ VBM1 Size: 244208MB BusType: 3
00:14:19.233 Disk 0 MBR read successfully
00:14:19.236 Disk 0 MBR scan
00:14:19.240 Disk 0 unknown MBR code
00:14:19.260 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
00:14:19.283 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 208896
00:14:19.305 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 203144 MB offset 31666176
00:14:19.311 Disk 0 Partition - 00 05 Extended 25595 MB offset 447715485
00:14:19.338 Disk 0 Partition 4 80 (A) 83 Linux 24489 MB offset 447715548
00:14:19.344 Disk 0 Partition - 00 05 Extended 1106 MB offset 497870415
00:14:19.366 Disk 0 scanning sectors +500135580
00:14:19.499 Disk 0 scanning C:\Windows\system32\drivers
00:14:54.470 Service scanning
00:15:07.687 Modules scanning
00:15:54.741 Disk 0 trace - called modules:
00:15:54.755 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
00:15:54.761 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x872259a8]
00:15:54.768 3 CLASSPNP.SYS[8cfa559e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86468030]
00:15:56.195 AVAST engine scan C:\Windows
00:16:22.469 AVAST engine scan C:\Windows\system32
00:26:41.074 AVAST engine scan C:\Windows\system32\drivers
00:27:52.189 AVAST engine scan C:\Users\Aaron Segal
01:25:27.838 Disk 0 MBR has been saved successfully to "C:\Users\Aaron Segal\Desktop\MBR.dat"
01:25:27.868 The log file has been saved successfully to "C:\Users\Aaron Segal\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-10 00:12:30
-----------------------------
00:12:30.463 OS Version: Windows 6.1.7601 Service Pack 1
00:12:30.463 Number of processors: 2 586 0x170A
00:12:30.465 ComputerName: PENELOPE UserName:
00:12:32.560 Initialize success
00:13:39.677 AVAST engine defs: 12040901
00:14:19.201 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
00:14:19.206 Disk 0 Vendor: SAMSUNG_ VBM1 Size: 244208MB BusType: 3
00:14:19.233 Disk 0 MBR read successfully
00:14:19.236 Disk 0 MBR scan
00:14:19.240 Disk 0 unknown MBR code
00:14:19.260 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
00:14:19.283 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 208896
00:14:19.305 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 203144 MB offset 31666176
00:14:19.311 Disk 0 Partition - 00 05 Extended 25595 MB offset 447715485
00:14:19.338 Disk 0 Partition 4 80 (A) 83 Linux 24489 MB offset 447715548
00:14:19.344 Disk 0 Partition - 00 05 Extended 1106 MB offset 497870415
00:14:19.366 Disk 0 scanning sectors +500135580
00:14:19.499 Disk 0 scanning C:\Windows\system32\drivers
00:14:54.470 Service scanning
00:15:07.687 Modules scanning
00:15:54.741 Disk 0 trace - called modules:
00:15:54.755 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
00:15:54.761 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x872259a8]
00:15:54.768 3 CLASSPNP.SYS[8cfa559e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86468030]
00:15:56.195 AVAST engine scan C:\Windows
00:16:22.469 AVAST engine scan C:\Windows\system32
00:26:41.074 AVAST engine scan C:\Windows\system32\drivers
00:27:52.189 AVAST engine scan C:\Users\Aaron Segal
01:25:27.838 Disk 0 MBR has been saved successfully to "C:\Users\Aaron Segal\Desktop\MBR.dat"
01:25:27.868 The log file has been saved successfully to "C:\Users\Aaron Segal\Desktop\aswMBR.txt"
01:56:48.985 AVAST engine scan C:\ProgramData
02:15:28.530 Scan finished successfully
10:04:51.403 Disk 0 MBR has been saved successfully to "C:\Users\Aaron Segal\Desktop\MBR.dat"
10:04:51.403 The log file has been saved successfully to "C:\Users\Aaron Segal\Desktop\aswMBR.txt"

Edited by aaronak, 10 April 2012 - 12:25 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:40 PM

Posted 10 April 2012 - 05:39 PM

Hello

, the redirects to Happili have started occurring again, - In which browsers does this happen in - I want you to check all that are installed


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 aaronak

aaronak
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 10 April 2012 - 07:23 PM

It appears to be only Firefox. I'm not seeing it in Internet Explorer; at least, not yet.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:40 PM

Posted 10 April 2012 - 07:26 PM

Hello


Lets uninstall firefox and if asked about user data or settings then remove that also


reinstall firefox and check if it redirects


gringo9
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 aaronak

aaronak
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 11 April 2012 - 02:28 AM

I reinstalled Firefox, and have been using it for a few hours with no redirects. I'm going to keep using Firefox for a while, and I'll let you know if the problem comes back tomorrow.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:40 PM

Posted 11 April 2012 - 08:13 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 aaronak

aaronak
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 13 April 2012 - 02:31 AM

Hi,

I ran ComboFix with the script. No errors apart from the "Illegal operation attempted..." business, which a restart cleared up. I have not seen any redirects since I re-installed Firefox. Thanks so much for your help!

