Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess Rootkit, google redirects


  • This topic is locked This topic is locked
23 replies to this topic

#1 reikendude

reikendude

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 09 April 2012 - 04:44 PM

For a few weeks now I've had a problem with google redirects. Of course I ran my virus scan, but initially it didn't find anything of note, so I let it be. My Norton performs idle time scans and detected ZeroAccess on my system today, but there was no option to remove it. I followed the procedures that the Norton website had me do, but I am still infected with it and I still have the redirects. I'm not sure how to proceed and don't want to do anything to harm my computer.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Kyle at 16:29:58 on 2012-04-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.882 [GMT -5:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Windows\system32\lxdccoms.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Users\Kyle\AppData\Local\Akamai\netsession_win.exe
C:\Users\Kyle\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.134\deploy\LolClient.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://search.imesh.com
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uURLSearchHooks: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - C:\Program Files (x86)\Dealio Toolbar\IE\5.2\dealioToolbarIE.dll
uURLSearchHooks: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll
mURLSearchHooks: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll
mWinlogon: Userinit=userinit.exe
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - C:\Program Files (x86)\Dealio Toolbar\IE\5.2\dealioToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\IPS\IPSBHO.DLL
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll
BHO: DataMngr: {be7a24f5-69cb-4708-b77b-b1eda6043b95} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\BROWSE~1.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\coIEPlg.dll
TB: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll
TB: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - C:\Program Files (x86)\Dealio Toolbar\IE\5.2\dealioToolbarIE.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
uRun: [Akamai NetSession Interface] "C:\Users\Kyle\AppData\Local\Akamai\netsession_win.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DATAMNGR] C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [<NO NAME>]
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
StartupFolder: C:\Users\Kyle\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 4.2.2.2 8.8.8.8
TCP: Interfaces\{6793F14E-FF6D-4EF4-9B97-25F49B3DBF25} : DhcpNameServer = 4.2.2.2 8.8.8.8
TCP: Interfaces\{6793F14E-FF6D-4EF4-9B97-25F49B3DBF25}\16474777966696 : DhcpNameServer = 10.130.136.129 64.134.255.2 64.134.255.10
TCP: Interfaces\{6793F14E-FF6D-4EF4-9B97-25F49B3DBF25}\4457564656E4564723 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6793F14E-FF6D-4EF4-9B97-25F49B3DBF25}\5505C616A716 : DhcpNameServer = 4.2.2.2 8.8.8.8
TCP: Interfaces\{6793F14E-FF6D-4EF4-9B97-25F49B3DBF25}\A4566666 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{6793F14E-FF6D-4EF4-9B97-25F49B3DBF25}\C41626751405 : DhcpNameServer = 4.2.2.2 8.8.8.8
TCP: Interfaces\{6793F14E-FF6D-4EF4-9B97-25F49B3DBF25}\E494557657563747 : DhcpNameServer = 131.156.1.11 131.156.126.2
TCP: Interfaces\{6793F14E-FF6D-4EF4-9B97-25F49B3DBF25}\E4945577962756C6563737 : DhcpNameServer = 131.156.1.11 131.156.126.2
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
BHO-X64: Dealio Toolbar: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\5.2\dealioToolbarIE.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
BHO-X64: Wincore Mediabar - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll
BHO-X64: PageRage - No File
BHO-X64: DataMngr: {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\BROWSE~1.DLL
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\coIEPlg.dll
TB-X64: PageRage Toolbar: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files (x86)\PageRage\prxtbPage.dll
TB-X64: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
TB-X64: Dealio Toolbar: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\5.2\dealioToolbarIE.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [DATAMNGR] C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [(Default)]
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
AppInit_DLLs-X64: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\o1kyaz0f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=1097&systemid=1&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\o1kyaz0f.default\extensions\LogMeInClient@logmein.com\plugins\npLMI64.dll
FF - plugin: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\o1kyaz0f.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 27e7d0f4-8045-46ab-b817-cf9a9de8df30
FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage/Ads,PageRage/Global,PageRageTeases,Buzzdock,BuzzDockTease,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 SMR250;Symantec SMR Utility Service 2.5.0;C:\Windows\system32\drivers\SMR250.SYS --> C:\Windows\system32\drivers\SMR250.SYS [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002_24f\BHDrvx64.sys [2012-3-17 1157240]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120406.002\IDSviA64.sys [2012-4-6 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502010.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-3-16 782744]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-5-6 263496]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-25 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-3-20 2425960]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 lxdc_device;lxdc_device;C:\Windows\system32\lxdccoms.exe -service --> C:\Windows\system32\lxdccoms.exe -service [?]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccsvchst.exe [2012-4-3 130008]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-25 2656280]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-8 138360]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdcserv.exe [2007-5-25 34224]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-09 21:13:58 116016 ----a-w- C:\Windows\System32\drivers\52527598.sys
2012-04-09 06:28:00 -------- d-----w- C:\Users\Kyle\AppData\Local\{7578BC10-6969-4440-9618-73AE5C7F3A46}
2012-04-09 03:32:49 96376 ----a-w- C:\Windows\System32\drivers\SMR250.SYS
2012-04-09 03:32:47 -------- d-----w- C:\Program Files (x86)\Dealio Toolbar
2012-04-09 03:32:47 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-04-09 03:32:47 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-04-09 03:32:41 -------- d-----w- C:\Users\Kyle\AppData\Local\NPE
2012-04-09 03:25:43 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys
2012-04-08 18:27:24 -------- d-----w- C:\Users\Kyle\AppData\Local\{E8BA2BF1-0D5E-4A55-88A0-7C80FBECAC28}
2012-04-06 20:16:03 -------- d-----w- C:\Users\Kyle\AppData\Local\{95AFB450-35FE-491F-A2E8-CD00E76449AF}
2012-04-06 05:23:14 -------- d-----w- C:\Users\Kyle\AppData\Local\{DCB12DC4-A3BE-4980-8873-0C6102BE5904}
2012-04-06 05:05:48 -------- d-----w- C:\Users\Kyle\AppData\Local\{99C4AF8A-543C-48B4-93C5-BD3D1D08E582}
2012-04-06 01:34:16 -------- d-----w- C:\Users\Kyle\AppData\Local\{1D99DDF1-1A86-45B1-9735-13DAFD3FCBC1}
2012-04-05 19:36:33 -------- d-----w- C:\Users\Kyle\AppData\Local\{534ABF66-66C6-4D7F-8916-A387AA0BD3F7}
2012-04-05 07:28:24 -------- d-----w- C:\Users\Kyle\AppData\Local\{75AA95DE-9CA8-410C-888C-4BF902F979E0}
2012-04-04 19:27:34 -------- d-----w- C:\Users\Kyle\AppData\Local\{28F418C1-F8AB-4104-950E-49A8FE2EA4F5}
2012-04-04 07:27:11 -------- d-----w- C:\Users\Kyle\AppData\Local\{6022C1AB-BACE-4C24-A637-CE15034C93BD}
2012-04-03 23:23:21 386168 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symnets.sys
2012-04-03 23:23:20 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symefa64.sys
2012-04-03 23:23:20 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\srtsp64.sys
2012-04-03 23:23:20 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\symds64.sys
2012-04-03 23:23:20 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0502010.003\srtspx64.sys
2012-04-03 23:23:19 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0502010.003\ironx64.sys
2012-04-03 23:23:05 -------- d-----w- C:\Windows\System32\drivers\N360x64\0502010.003
2012-04-03 19:26:49 -------- d-----w- C:\Users\Kyle\AppData\Local\{FDB45FDB-031F-4F91-AFE2-6E22E00B6487}
2012-04-01 19:25:23 -------- d-----w- C:\Users\Kyle\AppData\Local\{6B16EC4B-2F5E-425A-A240-C70402E5E05B}
2012-04-01 00:22:32 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-04-01 00:22:04 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-03-31 20:09:14 -------- d-----w- C:\Users\Kyle\AppData\Roaming\digipen
2012-03-31 20:09:14 -------- d-----w- C:\Users\Kyle\AppData\Local\digipen
2012-03-31 20:04:51 -------- d-----w- C:\Program Files (x86)\Digipen
2012-03-31 19:38:44 -------- d-----w- C:\Users\Kyle\AppData\Local\{77C43126-53F1-4922-8662-946301AF89E8}
2012-03-31 09:18:10 -------- d-----w- C:\Users\Kyle\AppData\Local\{A4B30F8F-CB2E-470B-98F8-295C1B07BDA4}
2012-03-31 01:26:28 -------- d-----w- C:\Users\Kyle\AppData\Roaming\Beat Hazard
2012-03-30 21:17:34 -------- d-----w- C:\Users\Kyle\AppData\Local\{F7441FDD-3E29-4372-8B5C-9E41A5ABDE22}
2012-03-30 09:17:13 -------- d-----w- C:\Users\Kyle\AppData\Local\{5A18F7B4-32D1-483A-8229-BBC2A174C7FF}
2012-03-29 21:17:21 -------- d-----w- C:\Users\Kyle\AppData\Local\{2BDD8F27-B0C7-487E-99C7-85AB69567808}
2012-03-29 05:35:44 -------- d-----w- C:\Users\Kyle\AppData\Local\{4089B314-35FF-478B-A56D-76AE660E41B6}
2012-03-28 17:35:07 -------- d-----w- C:\Users\Kyle\AppData\Local\{B39D3C23-3E6D-4E05-9D23-6ECB54E677B0}
2012-03-28 17:34:56 -------- d-----w- C:\Users\Kyle\AppData\Local\{D923E362-D5EE-46F3-A8EE-944CCB074D9E}
2012-03-28 05:34:42 -------- d-----w- C:\Users\Kyle\AppData\Local\{3A033461-AF96-4017-8BBA-7D21C93BECBF}
2012-03-28 05:34:19 -------- d-----w- C:\Users\Kyle\AppData\Local\{DEE14068-3E26-4BF0-B8B6-4A55922AF41A}
2012-03-27 17:34:04 -------- d-----w- C:\Users\Kyle\AppData\Local\{2472BFB6-5ED3-4246-ACBD-F5EA1ABC1F4A}
2012-03-27 17:33:46 -------- d-----w- C:\Users\Kyle\AppData\Local\{D755609A-F4CC-440B-B983-2B6DE39F7301}
2012-03-27 04:27:40 -------- d-----w- C:\Users\Kyle\AppData\Local\{CBD9957F-0F97-4B76-9764-BC5F160EE924}
2012-03-27 04:27:18 -------- d-----w- C:\Users\Kyle\AppData\Local\{5436C9B5-C2CD-40E2-B85E-61C54B0146A9}
2012-03-26 16:27:28 -------- d-----w- C:\Users\Kyle\AppData\Local\{E48CA2F9-E5F3-4B2F-922A-961B5919EE64}
2012-03-25 17:50:57 -------- d-----w- C:\Users\Kyle\AppData\Local\{2EEC0B61-F3CC-4CED-A34F-3259CC252F21}
2012-03-25 17:50:35 -------- d-----w- C:\Users\Kyle\AppData\Local\{8437E3A9-91BB-43FF-A85C-7EDF56D5BBE2}
2012-03-25 09:27:15 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2012-03-25 09:27:15 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2012-03-25 09:26:56 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2012-03-25 09:26:47 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2012-03-25 09:26:47 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2012-03-25 09:26:37 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2012-03-25 09:26:37 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2012-03-25 09:26:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2012-03-25 09:23:25 -------- d-----w- C:\Windows\ehome
2012-03-25 08:57:55 -------- d-----w- C:\ProgramData\Synaptics
2012-03-25 08:50:57 -------- d-----w- C:\Program Files (x86)\SymSilent
2012-03-25 08:50:22 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-03-25 08:46:05 -------- d-----w- C:\Program Files (x86)\HP SimplePass 2011
2012-03-25 08:45:58 -------- d-----w- C:\Program Files\Common Files\AuthenTec
2012-03-25 08:45:58 -------- d-----w- C:\Program Files (x86)\Common Files\AuthenTec
2012-03-25 08:45:38 -------- d-----w- C:\ProgramData\Downloaded Installations
2012-03-25 08:45:08 -------- d-----w- C:\ProgramData\Norton
2012-03-25 08:44:36 -------- d-----w- C:\ProgramData\NortonInstaller
2012-03-25 08:43:22 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2012-03-25 08:42:40 -------- d-----r- C:\Program Files\Online Services
2012-03-25 08:39:32 142336 ----a-w- C:\Windows\System32\poqexec.exe
2012-03-25 08:39:32 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2012-03-25 08:38:23 -------- d-----w- C:\Program Files\Symantec
2012-03-25 08:36:56 -------- d-----w- C:\Windows\Hewlett-Packard
2012-03-25 08:36:30 327008 ----a-w- C:\Windows\System32\RaCoInstx.dll
2012-03-25 08:36:30 1813056 ----a-w- C:\Windows\System32\drivers\netr28x.sys
2012-03-25 08:36:29 -------- d-----w- C:\ProgramData\Ralink Driver
2012-03-25 08:35:25 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-03-25 08:35:12 6012416 ----a-w- C:\Windows\System32\IDTNGUI.exe
2012-03-25 08:35:12 564224 ----a-w- C:\Windows\System32\idt64mp1.exe
2012-03-25 08:35:12 5077504 ----a-w- C:\Windows\System32\IDTNHP.dll
2012-03-25 08:35:12 4113408 ----a-w- C:\Windows\System32\stlang64.dll
2012-03-25 08:35:12 233472 ----a-w- C:\Windows\System32\IDTNJ.exe
2012-03-25 08:35:12 1819136 ----a-w- C:\Windows\System32\IDTNC64.cpl
2012-03-25 08:35:12 1424896 ----a-w- C:\Windows\sttray64.exe
2012-03-25 08:35:12 1041920 ----a-w- C:\Windows\System32\IDTNX.dll
2012-03-25 08:35:11 -------- d-----w- C:\Windows\System32\SRSLabs
2012-03-25 08:34:45 251392 ----a-w- C:\Windows\System32\staco64.dll
2012-03-25 08:34:35 -------- d-----w- C:\Windows\SysWow64\sda
2012-03-25 08:34:30 -------- d-----w- C:\Program Files (x86)\Realtek
2012-03-25 08:34:29 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2012-03-25 08:34:22 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2012-03-25 08:34:03 557848 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2012-03-25 08:33:49 -------- d-----w- C:\Program Files\Synaptics
2012-03-25 08:33:28 -------- d-----w- C:\Program Files\Common Files\Intel
2012-03-25 08:33:27 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2012-03-25 08:32:33 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2012-03-25 08:32:30 -------- d-----w- C:\Intel
2012-03-25 05:50:23 -------- d-----w- C:\Users\Kyle\AppData\Local\{DBC8D451-CC2A-4A2A-9E4A-0661567EC3EA}
2012-03-25 05:50:02 -------- d-----w- C:\Users\Kyle\AppData\Local\{36EB9005-70AC-455D-B4D7-CACE9CF7A24B}
2012-03-24 17:49:50 -------- d-----w- C:\Users\Kyle\AppData\Local\{40529A85-F466-4F79-A65A-FF479C004B5F}
2012-03-24 17:49:29 -------- d-----w- C:\Users\Kyle\AppData\Local\{69B17CA8-C3F2-4FC4-A75A-0F1545465D43}
2012-03-24 05:49:14 -------- d-----w- C:\Users\Kyle\AppData\Local\{B62FE4F0-F961-4F1B-9327-3D6F77B09ACE}
2012-03-24 05:48:52 -------- d-----w- C:\Users\Kyle\AppData\Local\{0FE02B21-6081-4F95-8660-AF6245425A9B}
2012-03-23 17:48:41 -------- d-----w- C:\Users\Kyle\AppData\Local\{77F0BC6A-F9C9-46D3-9EE2-6F6A72C7E4E5}
2012-03-23 17:48:19 -------- d-----w- C:\Users\Kyle\AppData\Local\{06704E53-9785-4F07-96D4-261A073CC530}
2012-03-23 05:48:07 -------- d-----w- C:\Users\Kyle\AppData\Local\{006128E2-C47E-4682-BF16-D4548A70E796}
2012-03-23 05:47:42 -------- d-----w- C:\Users\Kyle\AppData\Local\{92E15BEF-54F8-4273-89E7-2BAED0BAD9F0}
2012-03-22 17:47:28 -------- d-----w- C:\Users\Kyle\AppData\Local\{D404678C-078C-41B6-8FBF-E4804212FABD}
2012-03-22 17:47:06 -------- d-----w- C:\Users\Kyle\AppData\Local\{5793486F-CF01-4E21-A0D0-2901BB8E6951}
2012-03-22 05:46:52 -------- d-----w- C:\Users\Kyle\AppData\Local\{BC8B633F-DE68-4FAD-B2D2-EC705737A1AD}
2012-03-22 05:46:29 -------- d-----w- C:\Users\Kyle\AppData\Local\{2B95EA06-BF89-498E-9D23-7471BAF14759}
2012-03-21 17:46:16 -------- d-----w- C:\Users\Kyle\AppData\Local\{2634404A-B40F-45AD-963B-AED4C8280A9A}
2012-03-21 05:45:39 -------- d-----w- C:\Users\Kyle\AppData\Local\{0CC92710-E83E-4FDD-8776-9198A0A68BE6}
2012-03-21 05:45:17 -------- d-----w- C:\Users\Kyle\AppData\Local\{F7E69B4B-699B-4865-9315-23DC0AAE743B}
2012-03-20 17:44:50 -------- d-----w- C:\Users\Kyle\AppData\Local\{9D5AD051-D9F5-4290-88CC-80E3ADFB3CE2}
2012-03-20 17:44:35 -------- d-----w- C:\Users\Kyle\AppData\Local\{17409097-1277-4157-96DE-7CC5FCB524E3}
2012-03-20 10:58:43 9887848 ----a-w- C:\Windows\SysWow64\RtsPStorIcon.dll
2012-03-20 10:58:43 339048 ----a-w- C:\Windows\System32\drivers\RtsPStor.sys
2012-03-20 05:53:20 -------- d-----w- C:\Users\Kyle\AppData\Roaming\Tific
2012-03-20 05:53:18 -------- d-----w- C:\Users\Kyle\AppData\Local\Symantec
2012-03-20 05:46:59 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-20 05:46:58 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-20 05:46:58 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-20 05:44:09 -------- d-----w- C:\Users\Kyle\AppData\Local\{9580D2FD-6C92-4CDD-A8BF-ECC20FB5F257}
2012-03-20 05:43:57 -------- d-----w- C:\Users\Kyle\AppData\Local\{1FD27E56-4FAB-4458-9F24-0661A55AA25A}
2012-03-20 05:14:45 -------- d-----w- C:\Users\Kyle\AppData\Roaming\Malwarebytes
2012-03-20 05:14:38 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-20 05:14:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-20 04:27:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-20 04:19:47 -------- d-----w- C:\sh4ldr
2012-03-20 04:19:47 -------- d-----w- C:\Program Files\Enigma Software Group
2012-03-19 23:45:43 -------- d-----w- C:\Users\Kyle\AppData\Local\{106CC55C-D97B-4593-AB02-F4A073D4D080}
2012-03-19 23:45:03 -------- d-----w- C:\Users\Kyle\AppData\Local\{820738C1-709D-46A6-9A21-870FD66D1867}
2012-03-19 11:44:51 -------- d-----w- C:\Users\Kyle\AppData\Local\{9A1E0AAB-9A55-4F98-B806-1AB9C1DD0DF9}
2012-03-18 23:44:37 -------- d-----w- C:\Users\Kyle\AppData\Local\{D17C7ED0-0556-4DAE-A896-FE55AA18DEEA}
2012-03-18 10:29:06 -------- d-----w- C:\Users\Kyle\AppData\Local\{8238FE60-4322-40F0-B7BD-92F4037C3547}
2012-03-18 10:28:52 -------- d-----w- C:\Users\Kyle\AppData\Local\{A56CB1CB-237E-4E29-81D7-AC08960DDE9F}
2012-03-17 22:28:34 -------- d-----w- C:\Users\Kyle\AppData\Local\{45F50F88-46FB-40F9-82DE-AD1BDEB4F8AC}
2012-03-17 02:12:47 -------- d-----w- C:\Users\Kyle\AppData\Local\{10A5B0EB-0C6B-4BA5-804A-C194D946E534}
2012-03-17 02:12:35 -------- d-----w- C:\Users\Kyle\AppData\Local\{9F7362FD-6E7B-4ED6-A9BD-24F32B780C0E}
2012-03-16 00:42:10 -------- d-----w- C:\Program Files (x86)\Strange Loop Games
2012-03-15 21:24:17 -------- d-----w- C:\Users\Kyle\AppData\Local\{16BA6931-4D5A-4481-B374-820802630BEA}
2012-03-15 21:24:01 -------- d-----w- C:\Users\Kyle\AppData\Local\{0A3313D7-7D38-4CBB-AEE5-C5DAB7DC3CC0}
2012-03-15 07:28:37 -------- d-----w- C:\Users\Kyle\AppData\Local\{FC836CC7-2E23-42EB-AC02-DF7D7C80A06D}
2012-03-15 07:28:14 -------- d-----w- C:\Users\Kyle\AppData\Local\{E88C49DA-BDB7-468A-841B-FFD790369411}
2012-03-14 19:27:58 -------- d-----w- C:\Users\Kyle\AppData\Local\{8DE3F369-7C92-44CC-BB93-DF5AAAA00C8E}
2012-03-14 19:26:41 -------- d-----w- C:\Users\Kyle\AppData\Local\{B5FA9BFD-BF2F-4564-98F6-DA03AD747FBA}
2012-03-14 18:59:07 -------- d-----w- C:\Users\Kyle\AppData\Local\{42D03643-5767-4F3C-93E1-F63A28E49331}
2012-03-14 07:40:07 -------- d-----w- C:\Users\Kyle\AppData\Roaming\Doublefine
2012-03-14 07:01:22 -------- d-----w- C:\Program Files (x86)\Alan Wake.v 1.00.16.3209 + 2 DLC
2012-03-14 06:50:28 -------- d-----w- C:\Program Files (x86)\Double Fine Productions
2012-03-14 02:32:04 -------- d-----w- C:\Users\Kyle\AppData\Local\Chromium
2012-03-13 23:15:29 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 23:15:27 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 23:15:27 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 20:21:20 -------- d-----w- C:\Users\Kyle\AppData\Local\{C261892B-63E0-4B6E-9115-6DAC3C78FE0A}
2012-03-13 20:20:57 -------- d-----w- C:\Users\Kyle\AppData\Local\{5AABABC3-B472-4004-8DC7-9DB175BBCE24}
2012-03-13 18:52:38 20480 ----a-w- C:\Windows\svchost.exe
2012-03-13 18:48:14 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\A8CE.tmp
2012-03-13 18:48:14 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\A840.tmp
2012-03-13 17:26:22 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 17:26:22 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 17:26:22 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 17:26:18 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 17:26:18 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 17:26:18 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 17:26:18 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 08:20:26 -------- d-----w- C:\Users\Kyle\AppData\Local\{B75C10F8-F841-4383-8CAF-08EF75B56FC7}
2012-03-13 08:20:04 -------- d-----w- C:\Users\Kyle\AppData\Local\{EC186263-8F33-4411-996D-1766675B906B}
2012-03-12 20:19:48 -------- d-----w- C:\Users\Kyle\AppData\Local\{60C6734F-F7CB-4E4B-A012-AA985EF8902F}
2012-03-12 20:19:25 -------- d-----w- C:\Users\Kyle\AppData\Local\{8AF58862-76F0-4074-A5FD-C24CA7342C4C}
2012-03-12 08:19:08 -------- d-----w- C:\Users\Kyle\AppData\Local\{6D8744DF-B577-4442-B14A-FCBC801FC24D}
2012-03-12 08:18:45 -------- d-----w- C:\Users\Kyle\AppData\Local\{E047AE81-2311-48F5-AAC9-F11B52D10139}
2012-03-11 20:18:17 -------- d-----w- C:\Users\Kyle\AppData\Local\{2D152029-6701-4468-8298-857F8E31F62F}
2012-03-11 20:17:19 -------- d-----w- C:\Users\Kyle\AppData\Local\{C79B358A-C87D-4B48-AC60-2E8E65FCBE73}
.
==================== Find3M ====================
.
2012-04-06 13:09:50 1890 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-02-20 06:52:21 286720 ----a-w- C:\Windows\iun506.exe
2012-02-20 05:19:24 88 --sh--r- C:\ProgramData\EA3B4CDAF4.sys
.
============= FINISH: 16:30:51.86 ===============

I am running Windows 7 64-bit so I do not have a GMER log.