ComboFix log:

ComboFix 12-04-08.02 - Aaron Segal 04/13/2012 2:51.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.2123 [GMT -4:00]
Running from: c:\users\Aaron Segal\Desktop\ComboFix.exe
Command switches used :: c:\users\Aaron Segal\Desktop\CFScript.txt
AV: SymantecAntiVirus *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: SymantecAntiVirus *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))
.
.
2012-04-13 07:01 . 2012-04-13 07:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-13 07:01 . 2012-04-13 07:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-13 06:48 . 2012-04-13 06:48 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A5D9A39-9083-454D-A1AC-D0DE9C8A0B43}\offreg.dll
2012-04-12 02:37 . 2012-04-12 02:37 -------- d-----w- c:\program files\Common Files\Java
2012-04-12 02:37 . 2012-04-12 02:36 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\REN2A87.tmp
2012-04-11 00:30 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 00:30 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 00:30 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 00:30 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 00:30 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 00:30 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-10 17:19 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A5D9A39-9083-454D-A1AC-D0DE9C8A0B43}\mpengine.dll
2012-04-07 03:07 . 2012-04-07 03:07 -------- d-----w- C:\found.002
2012-04-03 14:36 . 2012-04-03 14:36 -------- d-----w- c:\program files\iPod
2012-04-03 14:36 . 2012-04-03 14:38 -------- d-----w- c:\program files\iTunes
2012-03-30 15:32 . 2012-03-30 15:32 -------- d-----w- c:\users\Aaron Segal\AppData\Local\{834DA18B-7A7D-11E1-826D-B8AC6F996F26}
2012-03-27 04:21 . 2012-03-27 04:21 -------- d-----w- c:\users\Aaron Segal\AppData\Roaming\enchant
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 05:40 . 2009-10-24 21:55 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-04-12 02:36 . 2011-07-14 04:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-11 14:08 . 2009-05-30 18:09 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-04-11 00:47 . 2009-10-24 21:55 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2012-02-29 16:30 . 2011-06-02 01:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 13:18 . 2009-10-03 01:51 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34 . 2012-03-13 23:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-13 23:34 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-13 23:34 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 15:01 . 2012-02-15 15:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-10 05:38 . 2012-03-13 23:35 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 03:54 . 2012-03-13 23:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 08:05 . 2010-04-13 04:59 13160 ----a-w- c:\windows\system32\Upgrd.exe
2012-01-31 08:05 . 2009-05-30 18:09 58288 ------w- c:\windows\system32\rpcnet.exe
2012-01-25 05:32 . 2012-03-13 23:34 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-13 23:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-13 23:34 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 04:39 . 2012-04-11 00:53 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-09_06.42.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-11 00:41 . 2012-02-28 00:52 72704 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.20548_none_61238b1e76d29f76\mshtmled.dll
+ 2012-04-11 00:41 . 2012-02-28 01:03 72704 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.4.8112.16443_none_6094ece15db980f9\mshtmled.dll
+ 2012-04-11 00:41 . 2012-02-28 00:56 66048 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20548_none_1ae39534d540ec68\WininetPlugin.dll
+ 2012-04-11 00:41 . 2012-02-28 00:55 65024 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20548_none_1ae39534d540ec68\jsproxy.dll
+ 2012-04-11 00:41 . 2012-02-28 01:08 66048 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16443_none_1a54f6f7bc27cdeb\WininetPlugin.dll
+ 2012-04-11 00:41 . 2012-02-28 01:08 65024 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16443_none_1a54f6f7bc27cdeb\jsproxy.dll
+ 2012-04-11 00:30 . 2012-03-01 05:31 19824 c:\windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.21933_none_27ccb28db5c2160c\fs_rec.sys
+ 2012-04-11 00:30 . 2012-03-01 05:46 19824 c:\windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.17787_none_271105689cc96a2c\fs_rec.sys
+ 2012-04-11 00:30 . 2012-03-01 05:34 19312 c:\windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.1.7600.21160_none_25c2bb21b8b6e809\fs_rec.sys
+ 2012-04-11 00:30 . 2012-03-01 05:53 19312 c:\windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.1.7600.16970_none_252e76489fa130ee\fs_rec.sys
+ 2009-10-25 00:09 . 2012-04-11 14:11 61082 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-04-11 14:11 46022 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-25 02:56 . 2012-04-11 14:11 14040 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4082460731-2849229238-2951310151-1000_UserData.bin
- 2012-02-15 23:39 . 2011-12-14 02:50 72704 c:\windows\System32\mshtmled.dll
+ 2012-04-11 00:41 . 2012-02-28 01:03 72704 c:\windows\System32\mshtmled.dll
- 2012-02-15 23:39 . 2011-12-14 02:54 66048 c:\windows\System32\migration\WininetPlugin.dll
+ 2012-04-11 00:41 . 2012-02-28 01:08 66048 c:\windows\System32\migration\WininetPlugin.dll
+ 2012-04-11 00:41 . 2012-02-28 01:08 65024 c:\windows\System32\jsproxy.dll
- 2012-02-15 23:39 . 2011-12-14 02:54 65024 c:\windows\System32\jsproxy.dll