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:49 PM

Posted 09 April 2012 - 05:37 PM

Hello reikendude,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • We need to get a little more information before we continue.


1.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

2.
Please download Listparts64
Run the tool, click Scan and post the log (Result.txt) it makes.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 reikendude

reikendude
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 09 April 2012 - 11:03 PM

I can't get a results log from the aswMBR because it stops responding during the scan. Here is a screencap of when it stopped responding:

http://i72.photobucket.com/albums/i196/reikensan/avastresults.png

Results.txt from listparts64:

ListParts by Farbar Version: 12-03-2012 03
Ran by Kyle (administrator) on 09-04-2012 at 23:01:06
Windows 7 (X64)
Running From: C:\Users\Kyle\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 57%
Total physical RAM: 4043.86 MB
Available physical RAM: 1713.8 MB
Total Pagefile: 8085.91 MB
Available Pagefile: 5578.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:446.21 GB) (Free:148.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (Recovery) (Fixed) (Total:15.38 GB) (Free:1.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:0.01 GB) FAT32
5 Drive j: () (Removable) (Total:3.73 GB) (Free:2.82 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3823 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 446 GB 200 MB
Partition 3 Primary 15 GB 446 GB
Partition 4 Primary 4063 MB 461 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM NTFS Partition 199 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 446 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D Recovery NTFS Partition 15 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E HP_TOOLS FAT32 Partition 4063 MB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3819 MB 4096 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 J FAT32 Removable 3819 MB Healthy

======================================================================================================

****** End Of Log ******

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:49 PM

Posted 10 April 2012 - 02:28 PM

Hello,


Please run the following.

1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 reikendude

reikendude
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 10 April 2012 - 05:50 PM

TDSS killer didn't seem to find anything. I ran ComboFix and after it supplied the log report and was all finished, I had a strange error where I could not open any program at all. It said that there was an invalid operation on a registry key that was marked for deletion. I restarted my computer again and everything seems to be fine now. I do not have the redirects, but even when I ran the Norton method before it took a little while for the effects of the malware to start showing up again. Here are the log files, I will repost any updates, like if the redirects appear again.

TDSS killer log:
15:47:21.0724 0520 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
15:47:21.0996 0520 ============================================================
15:47:21.0996 0520 Current date / time: 2012/04/10 15:47:21.0996
15:47:21.0996 0520 SystemInfo:
15:47:21.0996 0520
15:47:21.0996 0520 OS Version: 6.1.7601 ServicePack: 1.0
15:47:21.0996 0520 Product type: Workstation
15:47:21.0996 0520 ComputerName: QUINCY
15:47:21.0998 0520 UserName: Kyle
15:47:21.0998 0520 Windows directory: C:\Windows
15:47:21.0998 0520 System windows directory: C:\Windows
15:47:21.0998 0520 Running under WOW64
15:47:21.0998 0520 Processor architecture: Intel x64
15:47:21.0998 0520 Number of processors: 4
15:47:21.0998 0520 Page size: 0x1000
15:47:21.0998 0520 Boot type: Normal boot
15:47:21.0998 0520 ============================================================
15:47:22.0761 0520 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:47:22.0807 0520 Drive \Device\Harddisk1\DR1 - Size: 0xEEF00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:47:22.0809 0520 \Device\Harddisk0\DR0:
15:47:22.0811 0520 MBR used
15:47:22.0811 0520 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
15:47:22.0811 0520 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37C6E000
15:47:22.0811 0520 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x37CD2000, BlocksNum 0x1EC4000
15:47:22.0811 0520 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x39B96000, BlocksNum 0x7EF830
15:47:22.0811 0520 \Device\Harddisk1\DR1:
15:47:22.0812 0520 MBR used
15:47:22.0812 0520 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x775800
15:47:22.0994 0520 Initialize success
15:47:22.0994 0520 ============================================================
15:47:24.0154 4060 ============================================================
15:47:24.0155 4060 Scan started
15:47:24.0155 4060 Mode: Manual;
15:47:24.0155 4060 ============================================================
15:47:25.0036 4060 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:47:25.0041 4060 1394ohci - ok
15:47:25.0258 4060 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:47:25.0263 4060 ACPI - ok
15:47:25.0458 4060 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:47:25.0458 4060 AcpiPmi - ok
15:47:25.0550 4060 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:47:25.0553 4060 adp94xx - ok
15:47:25.0589 4060 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:47:25.0591 4060 adpahci - ok
15:47:25.0618 4060 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:47:25.0620 4060 adpu320 - ok
15:47:25.0658 4060 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:47:25.0659 4060 AeLookupSvc - ok
15:47:25.0770 4060 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:47:25.0773 4060 AFD - ok
15:47:25.0815 4060 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:47:25.0816 4060 agp440 - ok
15:47:25.0893 4060 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:47:25.0894 4060 ALG - ok
15:47:25.0959 4060 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:47:25.0960 4060 aliide - ok
15:47:25.0988 4060 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:47:25.0988 4060 amdide - ok
15:47:26.0093 4060 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:47:26.0095 4060 AmdK8 - ok
15:47:26.0126 4060 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:47:26.0127 4060 AmdPPM - ok
15:47:26.0181 4060 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:47:26.0182 4060 amdsata - ok
15:47:26.0235 4060 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:47:26.0237 4060 amdsbs - ok
15:47:26.0268 4060 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:47:26.0269 4060 amdxata - ok
15:47:26.0385 4060 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:47:26.0387 4060 AppID - ok
15:47:26.0427 4060 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:47:26.0428 4060 AppIDSvc - ok
15:47:26.0515 4060 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:47:26.0516 4060 Appinfo - ok
15:47:26.0605 4060 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:47:26.0606 4060 Apple Mobile Device - ok
15:47:26.0664 4060 Application Updater (efacaab066d923a10435cf87e8c4d280) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
15:47:26.0670 4060 Application Updater - ok
15:47:26.0766 4060 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:47:26.0768 4060 arc - ok
15:47:26.0790 4060 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:47:26.0792 4060 arcsas - ok
15:47:26.0819 4060 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:47:26.0820 4060 AsyncMac - ok
15:47:26.0849 4060 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:47:26.0850 4060 atapi - ok
15:47:26.0899 4060 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:47:26.0906 4060 AudioEndpointBuilder - ok
15:47:26.0943 4060 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:47:26.0949 4060 AudioSrv - ok
15:47:27.0051 4060 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:47:27.0054 4060 AxInstSV - ok
15:47:27.0169 4060 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:47:27.0176 4060 b06bdrv - ok
15:47:27.0270 4060 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:47:27.0275 4060 b57nd60a - ok
15:47:27.0332 4060 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:47:27.0334 4060 BBSvc - ok
15:47:27.0479 4060 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:47:27.0494 4060 BCM43XX - ok
15:47:27.0530 4060 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:47:27.0531 4060 BDESVC - ok
15:47:27.0610 4060 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:47:27.0611 4060 Beep - ok
15:47:27.0738 4060 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:47:27.0751 4060 BFE - ok
15:47:27.0962 4060 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120402.001\BHDrvx64.sys
15:47:27.0975 4060 BHDrvx64 - ok
15:47:28.0052 4060 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:47:28.0064 4060 BITS - ok
15:47:28.0121 4060 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
15:47:28.0122 4060 blbdrive - ok
15:47:28.0197 4060 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:47:28.0201 4060 Bonjour Service - ok
15:47:28.0292 4060 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:47:28.0295 4060 bowser - ok
15:47:28.0338 4060 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:47:28.0339 4060 BrFiltLo - ok
15:47:28.0376 4060 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:47:28.0377 4060 BrFiltUp - ok
15:47:28.0408 4060 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:47:28.0411 4060 Browser - ok
15:47:28.0465 4060 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:47:28.0468 4060 Brserid - ok
15:47:28.0529 4060 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:47:28.0530 4060 BrSerWdm - ok
15:47:28.0608 4060 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:47:28.0609 4060 BrUsbMdm - ok
15:47:28.0647 4060 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:47:28.0648 4060 BrUsbSer - ok
15:47:28.0754 4060 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:47:28.0755 4060 BTHMODEM - ok
15:47:28.0822 4060 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:47:28.0824 4060 bthserv - ok
15:47:28.0888 4060 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:47:28.0889 4060 cdfs - ok
15:47:28.0984 4060 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:47:28.0986 4060 cdrom - ok
15:47:29.0085 4060 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:47:29.0087 4060 CertPropSvc - ok
15:47:29.0160 4060 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:47:29.0161 4060 circlass - ok
15:47:29.0213 4060 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:47:29.0218 4060 CLFS - ok
15:47:29.0279 4060 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:47:29.0281 4060 clr_optimization_v2.0.50727_32 - ok
15:47:29.0339 4060 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:47:29.0341 4060 clr_optimization_v2.0.50727_64 - ok
15:47:29.0500 4060 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:47:29.0503 4060 clr_optimization_v4.0.30319_32 - ok
15:47:29.0548 4060 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:47:29.0551 4060 clr_optimization_v4.0.30319_64 - ok
15:47:29.0645 4060 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
15:47:29.0646 4060 clwvd - ok
15:47:29.0704 4060 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:47:29.0704 4060 CmBatt - ok
15:47:29.0740 4060 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:47:29.0740 4060 cmdide - ok
15:47:29.0800 4060 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:47:29.0804 4060 CNG - ok
15:47:29.0912 4060 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:47:29.0913 4060 Compbatt - ok
15:47:29.0952 4060 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:47:29.0953 4060 CompositeBus - ok
15:47:30.0014 4060 COMSysApp - ok
15:47:30.0077 4060 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:47:30.0078 4060 crcdisk - ok
15:47:30.0168 4060 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:47:30.0172 4060 CryptSvc - ok
15:47:30.0220 4060 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:47:30.0227 4060 DcomLaunch - ok
15:47:30.0293 4060 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:47:30.0299 4060 defragsvc - ok
15:47:30.0348 4060 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:47:30.0350 4060 DfsC - ok
15:47:30.0425 4060 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:47:30.0429 4060 Dhcp - ok
15:47:30.0471 4060 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:47:30.0471 4060 discache - ok
15:47:30.0557 4060 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:47:30.0559 4060 Disk - ok
15:47:30.0588 4060 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:47:30.0590 4060 Dnscache - ok
15:47:30.0682 4060 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:47:30.0685 4060 dot3svc - ok
15:47:30.0809 4060 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
15:47:30.0812 4060 Dot4 - ok
15:47:30.0861 4060 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:47:30.0862 4060 Dot4Print - ok
15:47:30.0969 4060 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
15:47:30.0970 4060 dot4usb - ok
15:47:31.0012 4060 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:47:31.0015 4060 DPS - ok
15:47:31.0063 4060 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:47:31.0064 4060 drmkaud - ok
15:47:31.0143 4060 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:47:31.0153 4060 DXGKrnl - ok
15:47:31.0206 4060 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:47:31.0207 4060 EapHost - ok
15:47:31.0400 4060 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:47:31.0426 4060 ebdrv - ok
15:47:31.0538 4060 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:47:31.0545 4060 eeCtrl - ok
15:47:31.0640 4060 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:47:31.0642 4060 EFS - ok
15:47:31.0711 4060 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:47:31.0720 4060 ehRecvr - ok
15:47:31.0735 4060 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:47:31.0737 4060 ehSched - ok
15:47:31.0860 4060 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
15:47:31.0862 4060 ElbyCDIO - ok
15:47:31.0944 4060 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:47:31.0952 4060 elxstor - ok
15:47:32.0087 4060 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:47:32.0089 4060 EraserUtilRebootDrv - ok
15:47:32.0172 4060 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:47:32.0173 4060 ErrDev - ok
15:47:32.0241 4060 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:47:32.0245 4060 EventSystem - ok
15:47:32.0299 4060 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:47:32.0301 4060 exfat - ok
15:47:32.0372 4060 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:47:32.0374 4060 fastfat - ok
15:47:32.0468 4060 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:47:32.0478 4060 Fax - ok
15:47:32.0550 4060 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:47:32.0551 4060 fdc - ok
15:47:32.0588 4060 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:47:32.0590 4060 fdPHost - ok
15:47:32.0606 4060 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:47:32.0608 4060 FDResPub - ok
15:47:32.0657 4060 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:47:32.0658 4060 FileInfo - ok
15:47:32.0677 4060 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:47:32.0677 4060 Filetrace - ok
15:47:32.0773 4060 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:47:32.0780 4060 FLEXnet Licensing Service - ok
15:47:32.0921 4060 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:47:32.0922 4060 flpydisk - ok
15:47:32.0991 4060 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:47:32.0996 4060 FltMgr - ok
15:47:33.0053 4060 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:47:33.0063 4060 FontCache - ok
15:47:33.0135 4060 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:47:33.0137 4060 FontCache3.0.0.0 - ok
15:47:33.0193 4060 FPLService (26065327bb2aa358140381fc76520908) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
15:47:33.0199 4060 FPLService - ok
15:47:33.0276 4060 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:47:33.0279 4060 FsDepends - ok
15:47:33.0298 4060 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:47:33.0299 4060 Fs_Rec - ok
15:47:33.0332 4060 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:47:33.0334 4060 fvevol - ok
15:47:33.0388 4060 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:47:33.0390 4060 gagp30kx - ok
15:47:33.0470 4060 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
15:47:33.0474 4060 GamesAppService - ok
15:47:33.0581 4060 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:47:33.0582 4060 GEARAspiWDM - ok
15:47:33.0634 4060 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:47:33.0643 4060 gpsvc - ok
15:47:33.0715 4060 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
15:47:33.0716 4060 hamachi - ok
15:47:33.0869 4060 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
15:47:33.0885 4060 Hamachi2Svc - ok
15:47:33.0971 4060 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:47:33.0971 4060 hcw85cir - ok
15:47:34.0020 4060 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:47:34.0023 4060 HdAudAddService - ok
15:47:34.0103 4060 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:47:34.0106 4060 HDAudBus - ok
15:47:34.0140 4060 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:47:34.0141 4060 HidBatt - ok
15:47:34.0213 4060 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:47:34.0215 4060 HidBth - ok
15:47:34.0340 4060 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:47:34.0342 4060 HidIr - ok
15:47:34.0393 4060 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:47:34.0396 4060 hidserv - ok
15:47:34.0517 4060 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:47:34.0519 4060 HidUsb - ok
15:47:34.0553 4060 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:47:34.0557 4060 hkmsvc - ok
15:47:34.0585 4060 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:47:34.0592 4060 HomeGroupListener - ok
15:47:34.0629 4060 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:47:34.0632 4060 HomeGroupProvider - ok
15:47:34.0749 4060 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
15:47:34.0750 4060 HP Support Assistant Service - ok
15:47:34.0802 4060 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
15:47:34.0806 4060 HPClientSvc - ok
15:47:34.0876 4060 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:47:34.0880 4060 HPDrvMntSvc.exe - ok
15:47:34.0960 4060 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
15:47:34.0973 4060 hpqwmiex - ok
15:47:35.0079 4060 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:47:35.0081 4060 HpSAMD - ok
15:47:35.0160 4060 HPWMISVC (77c15d7e8f002a173eebff0b20cd697d) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
15:47:35.0161 4060 HPWMISVC - ok
15:47:35.0269 4060 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:47:35.0283 4060 HTTP - ok
15:47:35.0327 4060 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:47:35.0328 4060 hwpolicy - ok
15:47:35.0364 4060 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:47:35.0366 4060 i8042prt - ok
15:47:35.0424 4060 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\DRIVERS\iaStor.sys
15:47:35.0430 4060 iaStor - ok
15:47:35.0530 4060 IAStorDataMgrSvc (e79a8e33bd136d14bae1fa20eb2ef124) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