+ 2009-10-24 21:56 . 2012-04-12 15:11 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-24 21:56 . 2012-04-08 14:55 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-24 21:56 . 2012-04-08 14:55 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-24 21:56 . 2012-04-12 15:11 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2012-04-08 14:55 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2012-04-12 15:11 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:34 . 2012-04-11 18:21 90120 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-10-25 01:00 . 2012-04-11 15:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-25 01:00 . 2012-03-26 16:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-04-11 00:38 . 2012-04-11 00:38 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-02-22 08:03 . 2012-02-22 08:03 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-02-22 08:04 . 2012-02-22 08:04 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-05-26 03:46 . 2012-04-11 00:41 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-05-26 03:46 . 2012-02-07 08:09 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-05-26 03:46 . 2012-04-11 00:41 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-05-26 03:46 . 2012-02-07 08:09 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-05-26 03:46 . 2012-04-11 00:41 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-05-26 03:46 . 2012-02-07 08:09 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-04-11 23:05 . 2012-04-11 23:05 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\5aa50d178dd6774b1d6b46a0997f0b95\WindowsLiveWriter.ni.exe
+ 2012-04-12 01:10 . 2012-04-12 01:10 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1371ed674fc04f510cb41524e2d4322d\System.Web.DynamicData.Design.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 95232 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\bf9ec586dbf5feb2f44f6bacb434f8d1\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-04-11 00:30 . 2012-03-01 05:15 5120 c:\windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.21933_none_27ccb28db5c2160c\wmi.dll
+ 2012-04-11 00:30 . 2012-03-01 05:29 5120 c:\windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.17787_none_271105689cc96a2c\wmi.dll
+ 2012-04-11 00:30 . 2012-03-01 05:24 5120 c:\windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.1.7600.21160_none_25c2bb21b8b6e809\wmi.dll
+ 2012-04-11 00:30 . 2012-03-01 05:40 5120 c:\windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.1.7600.16970_none_252e76489fa130ee\wmi.dll
- 2012-04-07 03:09 . 2012-04-09 06:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-11 14:08 . 2012-04-11 14:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-11 14:08 . 2012-04-11 14:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-07 03:09 . 2012-04-09 06:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-11 00:30 . 2012-03-01 05:23 172544 c:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.1.7601.21933_none_f228a60c1181b3d8\wintrust.dll
+ 2012-04-11 00:30 . 2012-03-01 05:37 172544 c:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.1.7601.17787_none_f16cf8e6f88907f8\wintrust.dll
+ 2012-04-11 00:30 . 2012-03-01 05:29 172544 c:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.1.7600.21160_none_f01eaea0147685d5\wintrust.dll
+ 2012-04-11 00:30 . 2012-03-01 05:49 172544 c:\windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.1.7600.16970_none_ef8a69c6fb60ceba\wintrust.dll
+ 2012-04-11 00:41 . 2012-02-28 00:54 716800 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.4.8112.20548_none_9bda8a4e2a92318f\jscript.dll
+ 2012-04-11 00:41 . 2012-02-28 01:06 716800 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.4.8112.16443_none_9b4bec1111791312\jscript.dll
+ 2012-04-11 00:41 . 2012-02-28 00:50 176640 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20548_none_7d9d0e56e18ce3cb\ieui.dll
+ 2012-04-11 00:41 . 2012-02-28 00:59 176640 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16443_none_7d0e7019c873c54e\ieui.dll
+ 2012-04-11 00:41 . 2012-02-28 00:57 231936 c:\windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_9.4.8112.20548_none_092572fd91383b12\url.dll
+ 2012-04-11 00:41 . 2012-02-28 01:09 231936 c:\windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_9.4.8112.16443_none_0896d4c0781f1c95\url.dll
+ 2012-04-11 00:41 . 2012-02-28 01:26 141112 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20548_none_609e4c10bff20ac5\sqmapi.dll
+ 2012-04-11 00:41 . 2012-02-28 01:58 141112 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16443_none_600fadd3a6d8ec48\sqmapi.dll
+ 2012-04-11 00:41 . 2012-02-28 00:55 194048 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_9.4.8112.20548_none_6087d1accda6dd55\IEShims.dll
+ 2012-04-11 00:41 . 2012-02-28 01:08 194048 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_9.4.8112.16443_none_5ff9336fb48dbed8\IEShims.dll
+ 2012-04-11 00:41 . 2012-02-28 01:00 678912 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_9.4.8112.20548_none_549fae87734438a9\iedvtool.dll
+ 2012-04-11 00:41 . 2012-02-28 01:13 678912 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_9.4.8112.16443_none_5411104a5a2b1a2c\iedvtool.dll
+ 2012-04-11 00:30 . 2012-03-01 05:19 159232 c:\windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.21933_none_27ccb28db5c2160c\imagehlp.dll
+ 2012-04-11 00:30 . 2012-03-01 05:33 159232 c:\windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.17787_none_271105689cc96a2c\imagehlp.dll
+ 2012-04-11 00:30 . 2012-03-01 05:27 158720 c:\windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.1.7600.21160_none_25c2bb21b8b6e809\imagehlp.dll
+ 2012-04-11 00:30 . 2012-03-01 05:45 158720 c:\windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.1.7600.16970_none_252e76489fa130ee\imagehlp.dll
+ 2012-04-10 17:17 . 2012-01-26 23:32 630784 c:\windows\winsxs\msil_system.drawing_b03f5f7f11d50a3a_6.1.7601.21910_none_4d22409ec71ee2aa\System.Drawing.dll
+ 2012-04-10 17:17 . 2012-01-26 23:33 630784 c:\windows\winsxs\msil_system.drawing_b03f5f7f11d50a3a_6.1.7601.17769_none_63f41becad73e7af\System.Drawing.dll
+ 2009-10-25 18:53 . 2012-04-12 20:20 306556 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-10-31 23:26 . 2012-04-13 05:40 277270 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-04-11 00:41 . 2012-02-28 01:09 231936 c:\windows\System32\url.dll
- 2012-02-15 23:39 . 2011-12-14 02:55 231936 c:\windows\System32\url.dll
- 2009-07-14 02:05 . 2012-04-07 19:39 624178 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2012-04-11 14:18 624178 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2012-04-11 14:18 106522 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2012-04-07 19:39 106522 c:\windows\System32\perfc009.dat
+ 2012-04-11 00:41 . 2012-02-28 01:06 716800 c:\windows\System32\jscript.dll
- 2012-02-15 23:39 . 2011-12-14 02:53 716800 c:\windows\System32\jscript.dll
- 2012-01-18 16:38 . 2011-11-10 10:54 157472 c:\windows\System32\javaws.exe
+ 2012-04-12 02:37 . 2012-04-12 02:36 157472 c:\windows\System32\javaws.exe
- 2012-01-18 16:38 . 2011-11-10 10:54 149280 c:\windows\System32\javaw.exe
+ 2012-04-12 02:37 . 2012-04-12 02:36 149280 c:\windows\System32\javaw.exe
+ 2012-04-12 02:37 . 2012-04-12 02:36 149280 c:\windows\System32\java.exe
- 2012-01-18 16:38 . 2011-11-10 10:54 149280 c:\windows\System32\java.exe
- 2012-02-15 23:39 . 2011-12-14 02:47 176640 c:\windows\System32\ieui.dll
+ 2012-04-11 00:41 . 2012-02-28 00:59 176640 c:\windows\System32\ieui.dll
+ 2009-07-14 04:47 . 2012-04-11 07:51 320608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2012-04-06 16:51 320608 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-21 21:40 . 2012-01-21 21:40 616216 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
+ 2012-04-10 17:17 . 2012-01-26 23:33 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 616216 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-04-12 02:37 . 2012-04-12 02:37 207360 c:\windows\Installer\2accd3e.msi
+ 2009-05-26 03:46 . 2012-04-11 00:41 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-05-26 03:46 . 2012-02-07 08:09 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-05-26 03:46 . 2012-04-11 00:41 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2009-05-26 03:46 . 2012-02-07 08:09 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-05-26 03:46 . 2012-04-11 00:41 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-05-26 03:46 . 2012-02-07 08:09 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2009-05-26 03:46 . 2012-02-07 08:09 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-05-26 03:46 . 2012-04-11 00:41 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2012-04-12 02:49 . 2012-04-12 02:49 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ebd99d5801192b27f605630e2665db37\WindowsFormsIntegration.ni.dll
+ 2012-04-12 02:49 . 2012-04-12 02:49 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9cabbb335fc6dff10392376707a4d0a2\System.ServiceProcess.ni.dll
+ 2012-04-12 02:49 . 2012-04-12 02:49 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\621d2aae96fd06f9ccf66d335d7f1232\System.Messaging.ni.dll
+ 2012-04-12 02:49 . 2012-04-12 02:49 303104 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09237903b1f9e5c7a69a4995d85eaa35\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\d18f95503898b5d36f34b0c2872e3bf8\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dfc4c5fb2fd7cf7ef2ca7904ed8894cd\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c1cebbe0a603a48640715cc614a56e17\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7199c63efa6d23b6c1d6b9ff71c398b8\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6f253f7ba5f5f6c78b49e04ced9dd12a\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6dcc537cfbcba1817782f9e511c2e723\WindowsLive.Writer.Interop.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\56037ee13224135f0d3ee8880bbb33fc\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\33a88abae7d5ca2d8ead246bf37f50e1\WindowsLive.Writer.Api.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1b9c8bb92aacd9125d1e28ca09671a91\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1813db84c903f2ef58c0ba888a4facb8\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-04-11 23:05 . 2012-04-11 23:05 780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0d389bf5258c236e30054063334a45ee\WindowsLive.Writer.Controls.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\4725a5afe563175d731fa6b5c338803b\WindowsLive.Client.ni.dll
+ 2012-04-12 01:10 . 2012-04-12 01:10 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\688abb339fb8301c37b0889a0d01dfa3\WindowsFormsIntegration.ni.dll
+ 2012-04-11 23:05 . 2012-04-11 23:05 284160 c:\windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\e88fac9005a6a398c23e707df42cad3b\VistaBridgeLibrary.ni.dll
+ 2012-04-11 23:05 . 2012-04-11 23:05 477184 c:\windows\assembly\NativeImages_v2.0.50727_32\VDialog\62101528202fa66637cc0562d2648631\VDialog.ni.dll
+ 2012-04-12 01:10 . 2012-04-12 01:10 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\97d8bd8f21969a91b7c5171031250d1e\TaskScheduler.ni.dll
+ 2012-04-12 01:10 . 2012-04-12 01:10 231936 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\02b8b85bbf55c2758bc47ad214421889\TaskScheduler.ni.dll
+ 2012-04-12 01:10 . 2012-04-12 01:10 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\2d9aab831590b771aa70cd6991f7af88\System.Web.Routing.ni.dll
+ 2012-04-12 01:10 . 2012-04-12 01:10 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\47e3f7fa0b07e85e269f2e152e0e5e29\System.Web.Extensions.Design.ni.dll
+ 2012-04-12 01:10 . 2012-04-12 01:10 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\3595f5769afb7d38aa5a05abef97364c\System.Web.Entity.ni.dll
+ 2012-04-12 01:10 . 2012-04-12 01:10 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\7485eeab1b46532b35d7ab5814a43a30\System.Web.Entity.Design.ni.dll
+ 2012-04-12 01:10 . 2012-04-12 01:10 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ec083a1d2f94e4c565545f9d090c5039\System.Web.DynamicData.ni.dll
+ 2012-04-11 23:07 . 2012-04-11 23:07 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\88430faf21e241f93d02711e35173de6\System.Web.Abstractions.ni.dll