15:47:35.0531 4060 IAStorDataMgrSvc - ok
15:47:35.0649 4060 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:47:35.0655 4060 iaStorV - ok
15:47:35.0813 4060 IconMan_R (d3090576412ec63e0c6271d8b0974d73) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
15:47:35.0837 4060 IconMan_R - ok
15:47:35.0942 4060 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:47:35.0953 4060 idsvc - ok
15:47:36.0144 4060 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120406.003\IDSvia64.sys
15:47:36.0150 4060 IDSVia64 - ok
15:47:36.0532 4060 igfx (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:47:36.0607 4060 igfx - ok
15:47:36.0680 4060 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:47:36.0682 4060 iirsp - ok
15:47:36.0732 4060 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:47:36.0741 4060 IKEEXT - ok
15:47:36.0797 4060 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:47:36.0799 4060 IntcDAud - ok
15:47:36.0823 4060 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:47:36.0824 4060 intelide - ok
15:47:36.0857 4060 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:47:36.0858 4060 intelppm - ok
15:47:36.0878 4060 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:47:36.0880 4060 IPBusEnum - ok
15:47:36.0920 4060 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:47:36.0921 4060 IpFilterDriver - ok
15:47:36.0957 4060 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:47:36.0962 4060 iphlpsvc - ok
15:47:37.0020 4060 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:47:37.0021 4060 IPMIDRV - ok
15:47:37.0095 4060 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:47:37.0096 4060 IPNAT - ok
15:47:37.0200 4060 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
15:47:37.0206 4060 iPod Service - ok
15:47:37.0286 4060 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:47:37.0286 4060 IRENUM - ok
15:47:37.0317 4060 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:47:37.0318 4060 isapnp - ok
15:47:37.0339 4060 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:47:37.0341 4060 iScsiPrt - ok
15:47:37.0413 4060 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
15:47:37.0415 4060 jhi_service - ok
15:47:37.0509 4060 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:47:37.0510 4060 kbdclass - ok
15:47:37.0551 4060 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:47:37.0552 4060 kbdhid - ok
15:47:37.0605 4060 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:47:37.0606 4060 KeyIso - ok
15:47:37.0661 4060 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:47:37.0663 4060 KSecDD - ok
15:47:37.0717 4060 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:47:37.0718 4060 KSecPkg - ok
15:47:37.0748 4060 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:47:37.0749 4060 ksthunk - ok
15:47:37.0789 4060 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:47:37.0793 4060 KtmRm - ok
15:47:37.0846 4060 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:47:37.0850 4060 LanmanServer - ok
15:47:37.0889 4060 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:47:37.0892 4060 LanmanWorkstation - ok
15:47:37.0951 4060 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:47:37.0952 4060 lltdio - ok
15:47:37.0998 4060 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:47:38.0002 4060 lltdsvc - ok
15:47:38.0025 4060 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:47:38.0027 4060 lmhosts - ok
15:47:38.0108 4060 LMS (d75c4b4a8fe6d7fd74a7eecdbaec729f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:47:38.0112 4060 LMS - ok
15:47:38.0199 4060 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:47:38.0201 4060 LSI_FC - ok
15:47:38.0237 4060 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:47:38.0239 4060 LSI_SAS - ok
15:47:38.0264 4060 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:47:38.0265 4060 LSI_SAS2 - ok
15:47:38.0310 4060 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:47:38.0311 4060 LSI_SCSI - ok
15:47:38.0337 4060 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:47:38.0338 4060 luafv - ok
15:47:38.0410 4060 lxdcCATSCustConnectService (7e3198b66bdaea4db49c99d19ec6bc5a) C:\Windows\system32\spool\DRIVERS\x64\3\\lxdcserv.exe
15:47:38.0412 4060 lxdcCATSCustConnectService - ok
15:47:38.0435 4060 lxdc_device - ok
15:47:38.0468 4060 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:47:38.0471 4060 Mcx2Svc - ok
15:47:38.0509 4060 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:47:38.0510 4060 megasas - ok
15:47:38.0560 4060 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:47:38.0562 4060 MegaSR - ok
15:47:38.0596 4060 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
15:47:38.0597 4060 MEIx64 - ok
15:47:38.0653 4060 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:47:38.0654 4060 MMCSS - ok
15:47:38.0687 4060 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:47:38.0687 4060 Modem - ok
15:47:38.0724 4060 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:47:38.0724 4060 monitor - ok
15:47:38.0786 4060 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:47:38.0787 4060 mouclass - ok
15:47:38.0850 4060 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:47:38.0851 4060 mouhid - ok
15:47:38.0918 4060 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:47:38.0920 4060 mountmgr - ok
15:47:38.0953 4060 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:47:38.0955 4060 mpio - ok
15:47:38.0979 4060 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:47:38.0980 4060 mpsdrv - ok
15:47:39.0027 4060 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:47:39.0034 4060 MpsSvc - ok
15:47:39.0083 4060 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:47:39.0085 4060 MRxDAV - ok
15:47:39.0110 4060 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:47:39.0111 4060 mrxsmb - ok
15:47:39.0170 4060 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:47:39.0173 4060 mrxsmb10 - ok
15:47:39.0191 4060 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:47:39.0192 4060 mrxsmb20 - ok
15:47:39.0225 4060 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:47:39.0225 4060 msahci - ok
15:47:39.0263 4060 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:47:39.0264 4060 msdsm - ok
15:47:39.0296 4060 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:47:39.0298 4060 MSDTC - ok
15:47:39.0334 4060 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:47:39.0335 4060 Msfs - ok
15:47:39.0356 4060 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:47:39.0357 4060 mshidkmdf - ok
15:47:39.0389 4060 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:47:39.0390 4060 msisadrv - ok
15:47:39.0434 4060 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:47:39.0437 4060 MSiSCSI - ok
15:47:39.0449 4060 msiserver - ok
15:47:39.0500 4060 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:47:39.0500 4060 MSKSSRV - ok
15:47:39.0527 4060 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:47:39.0528 4060 MSPCLOCK - ok
15:47:39.0545 4060 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:47:39.0546 4060 MSPQM - ok
15:47:39.0583 4060 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:47:39.0587 4060 MsRPC - ok
15:47:39.0627 4060 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:47:39.0628 4060 mssmbios - ok
15:47:39.0693 4060 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:47:39.0694 4060 MSTEE - ok
15:47:39.0714 4060 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:47:39.0714 4060 MTConfig - ok
15:47:39.0748 4060 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:47:39.0749 4060 Mup - ok
15:47:39.0865 4060 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
15:47:39.0867 4060 N360 - ok
15:47:39.0947 4060 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:47:39.0958 4060 napagent - ok
15:47:40.0025 4060 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:47:40.0028 4060 NativeWifiP - ok
15:47:40.0207 4060 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120410.003\ENG64.SYS
15:47:40.0209 4060 NAVENG - ok
15:47:40.0470 4060 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120410.003\EX64.SYS
15:47:40.0491 4060 NAVEX15 - ok
15:47:40.0636 4060 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
15:47:40.0647 4060 NDIS - ok
15:47:40.0698 4060 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:47:40.0699 4060 NdisCap - ok
15:47:40.0726 4060 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:47:40.0727 4060 NdisTapi - ok
15:47:40.0751 4060 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:47:40.0752 4060 Ndisuio - ok
15:47:40.0780 4060 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:47:40.0782 4060 NdisWan - ok
15:47:40.0805 4060 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:47:40.0806 4060 NDProxy - ok
15:47:40.0867 4060 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
15:47:40.0869 4060 Net Driver HPZ12 - ok
15:47:40.0923 4060 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:47:40.0924 4060 NetBIOS - ok
15:47:40.0948 4060 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:47:40.0951 4060 NetBT - ok
15:47:40.0994 4060 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:47:40.0997 4060 Netlogon - ok
15:47:41.0099 4060 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:47:41.0107 4060 Netman - ok
15:47:41.0138 4060 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:47:41.0144 4060 netprofm - ok
15:47:41.0288 4060 netr28x (2f06e01de7a3e366185e65c41c9debf7) C:\Windows\system32\DRIVERS\netr28x.sys
15:47:41.0305 4060 netr28x - ok
15:47:41.0391 4060 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:47:41.0393 4060 NetTcpPortSharing - ok
15:47:41.0461 4060 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:47:41.0462 4060 nfrd960 - ok
15:47:41.0524 4060 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:47:41.0529 4060 NlaSvc - ok
15:47:41.0567 4060 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:47:41.0568 4060 Npfs - ok
15:47:41.0588 4060 npggsvc - ok
15:47:41.0602 4060 NPPTNT2 - ok
15:47:41.0639 4060 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:47:41.0641 4060 nsi - ok
15:47:41.0667 4060 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:47:41.0668 4060 nsiproxy - ok
15:47:41.0733 4060 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:47:41.0744 4060 Ntfs - ok
15:47:41.0775 4060 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:47:41.0776 4060 Null - ok
15:47:41.0808 4060 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
15:47:41.0811 4060 NVENETFD - ok
15:47:41.0848 4060 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:47:41.0849 4060 nvraid - ok
15:47:41.0873 4060 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:47:41.0875 4060 nvstor - ok
15:47:41.0982 4060 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:47:41.0985 4060 nv_agp - ok
15:47:42.0020 4060 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:47:42.0021 4060 ohci1394 - ok
15:47:42.0064 4060 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:47:42.0070 4060 p2pimsvc - ok
15:47:42.0104 4060 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:47:42.0110 4060 p2psvc - ok
15:47:42.0165 4060 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:47:42.0167 4060 Parport - ok
15:47:42.0198 4060 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:47:42.0199 4060 partmgr - ok
15:47:42.0239 4060 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:47:42.0243 4060 PcaSvc - ok
15:47:42.0407 4060 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:47:42.0408 4060 pci - ok
15:47:42.0442 4060 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:47:42.0443 4060 pciide - ok
15:47:42.0472 4060 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:47:42.0474 4060 pcmcia - ok
15:47:42.0507 4060 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:47:42.0507 4060 pcw - ok
15:47:42.0556 4060 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:47:42.0561 4060 PEAUTH - ok
15:47:42.0624 4060 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:47:42.0625 4060 PerfHost - ok
15:47:42.0710 4060 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:47:42.0723 4060 pla - ok
15:47:42.0803 4060 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:47:42.0812 4060 PlugPlay - ok
15:47:42.0877 4060 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
15:47:42.0879 4060 Pml Driver HPZ12 - ok
15:47:42.0909 4060 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:47:42.0912 4060 PNRPAutoReg - ok
15:47:42.0933 4060 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:47:42.0937 4060 PNRPsvc - ok
15:47:42.0976 4060 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:47:42.0980 4060 PolicyAgent - ok
15:47:43.0013 4060 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:47:43.0015 4060 Power - ok
15:47:43.0053 4060 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:47:43.0054 4060 PptpMiniport - ok
15:47:43.0094 4060 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:47:43.0095 4060 Processor - ok
15:47:43.0172 4060 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:47:43.0175 4060 ProfSvc - ok
15:47:43.0228 4060 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:47:43.0229 4060 ProtectedStorage - ok
15:47:43.0277 4060 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:47:43.0279 4060 Psched - ok
15:47:43.0335 4060 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:47:43.0347 4060 ql2300 - ok
15:47:43.0413 4060 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:47:43.0414 4060 ql40xx - ok
15:47:43.0460 4060 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:47:43.0464 4060 QWAVE - ok
15:47:43.0498 4060 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:47:43.0498 4060 QWAVEdrv - ok
15:47:43.0529 4060 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:47:43.0530 4060 RasAcd - ok
15:47:43.0558 4060 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:47:43.0558 4060 RasAgileVpn - ok
15:47:43.0589 4060 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:47:43.0591 4060 RasAuto - ok
15:47:43.0631 4060 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:47:43.0632 4060 Rasl2tp - ok
15:47:43.0655 4060 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:47:43.0659 4060 RasMan - ok
15:47:43.0683 4060 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:47:43.0684 4060 RasPppoe - ok
15:47:43.0702 4060 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:47:43.0703 4060 RasSstp - ok
15:47:43.0728 4060 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:47:43.0731 4060 rdbss - ok
15:47:43.0755 4060 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
15:47:43.0756 4060 rdpbus - ok
15:47:43.0793 4060 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:47:43.0794 4060 RDPCDD - ok
15:47:43.0853 4060 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:47:43.0853 4060 RDPENCDD - ok
15:47:43.0881 4060 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:47:43.0882 4060 RDPREFMP - ok
15:47:43.0929 4060 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:47:43.0933 4060 RDPWD - ok
15:47:43.0965 4060 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:47:43.0967 4060 rdyboost - ok
15:47:43.0995 4060 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:47:43.0997 4060 RemoteAccess - ok
15:47:44.0033 4060 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:47:44.0036 4060 RemoteRegistry - ok
15:47:44.0114 4060 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
15:47:44.0118 4060 RoxioNow Service - ok
15:47:44.0194 4060 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:47:44.0198 4060 RpcEptMapper - ok
15:47:44.0228 4060 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:47:44.0230 4060 RpcLocator - ok
15:47:44.0263 4060 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:47:44.0269 4060 RpcSs - ok
15:47:44.0321 4060 RSPCIESTOR (6e5c3d18c3bcc72aa527dbc5fa61ab8f) C:\Windows\system32\DRIVERS\RtsPStor.sys
15:47:44.0324 4060 RSPCIESTOR - ok
15:47:44.0351 4060 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:47:44.0352 4060 rspndr - ok
15:47:44.0433 4060 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:47:44.0439 4060 RTL8167 - ok
15:47:44.0493 4060 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:47:44.0495 4060 SamSs - ok
15:47:44.0534 4060 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:47:44.0536 4060 sbp2port - ok
15:47:44.0576 4060 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:47:44.0580 4060 SCardSvr - ok
15:47:44.0603 4060 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:47:44.0604 4060 scfilter - ok
15:47:44.0650 4060 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:47:44.0658 4060 Schedule - ok
15:47:44.0678 4060 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:47:44.0679 4060 SCPolicySvc - ok
15:47:44.0733 4060 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
15:47:44.0734 4060 sdbus - ok
15:47:44.0765 4060 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:47:44.0768 4060 SDRSVC - ok
15:47:44.0815 4060 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:47:44.0817 4060 SeaPort - ok
15:47:44.0912 4060 SecDrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\SECDRV.SYS
15:47:44.0914 4060 SecDrv - ok
15:47:44.0952 4060 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:47:44.0955 4060 seclogon - ok
15:47:44.0980 4060 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:47:44.0983 4060 SENS - ok
15:47:45.0024 4060 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:47:45.0027 4060 SensrSvc - ok
15:47:45.0135 4060 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:47:45.0136 4060 Serenum - ok
15:47:45.0167 4060 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:47:45.0168 4060 Serial - ok
15:47:45.0209 4060 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:47:45.0210 4060 sermouse - ok
15:47:45.0255 4060 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:47:45.0258 4060 SessionEnv - ok
15:47:45.0296 4060 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:47:45.0297 4060 sffdisk - ok
15:47:45.0329 4060 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:47:45.0329 4060 sffp_mmc - ok
15:47:45.0354 4060 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:47:45.0355 4060 sffp_sd - ok
15:47:45.0399 4060 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:47:45.0400 4060 sfloppy - ok
15:47:45.0455 4060 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:47:45.0459 4060 SharedAccess - ok
15:47:45.0499 4060 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:47:45.0503 4060 ShellHWDetection - ok
15:47:45.0591 4060 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:47:45.0592 4060 SiSRaid2 - ok
15:47:45.0634 4060 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:47:45.0635 4060 SiSRaid4 - ok
15:47:45.0708 4060 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:47:45.0709 4060 Smb - ok
15:47:45.0772 4060 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:47:45.0774 4060 SNMPTRAP - ok
15:47:45.0823 4060 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:47:45.0824 4060 spldr - ok
15:47:45.0866 4060 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:47:45.0871 4060 Spooler - ok
15:47:45.0955 4060 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:47:45.0978 4060 sppsvc - ok
15:47:46.0010 4060 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:47:46.0012 4060 sppuinotify - ok
15:47:46.0150 4060 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502010.003\SRTSP64.SYS
15:47:46.0159 4060 SRTSP - ok
15:47:46.0229 4060 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502010.003\SRTSPX64.SYS
15:47:46.0230 4060 SRTSPX - ok
15:47:46.0285 4060 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:47:46.0290 4060 srv - ok
15:47:46.0319 4060 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:47:46.0322 4060 srv2 - ok
15:47:46.0385 4060 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:47:46.0388 4060 SrvHsfHDA - ok
15:47:46.0434 4060 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:47:46.0447 4060 SrvHsfV92 - ok
15:47:46.0502 4060 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:47:46.0506 4060 SrvHsfWinac - ok
15:47:46.0541 4060 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:47:46.0543 4060 srvnet - ok
15:47:46.0603 4060 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:47:46.0606 4060 SSDPSRV - ok
15:47:46.0629 4060 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:47:46.0632 4060 SstpSvc - ok
15:47:46.0725 4060 STacSV (7bf818b11c1fedc3e76d233124470a30) C:\Program Files\IDT\WDM\STacSV64.exe
15:47:46.0731 4060 STacSV - ok
15:47:46.0789 4060 Steam Client Service - ok
15:47:46.0877 4060 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:47:46.0878 4060 stexstor - ok
15:47:46.0930 4060 STHDA (ebc1a5e076a9be314d3d9e8ed19abb0a) C:\Windows\system32\DRIVERS\stwrt64.sys
15:47:46.0936 4060 STHDA - ok
15:47:46.0984 4060 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:47:46.0992 4060 stisvc - ok
15:47:47.0025 4060 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:47:47.0025 4060 swenum - ok
15:47:47.0085 4060 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:47:47.0093 4060 swprv - ok
15:47:47.0189 4060 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS
15:47:47.0200 4060 SymDS - ok
15:47:47.0370 4060 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS
15:47:47.0381 4060 SymEFA - ok
15:47:47.0494 4060 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:47:47.0498 4060 SymEvent - ok
15:47:47.0611 4060 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS
15:47:47.0614 4060 SymIRON - ok
15:47:47.0778 4060 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS
15:47:47.0785 4060 SymNetS - ok
15:47:47.0904 4060 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys
15:47:47.0917 4060 SynTP - ok
15:47:47.0986 4060 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:47:47.0998 4060 SysMain - ok
15:47:48.0021 4060 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:47:48.0023 4060 TabletInputService - ok
15:47:48.0053 4060 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:47:48.0056 4060 TapiSrv - ok
15:47:48.0088 4060 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:47:48.0090 4060 TBS - ok
15:47:48.0187 4060 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:47:48.0201 4060 Tcpip - ok
15:47:48.0316 4060 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:47:48.0339 4060 TCPIP6 - ok
15:47:48.0400 4060 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:47:48.0401 4060 tcpipreg - ok
15:47:48.0425 4060 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:47:48.0426 4060 TDPIPE - ok
15:47:48.0477 4060 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:47:48.0478 4060 TDTCP - ok
15:47:48.0562 4060 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:47:48.0565 4060 tdx - ok
15:47:48.0606 4060 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:47:48.0608 4060 TermDD - ok
15:47:48.0658 4060 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:47:48.0666 4060 TermService - ok
15:47:48.0686 4060 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:47:48.0689 4060 Themes - ok
15:47:48.0732 4060 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:47:48.0734 4060 THREADORDER - ok
15:47:48.0778 4060 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:47:48.0780 4060 TrkWks - ok
15:47:48.0832 4060 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:47:48.0833 4060 TrustedInstaller - ok
15:47:48.0892 4060 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:47:48.0893 4060 tssecsrv - ok
15:47:48.0939 4060 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:47:48.0940 4060 TsUsbFlt - ok
15:47:48.0987 4060 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:47:48.0987 4060 TsUsbGD - ok
15:47:49.0067 4060 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:47:49.0069 4060 tunnel - ok
15:47:49.0110 4060 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:47:49.0111 4060 uagp35 - ok
15:47:49.0143 4060 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:47:49.0146 4060 udfs - ok
15:47:49.0177 4060 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:47:49.0180 4060 UI0Detect - ok
15:47:49.0233 4060 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:47:49.0234 4060 uliagpkx - ok
15:47:49.0301 4060 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:47:49.0303 4060 umbus - ok
15:47:49.0329 4060 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:47:49.0330 4060 UmPass - ok
15:47:49.0463 4060 UNS (758c2ce427c343f780a205e28555c98d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:47:49.0482 4060 UNS - ok
15:47:49.0565 4060 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:47:49.0569 4060 upnphost - ok
15:47:49.0637 4060 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
15:47:49.0638 4060 USBAAPL64 - ok
15:47:49.0694 4060 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:47:49.0695 4060 usbccgp - ok
15:47:49.0766 4060 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:47:49.0768 4060 usbcir - ok
15:47:49.0795 4060 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:47:49.0796 4060 usbehci - ok
15:47:49.0895 4060 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:47:49.0901 4060 usbhub - ok
15:47:49.0941 4060 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:47:49.0943 4060 usbohci - ok
15:47:50.0013 4060 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:47:50.0014 4060 usbprint - ok
15:47:50.0090 4060 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:47:50.0091 4060 usbscan - ok
15:47:50.0132 4060 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:47:50.0133 4060 USBSTOR - ok
15:47:50.0171 4060 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:47:50.0172 4060 usbuhci - ok
15:47:50.0259 4060 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:47:50.0261 4060 usbvideo - ok
15:47:50.0297 4060 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:47:50.0299 4060 UxSms - ok
15:47:50.0347 4060 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:47:50.0349 4060 VaultSvc - ok
15:47:50.0436 4060 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
15:47:50.0438 4060 VClone - ok
15:47:50.0465 4060 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:47:50.0466 4060 vdrvroot - ok
15:47:50.0540 4060 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:47:50.0546 4060 vds - ok
15:47:50.0600 4060 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:47:50.0601 4060 vga - ok
15:47:50.0627 4060 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:47:50.0628 4060 VgaSave - ok
15:47:50.0662 4060 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:47:50.0664 4060 vhdmp - ok
15:47:50.0692 4060 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:47:50.0693 4060 viaide - ok
15:47:50.0724 4060 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:47:50.0726 4060 volmgr - ok
15:47:50.0771 4060 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:47:50.0774 4060 volmgrx - ok
15:47:50.0811 4060 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:47:50.0814 4060 volsnap - ok
15:47:50.0916 4060 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:47:50.0919 4060 vsmraid - ok
15:47:50.0990 4060 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:47:51.0011 4060 VSS - ok
15:47:51.0050 4060 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:47:51.0050 4060 vwifibus - ok
15:47:51.0067 4060 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:47:51.0068 4060 vwififlt - ok
15:47:51.0100 4060 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:47:51.0104 4060 W32Time - ok
15:47:51.0152 4060 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:47:51.0153 4060 WacomPen - ok
15:47:51.0242 4060 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:47:51.0243 4060 WANARP - ok
15:47:51.0261 4060 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:47:51.0262 4060 Wanarpv6 - ok
15:47:51.0370 4060 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:47:51.0378 4060 WatAdminSvc - ok
15:47:51.0465 4060 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:47:51.0475 4060 wbengine - ok
15:47:51.0537 4060 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:47:51.0540 4060 WbioSrvc - ok
15:47:51.0565 4060 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:47:51.0569 4060 wcncsvc - ok
15:47:51.0586 4060 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:47:51.0589 4060 WcsPlugInService - ok
15:47:51.0638 4060 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:47:51.0638 4060 Wd - ok
15:47:51.0681 4060 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:47:51.0686 4060 Wdf01000 - ok
15:47:51.0711 4060 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:47:51.0714 4060 WdiServiceHost - ok
15:47:51.0720 4060 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:47:51.0722 4060 WdiSystemHost - ok
15:47:51.0749 4060 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:47:51.0753 4060 WebClient - ok
15:47:51.0794 4060 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:47:51.0797 4060 Wecsvc - ok
15:47:51.0840 4060 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:47:51.0843 4060 wercplsupport - ok
15:47:51.0888 4060 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:47:51.0890 4060 WerSvc - ok
15:47:51.0926 4060 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:47:51.0927 4060 WfpLwf - ok
15:47:51.0949 4060 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:47:51.0949 4060 WIMMount - ok
15:47:51.0974 4060 WinDefend - ok
15:47:51.0985 4060 WinHttpAutoProxySvc - ok
15:47:52.0074 4060 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:47:52.0076 4060 Winmgmt - ok
15:47:52.0145 4060 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:47:52.0160 4060 WinRM - ok
15:47:52.0236 4060 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:47:52.0236 4060 WinUsb - ok
15:47:52.0333 4060 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:47:52.0344 4060 Wlansvc - ok
15:47:52.0417 4060 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:47:52.0418 4060 wlcrasvc - ok
15:47:52.0576 4060 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:47:52.0599 4060 wlidsvc - ok
15:47:52.0691 4060 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:47:52.0693 4060 WmiAcpi - ok
15:47:52.0765 4060 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:47:52.0767 4060 wmiApSrv - ok
15:47:52.0805 4060 WMPNetworkSvc - ok
15:47:52.0880 4060 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:47:52.0883 4060 WPCSvc - ok
15:47:52.0913 4060 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:47:52.0916 4060 WPDBusEnum - ok
15:47:52.0957 4060 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:47:52.0958 4060 ws2ifsl - ok
15:47:52.0996 4060 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:47:52.0999 4060 wscsvc - ok
15:47:53.0007 4060 WSearch - ok
15:47:53.0084 4060 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:47:53.0101 4060 wuauserv - ok
15:47:53.0157 4060 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:47:53.0159 4060 WudfPf - ok
15:47:53.0204 4060 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:47:53.0206 4060 WUDFRd - ok
15:47:53.0234 4060 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:47:53.0236 4060 wudfsvc - ok
15:47:53.0268 4060 WwanSvc (ce8cf9de9cbfdaa318bd04d8be3fcada) C:\Windows\System32\wwansvc.dll
15:47:53.0271 4060 WwanSvc - ok
15:47:53.0360 4060 X6va005 - ok
15:47:53.0413 4060 X6va006 - ok
15:47:53.0514 4060 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
15:47:53.0515 4060 xusb21 - ok
15:47:53.0552 4060 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:47:53.0652 4060 \Device\Harddisk0\DR0 - ok
15:47:53.0658 4060 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
15:47:53.0661 4060 \Device\Harddisk1\DR1 - ok
15:47:53.0674 4060 Boot (0x1200) (72d041b714864eb91835a84f12a9379d) \Device\Harddisk0\DR0\Partition0
15:47:53.0677 4060 \Device\Harddisk0\DR0\Partition0 - ok
15:47:53.0682 4060 Boot (0x1200) (9f0211928aa3ea36458dd0d371faa251) \Device\Harddisk0\DR0\Partition1
15:47:53.0684 4060 \Device\Harddisk0\DR0\Partition1 - ok
15:47:53.0719 4060 Boot (0x1200) (0aaac348775a76669cad82f665aa7be1) \Device\Harddisk0\DR0\Partition2
15:47:53.0724 4060 \Device\Harddisk0\DR0\Partition2 - ok
15:47:53.0773 4060 Boot (0x1200) (9f72307184e1a12e6562ba062ec9e62f) \Device\Harddisk0\DR0\Partition3
15:47:53.0774 4060 \Device\Harddisk0\DR0\Partition3 - ok
15:47:53.0778 4060 Boot (0x1200) (12ea2d13400874d1fba6d7393f1cf0e2) \Device\Harddisk1\DR1\Partition0
15:47:53.0778 4060 \Device\Harddisk1\DR1\Partition0 - ok
15:47:53.0779 4060 ============================================================
15:47:53.0779 4060 Scan finished
15:47:53.0779 4060 ============================================================
15:47:53.0793 4592 Detected object count: 0
15:47:53.0793 4592 Actual detected object count: 0
15:47:57.0190 1200 Deinitialize success