+ 2012-04-11 00:50 . 2012-04-11 00:50 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c2c7f68605a42caef1b7a19c51de58b4\System.ServiceProcess.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\69b1de7425d09eb9fe42f81882d2896e\System.Messaging.ni.dll
+ 2012-04-11 00:50 . 2012-04-11 00:50 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b64b898fd099d1644a8673137ac56011\System.Drawing.Design.ni.dll
+ 2012-04-11 23:05 . 2012-04-11 23:05 483840 c:\windows\assembly\NativeImages_v2.0.50727_32\QSUI\6c58d198df3dbbcf862996418b7d2d44\QSUI.ni.exe
+ 2012-04-11 23:07 . 2012-04-11 23:07 725504 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\463d3b3f15e222c19705d401d110e26a\napsnap.ni.dll
+ 2012-04-11 23:07 . 2012-04-11 23:07 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\3905d93b593c73ace427731406f37cf1\napsnap.ni.dll
+ 2012-04-11 23:07 . 2012-04-11 23:07 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\65f2996ff691f5656e53578d77296fc8\napinit.ni.dll
+ 2012-04-11 23:07 . 2012-04-11 23:07 110080 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\573252efbccfc4cd742af9d776cf4fd9\napinit.ni.dll
+ 2012-04-11 23:05 . 2012-04-11 23:05 286208 c:\windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\361cf10e13eeab29dd21537523df8227\MyDock.Util.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\c83df01d683dbeb36be10218cc50ff03\MMCFxCommon.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 229888 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\5f3f52254b8d67c49c41000bebbfcd25\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\68842b507f3ad7fa603bf57c813c6a0c\Microsoft.ManagementConsole.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 371712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcplayerinterop\69d9ceeea7906352b58c886125441d04\mcplayerinterop.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\mcGlidHostObj\2798f2ea2bff1c2b419097d8f7f72c55\mcGlidHostObj.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 538112 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\a372b8db1b039410e753da4d31c3320a\EventViewer.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\4e2b9e7e956dcee6a9721b57c8ccde60\EventViewer.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost\26196255cd97576cb1add9e53a98a6a3\ehExtHost.ni.exe
+ 2012-04-11 23:04 . 2012-04-11 23:04 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\7fce1bdb15aebc05ba6c92431550b3e5\AspNetMMCExt.ni.dll
+ 2012-04-10 17:17 . 2012-01-26 23:33 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-04-11 00:41 . 2012-02-28 01:06 1799168 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.4.8112.20548_none_9bda8a4e2a92318f\jscript9.dll
+ 2012-04-11 00:41 . 2012-02-28 01:18 1799168 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.4.8112.16443_none_9b4bec1111791312\jscript9.dll
+ 2012-04-11 00:30 . 2012-03-06 05:41 3916656 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntoskrnl.exe
+ 2012-04-11 00:30 . 2012-03-06 05:41 3972464 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntkrnlpa.exe
+ 2012-04-11 00:30 . 2012-03-06 05:59 3913072 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntoskrnl.exe
+ 2012-04-11 00:30 . 2012-03-06 05:59 3968368 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntkrnlpa.exe
+ 2012-04-11 00:30 . 2012-03-06 05:59 3915632 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21163_none_6ca3d7592e85ff3f\ntoskrnl.exe
+ 2012-04-11 00:30 . 2012-03-06 05:59 3971440 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21163_none_6ca3d7592e85ff3f\ntkrnlpa.exe
+ 2012-04-11 00:30 . 2012-03-06 05:59 3902320 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16973_none_6c0f928015704824\ntoskrnl.exe
+ 2012-04-11 00:30 . 2012-03-06 05:59 3958128 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16973_none_6c0f928015704824\ntkrnlpa.exe
+ 2012-04-11 00:41 . 2012-02-28 01:04 9705984 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.20548_none_7d9d0e56e18ce3cb\ieframe.dll
+ 2012-04-11 00:41 . 2012-02-28 01:27 9705984 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_9.4.8112.16443_none_7d0e7019c873c54e\ieframe.dll
+ 2012-04-11 00:41 . 2012-02-28 00:53 1792000 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.20548_none_609e4c10bff20ac5\iertutil.dll
+ 2012-04-11 00:41 . 2012-02-28 01:04 1792000 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.4.8112.16443_none_600fadd3a6d8ec48\iertutil.dll
+ 2012-04-11 00:41 . 2012-02-28 00:58 1127424 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20548_none_1ae39534d540ec68\wininet.dll
+ 2012-04-11 00:41 . 2012-02-28 01:11 1127424 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16443_none_1a54f6f7bc27cdeb\wininet.dll
+ 2012-04-11 00:41 . 2012-02-28 00:59 1103360 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_9.4.8112.20548_none_cdddb9930a37c5d5\urlmon.dll
+ 2012-04-11 00:41 . 2012-02-28 01:12 1103360 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_9.4.8112.16443_none_cd4f1b55f11ea758\urlmon.dll
- 2012-02-15 23:39 . 2011-12-14 02:57 1127424 c:\windows\System32\wininet.dll
+ 2012-04-11 00:41 . 2012-02-28 01:11 1127424 c:\windows\System32\wininet.dll
- 2012-02-15 23:39 . 2011-12-14 02:57 1103360 c:\windows\System32\urlmon.dll
+ 2012-04-11 00:41 . 2012-02-28 01:12 1103360 c:\windows\System32\urlmon.dll
- 2009-07-14 02:03 . 2012-03-14 01:22 7340032 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:03 . 2012-04-11 00:46 7340032 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2012-04-11 00:41 . 2012-02-28 01:18 1799168 c:\windows\System32\jscript9.dll
- 2012-02-15 23:39 . 2011-12-14 02:52 1792000 c:\windows\System32\iertutil.dll
+ 2012-04-11 00:41 . 2012-02-28 01:04 1792000 c:\windows\System32\iertutil.dll
+ 2012-04-11 00:41 . 2012-02-28 01:27 9705984 c:\windows\System32\ieframe.dll
+ 2009-07-14 04:34 . 2012-04-11 00:51 7111408 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:34 . 2012-03-14 01:26 7111408 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2012-02-22 08:04 . 2012-02-22 08:04 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-02-22 08:03 . 2012-02-22 08:04 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-02-22 08:03 . 2012-02-22 08:03 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-04-11 00:37 . 2012-04-11 00:37 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-02-22 08:04 . 2012-02-22 08:04 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-03-23 18:59 . 2012-03-23 18:59 7899648 c:\windows\Installer\8f0770c.msp
+ 2011-11-01 17:34 . 2011-11-01 17:34 1169920 c:\windows\Installer\8f076fa.msp
+ 2012-01-22 14:09 . 2012-01-22 14:09 1700352 c:\windows\Installer\8f076e9.msp
- 2009-05-26 03:46 . 2012-02-07 08:09 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-05-26 03:46 . 2012-04-11 00:41 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2012-04-11 00:40 . 2012-04-11 00:40 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\02ea3ff3b5908b51da47e1aeb9e75b04\WindowsBase.ni.dll
+ 2012-04-12 02:49 . 2012-04-12 02:49 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\acae13e8725a0a5da6dcda3e309cb9d2\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-04-12 02:49 . 2012-04-12 02:49 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\7175344bfab919484674d37de776a82f\System.Printing.ni.dll
+ 2012-04-11 00:39 . 2012-04-11 00:39 1665536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c02325260bdcecd695a87bbb24547df2\System.Drawing.ni.dll
+ 2012-04-12 02:49 . 2012-04-12 02:49 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\d0ae88ebdc709e940fbd0c6bafcab13c\System.Deployment.ni.dll
+ 2012-04-12 02:49 . 2012-04-12 02:49 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\f4311e621d2bbf4de0d32bae765b1484\System.Activities.Presentation.ni.dll
+ 2012-04-12 02:49 . 2012-04-12 02:49 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\f4ab7bc19b981163de613143a1e1c997\ReachFramework.ni.dll
+ 2012-04-12 02:49 . 2012-04-12 02:49 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\3e896ba1c3cc8d62c267508dccd7aa5a\PresentationUI.ni.dll
+ 2012-04-12 02:49 . 2012-04-12 02:49 1139712 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\b568128ba083f17ce78eb224d9b85f4d\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-04-12 02:49 . 2012-04-12 02:49 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1f54c28f39e25b121c374480ad50d384\Microsoft.VisualBasic.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ccd6bd76154a0c65e99ce3dfbfd99a77\WindowsLive.Writer.Localization.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 1285632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b92ca36379e0e7fcfe5ef1e28b5cd7cf\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-04-11 23:05 . 2012-04-11 23:05 7025152 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5a0f0d8b2827bb43452046b47b5846a8\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-04-11 23:05 . 2012-04-11 23:05 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\02ffe1a4f894782e139d2da83562dfb8\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-04-12 01:10 . 2012-04-12 01:10 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\d362f68d3bf954ba55a4494a659492af\System.WorkflowServices.ni.dll
+ 2012-04-11 00:50 . 2012-04-11 00:50 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6d2f8bad410dae6049507d7bc097a62d\System.Workflow.ComponentModel.ni.dll
+ 2012-04-11 00:50 . 2012-04-11 00:50 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\31fd6842b7ccb502dc2f5f11c1f991bd\System.Workflow.Activities.ni.dll
+ 2012-04-12 01:10 . 2012-04-12 01:10 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\a118322b0f5ffc0e67c06658e8788e1d\System.Web.Mobile.ni.dll
+ 2012-04-11 23:07 . 2012-04-11 23:07 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e6747d0470e8a42907df14af10862844\System.Web.Extensions.ni.dll
+ 2012-04-11 00:50 . 2012-04-11 00:50 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0b27d6da6e6bc319c3805435b818c1e5\System.Printing.ni.dll
+ 2012-04-11 00:49 . 2012-04-11 00:49 1590784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
+ 2012-04-11 00:49 . 2012-04-11 00:49 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\e45611cad86870a7011bb18b9e993861\System.Deployment.ni.dll
+ 2012-04-11 00:50 . 2012-04-11 00:50 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\ffe872f5d03f8bf4d1e1aca71274aec4\ReachFramework.ni.dll
+ 2012-04-11 00:50 . 2012-04-11 00:50 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\167ae650f54f5cd46c07329972f179ad\PresentationUI.ni.dll
+ 2012-04-11 23:07 . 2012-04-11 23:07 2538496 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\f99db644a2675bcffef5dcc7a2028aa0\Narrator.ni.exe
+ 2012-04-11 23:07 . 2012-04-11 23:07 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\a257a560bde7ab36a644943b5b98e281\Narrator.ni.exe
+ 2012-04-11 23:07 . 2012-04-11 23:07 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\a8ac3e062a13d75ff8d632bed75358b0\MMCEx.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\2a348513f0f83117bedeb39a7d10b034\MIGUIControls.ni.dll
+ 2012-04-11 23:05 . 2012-04-11 23:05 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ce70b84dbb9970e1893672c5d430c80\Microsoft.VisualBasic.ni.dll
+ 2012-04-11 23:07 . 2012-04-11 23:07 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\fa55107e814b90ca413e8f49c2892103\Microsoft.PowerShell.Editor.ni.dll
+ 2012-04-11 23:07 . 2012-04-11 23:07 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2737390af5a711edaac2ae91beb9d122\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-04-11 23:07 . 2012-04-11 23:07 1125376 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\ec5b5b2221e6317ba7c51db077b8977d\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4a603d10666b9ee9487e7f0ce27c1c68\Microsoft.MediaCenter.UI.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\142b59a72b233db75ede02941b86291d\Microsoft.MediaCenter.ni.dll
+ 2012-04-11 23:07 . 2012-04-11 23:07 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\ffc29e128c4ddebb991189d617ed1bf7\Microsoft.Ink.ni.dll