ComboFix log:
ComboFix 12-04-10.02 - Kyle 04/10/2012 17:16:30.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2709 [GMT -5:00]
Running from: c:\users\Kyle\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Dealio Toolbar
c:\program files (x86)\Dealio Toolbar\FF\chrome.manifest
c:\program files (x86)\Dealio Toolbar\FF\chrome\chrome.jar
c:\program files (x86)\Dealio Toolbar\FF\install.rdf
c:\program files (x86)\Dealio Toolbar\IE\5.2\config.ini
c:\program files (x86)\Dealio Toolbar\IE\5.2\dealioToolbarIE.dll
c:\program files (x86)\Dealio Toolbar\Res\amazon.gif
c:\program files (x86)\Dealio Toolbar\Res\apple.gif
c:\program files (x86)\Dealio Toolbar\Res\barnes.gif
c:\program files (x86)\Dealio Toolbar\Res\bestbuy.gif
c:\program files (x86)\Dealio Toolbar\Res\dealio_logo.gif
c:\program files (x86)\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files (x86)\Dealio Toolbar\Res\ebay.gif
c:\program files (x86)\Dealio Toolbar\Res\facebook.gif
c:\program files (x86)\Dealio Toolbar\Res\googleplus.gif
c:\program files (x86)\Dealio Toolbar\Res\icon_settings.gif
c:\program files (x86)\Dealio Toolbar\Res\Lang\res1031.ini
c:\program files (x86)\Dealio Toolbar\Res\Lang\res1033.ini
c:\program files (x86)\Dealio Toolbar\Res\Lang\res1034.ini
c:\program files (x86)\Dealio Toolbar\Res\Lang\res1036.ini
c:\program files (x86)\Dealio Toolbar\Res\Lang\res1040.ini
c:\program files (x86)\Dealio Toolbar\Res\macys.gif
c:\program files (x86)\Dealio Toolbar\Res\newegg.gif
c:\program files (x86)\Dealio Toolbar\Res\overstock.gif
c:\program files (x86)\Dealio Toolbar\Res\radio-close.gif
c:\program files (x86)\Dealio Toolbar\Res\radio-minimize.gif
c:\program files (x86)\Dealio Toolbar\Res\radiobeta.gif
c:\program files (x86)\Dealio Toolbar\Res\search-button-hover.gif
c:\program files (x86)\Dealio Toolbar\Res\search-button.gif
c:\program files (x86)\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files (x86)\Dealio Toolbar\Res\search-chevron.gif
c:\program files (x86)\Dealio Toolbar\Res\search_amazon.gif
c:\program files (x86)\Dealio Toolbar\Res\search_baidu.gif
c:\program files (x86)\Dealio Toolbar\Res\search_dealio.gif
c:\program files (x86)\Dealio Toolbar\Res\search_ebay.gif
c:\program files (x86)\Dealio Toolbar\Res\search_yahoo.gif
c:\program files (x86)\Dealio Toolbar\Res\search_yandex.gif
c:\program files (x86)\Dealio Toolbar\Res\target.gif
c:\program files (x86)\Dealio Toolbar\Res\twitter.gif
c:\program files (x86)\Dealio Toolbar\Res\walmart.gif
c:\program files (x86)\Dealio Toolbar\Res\widgets.xml
c:\program files (x86)\Dealio Toolbar\WidgiHelper.exe
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.dat
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico
c:\windows\svchost.exe
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))
.
.
2012-04-10 22:28 . 2012-04-10 22:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-10 01:40 . 2011-05-06 06:01 1658368 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM.dll
2012-04-09 03:32 . 2012-04-09 03:32 -------- d-----w- c:\program files (x86)\Application Updater
2012-04-09 03:32 . 2012-04-09 03:32 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-04-09 03:32 . 2012-04-09 03:40 -------- d-----w- c:\users\Kyle\AppData\Local\NPE
2012-04-09 03:25 . 2012-04-09 03:25 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-04-03 23:23 . 2012-04-06 05:20 -------- d-----w- c:\windows\system32\drivers\N360x64\0502010.003
2012-04-01 00:22 . 2012-04-06 05:18 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-04-01 00:22 . 2012-04-06 05:20 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-03-31 20:09 . 2012-03-31 20:09 -------- d-----w- c:\users\Kyle\AppData\Roaming\digipen
2012-03-31 20:09 . 2012-03-31 20:09 -------- d-----w- c:\users\Kyle\AppData\Local\digipen
2012-03-31 20:04 . 2012-04-06 05:18 -------- d-----w- c:\program files (x86)\Digipen
2012-03-31 01:26 . 2012-03-31 01:27 -------- d-----w- c:\users\Kyle\AppData\Roaming\Beat Hazard
2012-03-25 09:27 . 2012-03-25 09:27 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-03-25 09:27 . 2012-03-25 09:27 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-03-25 09:26 . 2012-03-25 09:26 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-03-25 09:26 . 2012-03-25 09:26 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-03-25 09:26 . 2012-03-25 09:26 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-03-25 09:26 . 2012-03-25 09:26 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2012-03-25 09:26 . 2012-03-25 09:26 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-03-25 09:26 . 2012-03-25 09:26 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-03-25 09:23 . 2012-01-12 16:23 -------- d-----w- c:\windows\ehome
2012-03-25 09:23 . 2012-03-25 09:23 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2012-03-25 09:23 . 2012-03-25 09:23 -------- d-----r- c:\users\Public\Recorded TV
2012-03-25 08:57 . 2012-03-25 08:57 -------- d-----w- c:\programdata\Synaptics
2012-03-25 08:57 . 2012-03-25 08:57 -------- d-----w- c:\programdata\Intel
2012-03-25 08:50 . 2012-03-25 08:50 -------- d-----w- c:\users\Public\Symantec
2012-03-25 08:50 . 2012-03-25 08:50 -------- d-----w- c:\program files (x86)\SymSilent
2012-03-25 08:50 . 2012-03-25 08:50 -------- d-----w- c:\program files (x86)\Microsoft
2012-03-25 08:46 . 2012-03-25 08:46 -------- d-----w- c:\program files (x86)\HP SimplePass 2011
2012-03-25 08:45 . 2012-03-25 08:45 -------- d-----w- c:\program files\Common Files\AuthenTec
2012-03-25 08:45 . 2012-03-25 08:45 -------- d-----w- c:\program files (x86)\Common Files\AuthenTec
2012-03-25 08:45 . 2012-03-25 08:46 -------- d-----w- c:\programdata\Downloaded Installations
2012-03-25 08:45 . 2012-04-09 03:32 -------- d-----w- c:\programdata\Norton
2012-03-25 08:43 . 2012-03-25 08:43 -------- d-----w- c:\program files (x86)\CyberLink
2012-03-25 08:43 . 2012-03-25 08:43 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-03-25 08:42 . 2011-10-26 02:58 -------- d-----r- c:\program files\Online Services
2012-03-25 08:39 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-03-25 08:39 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2012-03-25 08:38 . 2011-11-27 19:13 -------- d-----w- c:\program files\Symantec
2012-03-25 08:36 . 2012-03-25 08:42 -------- d-----w- c:\windows\Hewlett-Packard
2012-03-25 08:36 . 2011-11-15 04:53 1813056 ----a-w- c:\windows\system32\drivers\netr28x.sys
2012-03-25 08:36 . 2011-11-15 04:21 327008 ----a-w- c:\windows\system32\RaCoInstx.dll
2012-03-25 08:36 . 2012-03-25 08:36 -------- d-----w- c:\programdata\Ralink Driver
2012-03-25 08:35 . 2011-12-08 05:36 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-03-25 08:35 . 2011-12-08 05:37 4113408 ----a-w- c:\windows\system32\stlang64.dll
2012-03-25 08:35 . 2011-12-08 05:37 1424896 ----a-w- c:\windows\sttray64.exe
2012-03-25 08:35 . 2011-12-08 05:37 6012416 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-03-25 08:35 . 2011-12-08 05:37 564224 ----a-w- c:\windows\system32\idt64mp1.exe
2012-03-25 08:35 . 2011-12-08 05:37 5077504 ----a-w- c:\windows\system32\IDTNHP.dll
2012-03-25 08:35 . 2011-12-08 05:37 233472 ----a-w- c:\windows\system32\IDTNJ.exe
2012-03-25 08:35 . 2011-12-08 05:37 1819136 ----a-w- c:\windows\system32\IDTNC64.cpl
2012-03-25 08:35 . 2011-12-08 05:37 1041920 ----a-w- c:\windows\system32\IDTNX.dll
2012-03-25 08:35 . 2012-03-25 08:35 -------- d-----w- c:\windows\system32\SRSLabs
2012-03-25 08:34 . 2011-12-08 05:37 251392 ----a-w- c:\windows\system32\staco64.dll
2012-03-25 08:34 . 2012-03-20 10:59 -------- d-----w- c:\windows\SysWow64\sda
2012-03-25 08:34 . 2012-03-20 10:58 -------- d-----w- c:\program files (x86)\Realtek
2012-03-25 08:34 . 2011-02-01 21:24 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2012-03-25 08:34 . 2012-03-25 08:34 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2012-03-25 08:34 . 2011-04-26 18:07 557848 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-03-25 08:33 . 2012-03-25 08:33 -------- d-----w- c:\program files\Synaptics
2012-03-25 08:33 . 2012-03-25 08:33 -------- d-----w- c:\program files\Common Files\Intel
2012-03-25 08:33 . 2012-03-25 08:33 -------- d-----w- c:\program files (x86)\Common Files\Intel
2012-03-25 08:32 . 2012-03-25 08:38 -------- d-----w- c:\program files (x86)\Intel
2012-03-25 08:32 . 2010-10-07 17:37 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-03-25 08:32 . 2012-03-25 08:32 -------- d-----w- C:\Intel
2012-03-20 10:58 . 2012-03-20 10:58 9887848 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll
2012-03-20 10:58 . 2012-03-20 10:58 339048 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2012-03-20 05:53 . 2012-03-20 05:53 -------- d-----w- c:\users\Kyle\AppData\Roaming\Tific
2012-03-20 05:53 . 2012-03-20 05:53 -------- d-----w- c:\users\Kyle\AppData\Local\Symantec
2012-03-20 05:46 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-20 05:46 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-20 05:46 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-20 05:14 . 2012-03-20 05:14 -------- d-----w- c:\users\Kyle\AppData\Roaming\Malwarebytes
2012-03-20 05:14 . 2012-03-20 05:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-20 05:14 . 2012-03-20 05:14 -------- d-----w- c:\programdata\Malwarebytes
2012-03-20 04:27 . 2012-04-09 21:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-20 04:19 . 2012-03-20 04:34 -------- d-----w- C:\sh4ldr
2012-03-20 04:19 . 2012-03-20 04:19 -------- d-----w- c:\program files\Enigma Software Group
2012-03-16 00:42 . 2012-03-16 00:42 -------- d-----w- c:\program files (x86)\Strange Loop Games
2012-03-14 07:40 . 2012-03-14 07:40 -------- d-----w- c:\users\Kyle\AppData\Roaming\Doublefine
2012-03-14 07:01 . 2012-03-14 07:38 -------- d-----w- c:\program files (x86)\Alan Wake.v 1.00.16.3209 + 2 DLC
2012-03-14 06:50 . 2012-03-14 06:50 -------- d-----w- c:\program files (x86)\Double Fine Productions
2012-03-14 02:32 . 2012-03-14 02:32 -------- d-----w- c:\users\Kyle\AppData\Local\Chromium
2012-03-13 23:15 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:15 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:15 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 18:48 . 2012-03-13 18:48 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\A8CE.tmp
2012-03-13 18:48 . 2012-03-13 18:48 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\A840.tmp
2012-03-13 17:26 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 17:26 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 17:26 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 17:26 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 17:26 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 17:26 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:26 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 13:09 . 2012-02-20 05:19 1890 --sha-w- c:\programdata\KGyGaAvL.sys
2012-02-20 06:52 . 2012-02-20 06:52 286720 ----a-w- c:\windows\iun506.exe
2012-02-20 05:19 . 2012-02-20 05:19 88 --sh--r- c:\programdata\EA3B4CDAF4.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files (x86)\PageRage\prxtbPage.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2011-10-30 08:46 89008 ----a-w- c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\PageRage\prxtbPage.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "c:\program files (x86)\PageRage\prxtbPage.dll" [2011-05-09 176936]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll" [2011-10-30 89008]
.
[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-26 1242448]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-11-05 3077528]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2011-11-12 5960560]
"Akamai NetSession Interface"="c:\users\Kyle\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2007-02-16 282624]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-03-17 974688]
.
c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll c:\progra~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-03-20 2425960]
R2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdcserv.exe [2007-05-25 34224]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\Kyle\AppData\Local\Temp\0056BD.tmp [x]
R3 X6va006;X6va006;c:\users\Kyle\AppData\Local\Temp\006F85D.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-04-02 1160824]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120406.003\IDSvia64.sys [2012-03-17 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-03-17 782744]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-05-06 263496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe [2007-05-25 567216]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe [2011-04-17 130008]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-28 c:\windows\Tasks\HPCeeScheduleForKyle.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxdcamon"="c:\program files (x86)\Lexmark 1300 Series\lxdcamon.exe" [2009-04-27 25256]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-08 1424896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-08 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-08 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-08 416024]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.imesh.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: Interfaces\{6793F14E-FF6D-4EF4-9B97-25F49B3DBF25}\E494557657563747: DhcpNameServer = 131.156.1.11 131.156.126.2
FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\o1kyaz0f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=1097&systemid=1&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - 27e7d0f4-8045-46ab-b817-cf9a9de8df30
FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage/Ads,PageRage/Global,PageRageTeases,Buzzdock,BuzzDockTease,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
SafeBoot-18408349.sys
Toolbar-10 - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-lxdcmon.exe - c:\program files (x86)\Lexmark 1300 Series\lxdcmon.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Kyle\AppData\Local\Temp\0056BD.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Kyle\AppData\Local\Temp\006F85D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NORTON 360\ENGINE\5.2.1.3\cltLMH.exe
.
**************************************************************************
.
Completion time: 2012-04-10 17:34:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-10 22:34
.
Pre-Run: 159,247,269,888 bytes free
Post-Run: 164,887,998,464 bytes free
.
- - End Of File - - 3F703F0F19965AC64786230001B9EF00