+ 2012-04-11 23:07 . 2012-04-11 23:07 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\0c9d80e810caa6aeb85bd4d253281434\Microsoft.Build.Tasks.ni.dll
+ 2012-04-11 23:07 . 2012-04-11 23:07 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\008b235de7df9c690e3f289f3c776eda\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\227b7eaefe6ae6b78190516516793b4b\mcstore.ni.dll
+ 2012-04-11 23:05 . 2012-04-11 23:05 2557952 c:\windows\assembly\NativeImages_v2.0.50727_32\DellDock\f242a0475e178867b9bf751a28943869\DellDock.ni.exe
+ 2012-04-11 00:41 . 2012-02-28 01:21 12281856 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20548_none_2c3db4535597559e\mshtml.dll
+ 2012-04-11 00:41 . 2012-02-28 01:52 12281856 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16443_none_2baf16163c7e3721\mshtml.dll
+ 2011-05-14 05:18 . 2012-04-11 00:41 56250885 c:\windows\winsxs\ManifestCache\a786a517e28d5687_blobs.bin
+ 2012-04-11 00:41 . 2012-02-28 01:52 12281856 c:\windows\System32\mshtml.dll
+ 2009-11-12 01:05 . 2012-04-11 00:31 55154568 c:\windows\System32\MRT.exe
+ 2010-01-01 21:15 . 2012-04-11 07:51 27344703 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4082460731-2849229238-2951310151-1000-8192.dat
+ 2011-04-30 18:41 . 2012-04-11 07:51 20518186 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4082460731-2849229238-2951310151-1000-4096.dat
- 2011-04-30 18:41 . 2012-04-05 07:27 20518186 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4082460731-2849229238-2951310151-1000-4096.dat
+ 2012-04-12 02:35 . 2012-04-12 02:35 12938752 c:\windows\Installer\2accd2e.msi
+ 2012-04-11 00:40 . 2012-04-11 00:40 13197312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0b36565a61f83137806e71b287d81042\System.Windows.Forms.ni.dll
+ 2012-04-11 00:40 . 2012-04-11 00:40 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7786f3e95a399a8b6691170ae2fe0e1c\PresentationFramework.ni.dll
+ 2012-04-11 00:40 . 2012-04-11 00:40 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\239eba799555dbe10760ee80c8c8df7c\PresentationCore.ni.dll
+ 2012-04-11 00:49 . 2012-04-11 00:49 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
+ 2012-04-11 00:50 . 2012-04-11 00:50 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
+ 2012-04-11 00:50 . 2012-04-11 00:50 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\846a51eb446bee41a26a6914a95e38cd\System.Design.ni.dll
+ 2012-04-11 00:50 . 2012-04-11 00:50 14339072 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43e23da6683962ea1168aaf007bbc35d\PresentationFramework.ni.dll
+ 2012-04-11 00:49 . 2012-04-11 00:49 12234752 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74d980e52c1791f1b8608d767a393144\PresentationCore.ni.dll
+ 2012-04-11 23:05 . 2012-04-11 23:05 15881728 c:\windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\a5ffb6a51febf96bb1c112d07da256bd\MenuSkinning.ni.dll
+ 2012-04-11 23:06 . 2012-04-11 23:06 18686976 c:\windows\assembly\NativeImages_v2.0.50727_32\ehshell\b85fdf1793ee133ec51840f6cc9266e8\ehshell.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-30 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-18 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-04 198160]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-05-04 115560]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2009-09-16 136080]
"Absolute Notifier"="c:\program files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2011-05-10 85672]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-08 293992]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Aaron Segal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SonicClock 2009 by CSM.lnk - c:\users\Aaron Segal\Documents\SonicClock.py [2009-6-15 2395]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-05-26 03:50 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 04:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9e166f7f89f27;Google Update Service (gupdate1c9e166f7f89f27);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 133104]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-04-22 9728]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-04-22 3072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 133104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-26 1343400]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 1361288]
R4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-27 721904]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2011-05-10 10920]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2009-09-16 121744]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 ALSysIO;ALSysIO;c:\users\AARONS~1\AppData\Local\Temp\ALSysIO.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-24 232512]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-13 106104]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-30 20:51]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 20:40]
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 20:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 130.132.1.9 130.132.1.10 130.132.1.11
FF - ProfilePath - c:\users\Aaron Segal\AppData\Roaming\Mozilla\Firefox\Profiles\iut2oayf.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4082460731-2849229238-2951310151-1000\Software\SecuROM\License information*]
"datasecu"=hex:f3,b0,ba,28,eb,e4,cc,53,65,6a,63,5b,7a,c8,8c,86,ea,47,5c,61,b5,
37,bb,e7,ca,7f,8a,8f,53,ab,12,80,d8,fc,11,1c,f6,40,ac,5a,8a,9a,fe,9f,ae,2e,\
"rkeysecu"=hex:2f,9d,b2,88,3b,31,0f,68,ef,52,35,9c,a4,84,e6,eb
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(636)
c:\windows\system32\psqlpwd.DLL
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
- - - - - - - > 'Explorer.exe'(3908)
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Completion time: 2012-04-13 03:15:33
ComboFix-quarantined-files.txt 2012-04-13 07:15
ComboFix2.txt 2012-04-09 06:52
.
Pre-Run: 11,993,272,320 bytes free
Post-Run: 12,065,857,536 bytes free
.
- - End Of File - - 59A8EC9E000E440D94F24D36B067A9BD

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:40 PM

Posted 13 April 2012 - 03:15 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 30 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:40 PM

Posted 16 April 2012 - 12:33 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 aaronak

aaronak
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 16 April 2012 - 12:56 AM

Sorry about waiting. The computer is still running well, no redirects! Here are the logs:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.16.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Aaron Segal :: PENELOPE [administrator]

4/16/2012 1:36:38 AM
mbam-log-2012-04-16 (01-36-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218326
Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Refog Software (Refog.Keylogger) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

-------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:55:19 AM, on 4/16/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Notepad++\notepad++.exe
C:\Windows\system32\taskhost.exe
C:\Misc\Python27\python.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Absolute Notifier] "C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-21-4082460731-2849229238-2951310151-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-4082460731-2849229238-2951310151-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - S-1-5-21-4082460731-2849229238-2951310151-1003 User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'UpdatusUser')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: SonicClock 2009 by CSM.lnk = ?
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Absolute Notifier (AbsoluteNotifier) - Absolute Software - C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9e166f7f89f27) (gupdate1c9e166f7f89f27) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: OpenVPNService - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 12578 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:40 PM

Posted 16 April 2012 - 01:06 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
      O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
      O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
      O4 - HKLM\..\Run: [Absolute Notifier] "C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
      O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
      O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKUS\S-1-5-21-4082460731-2849229238-2951310151-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-4082460731-2849229238-2951310151-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
      O4 - S-1-5-21-4082460731-2849229238-2951310151-1003 User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'UpdatusUser')
      O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
      O4 - Startup: SonicClock 2009 by CSM.lnk = ?
      O4 - Global Startup: AutorunsDisabled
      O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users