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:49 PM

Posted 10 April 2012 - 06:20 PM

Hello,

Glad to hear your machine is doing better. We still have a little work to do however.


1.
Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Dealio Toolbar v5.2
PageRage Toolbar
Wincore MediaBar


Additional instructions can be found here if needed.


2.
We need to run a CFScript.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File::
c:\users\Kyle\AppData\Local\Temp\0056BD.tmp
c:\users\Kyle\AppData\Local\Temp\006F85D.tmp

Firefox::
FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\o1kyaz0f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}

DDS::
uStart Page = hxxp://search.imesh.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=-
"AppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

Driver::
X6va005
X6va006


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


3.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

4.
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

Things to include in your next reply::
Combofix.txt
MBAM log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 reikendude

reikendude
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 10 April 2012 - 07:43 PM

I still have redirects, other than that it hasn't really changed. It gave me that same error after I did combofix so I had to restart again. Also, combofix gets stuck after it says step 4 completed unless I run it right after I reboot. (AKA it was on that step for about 40 mins)

Combofix log:
ComboFix 12-04-10.02 - Kyle 04/10/2012 18:55:10.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2587 [GMT -5:00]
Running from: c:\users\Kyle\Desktop\ComboFix.exe
Command switches used :: c:\users\Kyle\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Kyle\AppData\Local\Temp\0056BD.tmp"
"c:\users\Kyle\AppData\Local\Temp\006F85D.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA005
-------\Legacy_X6VA006
-------\Service_X6va005
-------\Service_X6va006
.
.
((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))
.
.
2012-04-10 01:40 . 2011-05-06 06:01 1658368 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM.dll
2012-04-09 03:32 . 2012-04-09 03:40 -------- d-----w- c:\users\Kyle\AppData\Local\NPE
2012-04-09 03:25 . 2012-04-09 03:25 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-04-03 23:23 . 2012-04-06 05:20 -------- d-----w- c:\windows\system32\drivers\N360x64\0502010.003
2012-04-01 00:22 . 2012-04-06 05:18 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-04-01 00:22 . 2012-04-06 05:20 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-03-31 20:09 . 2012-03-31 20:09 -------- d-----w- c:\users\Kyle\AppData\Roaming\digipen
2012-03-31 20:09 . 2012-03-31 20:09 -------- d-----w- c:\users\Kyle\AppData\Local\digipen
2012-03-31 20:04 . 2012-04-06 05:18 -------- d-----w- c:\program files (x86)\Digipen
2012-03-31 01:26 . 2012-03-31 01:27 -------- d-----w- c:\users\Kyle\AppData\Roaming\Beat Hazard
2012-03-25 09:27 . 2012-03-25 09:27 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-03-25 09:27 . 2012-03-25 09:27 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-03-25 09:26 . 2012-03-25 09:26 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-03-25 09:26 . 2012-03-25 09:26 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-03-25 09:26 . 2012-03-25 09:26 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-03-25 09:26 . 2012-03-25 09:26 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2012-03-25 09:26 . 2012-03-25 09:26 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-03-25 09:26 . 2012-03-25 09:26 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-03-25 09:23 . 2012-01-12 16:23 -------- d-----w- c:\windows\ehome
2012-03-25 09:23 . 2012-03-25 09:23 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2012-03-25 09:23 . 2012-03-25 09:23 -------- d-----r- c:\users\Public\Recorded TV
2012-03-25 08:57 . 2012-03-25 08:57 -------- d-----w- c:\programdata\Synaptics
2012-03-25 08:57 . 2012-03-25 08:57 -------- d-----w- c:\programdata\Intel
2012-03-25 08:50 . 2012-03-25 08:50 -------- d-----w- c:\users\Public\Symantec
2012-03-25 08:50 . 2012-03-25 08:50 -------- d-----w- c:\program files (x86)\SymSilent
2012-03-25 08:50 . 2012-03-25 08:50 -------- d-----w- c:\program files (x86)\Microsoft
2012-03-25 08:46 . 2012-03-25 08:46 -------- d-----w- c:\program files (x86)\HP SimplePass 2011
2012-03-25 08:45 . 2012-03-25 08:45 -------- d-----w- c:\program files\Common Files\AuthenTec
2012-03-25 08:45 . 2012-03-25 08:45 -------- d-----w- c:\program files (x86)\Common Files\AuthenTec
2012-03-25 08:45 . 2012-03-25 08:46 -------- d-----w- c:\programdata\Downloaded Installations
2012-03-25 08:45 . 2012-04-09 03:32 -------- d-----w- c:\programdata\Norton
2012-03-25 08:43 . 2012-03-25 08:43 -------- d-----w- c:\program files (x86)\CyberLink
2012-03-25 08:43 . 2012-03-25 08:43 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-03-25 08:42 . 2011-10-26 02:58 -------- d-----r- c:\program files\Online Services
2012-03-25 08:39 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-03-25 08:39 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2012-03-25 08:38 . 2011-11-27 19:13 -------- d-----w- c:\program files\Symantec
2012-03-25 08:36 . 2012-03-25 08:42 -------- d-----w- c:\windows\Hewlett-Packard
2012-03-25 08:36 . 2011-11-15 04:53 1813056 ----a-w- c:\windows\system32\drivers\netr28x.sys
2012-03-25 08:36 . 2011-11-15 04:21 327008 ----a-w- c:\windows\system32\RaCoInstx.dll
2012-03-25 08:36 . 2012-03-25 08:36 -------- d-----w- c:\programdata\Ralink Driver
2012-03-25 08:35 . 2011-12-08 05:36 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-03-25 08:35 . 2011-12-08 05:37 4113408 ----a-w- c:\windows\system32\stlang64.dll
2012-03-25 08:35 . 2011-12-08 05:37 1424896 ----a-w- c:\windows\sttray64.exe
2012-03-25 08:35 . 2011-12-08 05:37 6012416 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-03-25 08:35 . 2011-12-08 05:37 564224 ----a-w- c:\windows\system32\idt64mp1.exe
2012-03-25 08:35 . 2011-12-08 05:37 5077504 ----a-w- c:\windows\system32\IDTNHP.dll
2012-03-25 08:35 . 2011-12-08 05:37 233472 ----a-w- c:\windows\system32\IDTNJ.exe
2012-03-25 08:35 . 2011-12-08 05:37 1819136 ----a-w- c:\windows\system32\IDTNC64.cpl
2012-03-25 08:35 . 2011-12-08 05:37 1041920 ----a-w- c:\windows\system32\IDTNX.dll
2012-03-25 08:35 . 2012-03-25 08:35 -------- d-----w- c:\windows\system32\SRSLabs
2012-03-25 08:34 . 2011-12-08 05:37 251392 ----a-w- c:\windows\system32\staco64.dll
2012-03-25 08:34 . 2012-03-20 10:59 -------- d-----w- c:\windows\SysWow64\sda
2012-03-25 08:34 . 2012-03-20 10:58 -------- d-----w- c:\program files (x86)\Realtek
2012-03-25 08:34 . 2011-02-01 21:24 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2012-03-25 08:34 . 2012-03-25 08:34 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2012-03-25 08:34 . 2011-04-26 18:07 557848 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-03-25 08:33 . 2012-03-25 08:33 -------- d-----w- c:\program files\Synaptics
2012-03-25 08:33 . 2012-03-25 08:33 -------- d-----w- c:\program files\Common Files\Intel
2012-03-25 08:33 . 2012-03-25 08:33 -------- d-----w- c:\program files (x86)\Common Files\Intel
2012-03-25 08:32 . 2012-03-25 08:38 -------- d-----w- c:\program files (x86)\Intel
2012-03-25 08:32 . 2010-10-07 17:37 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-03-25 08:32 . 2012-03-25 08:32 -------- d-----w- C:\Intel
2012-03-20 10:58 . 2012-03-20 10:58 9887848 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll
2012-03-20 10:58 . 2012-03-20 10:58 339048 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2012-03-20 05:53 . 2012-03-20 05:53 -------- d-----w- c:\users\Kyle\AppData\Roaming\Tific
2012-03-20 05:53 . 2012-03-20 05:53 -------- d-----w- c:\users\Kyle\AppData\Local\Symantec
2012-03-20 05:46 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-20 05:46 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-20 05:46 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-20 05:14 . 2012-03-20 05:14 -------- d-----w- c:\users\Kyle\AppData\Roaming\Malwarebytes
2012-03-20 05:14 . 2012-03-20 05:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-20 05:14 . 2012-03-20 05:14 -------- d-----w- c:\programdata\Malwarebytes
2012-03-20 04:27 . 2012-04-09 21:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-20 04:19 . 2012-03-20 04:34 -------- d-----w- C:\sh4ldr
2012-03-20 04:19 . 2012-03-20 04:19 -------- d-----w- c:\program files\Enigma Software Group
2012-03-16 00:42 . 2012-03-16 00:42 -------- d-----w- c:\program files (x86)\Strange Loop Games
2012-03-14 07:40 . 2012-03-14 07:40 -------- d-----w- c:\users\Kyle\AppData\Roaming\Doublefine
2012-03-14 07:01 . 2012-03-14 07:38 -------- d-----w- c:\program files (x86)\Alan Wake.v 1.00.16.3209 + 2 DLC
2012-03-14 06:50 . 2012-03-14 06:50 -------- d-----w- c:\program files (x86)\Double Fine Productions
2012-03-14 02:32 . 2012-03-14 02:32 -------- d-----w- c:\users\Kyle\AppData\Local\Chromium
2012-03-13 23:15 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:15 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:15 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 18:48 . 2012-03-13 18:48 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\A8CE.tmp
2012-03-13 18:48 . 2012-03-13 18:48 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\A840.tmp
2012-03-13 17:26 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 17:26 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 17:26 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 17:26 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 17:26 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 17:26 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:26 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 13:09 . 2012-02-20 05:19 1890 --sha-w- c:\programdata\KGyGaAvL.sys
2012-02-20 06:52 . 2012-02-20 06:52 286720 ----a-w- c:\windows\iun506.exe
2012-02-20 05:19 . 2012-02-20 05:19 88 --sh--r- c:\programdata\EA3B4CDAF4.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-10_22.29.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-10 22:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-10 22:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-10 22:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-10 22:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-10 22:40 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-10 22:13 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-04-10 23:52 51670 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-10 23:52 40476 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-26 02:59 . 2012-04-10 23:52 9316 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1247527095-1015957483-954240397-1001_UserData.bin
- 2012-04-10 22:29 . 2012-04-10 22:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-11 00:07 . 2012-04-11 00:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-11 00:07 . 2012-04-11 00:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-10 22:29 . 2012-04-10 22:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-10 22:18 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-10 23:57 624178 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-10 22:18 106522 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-10 23:57 106522 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-11 00:07 342304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-10 22:28 342304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-28 16:09 . 2012-04-10 23:49 1144280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1247527095-1015957483-954240397-1001-12288.dat
+ 2011-10-26 03:19 . 2012-04-11 00:07 16269884 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1247527095-1015957483-954240397-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-26 1242448]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-11-05 3077528]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2011-11-12 5960560]
"Akamai NetSession Interface"="c:\users\Kyle\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2007-02-16 282624]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
.
c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-03-20 2425960]
R2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdcserv.exe [2007-05-25 34224]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-04-02 1160824]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120406.003\IDSvia64.sys [2012-03-17 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-05-06 263496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe [2007-05-25 567216]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe [2011-04-17 130008]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-28 c:\windows\Tasks\HPCeeScheduleForKyle.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"lxdcmon.exe"="c:\program files (x86)\Lexmark 1300 Series\lxdcmon.exe" [BU]
"lxdcamon"="c:\program files (x86)\Lexmark 1300 Series\lxdcamon.exe" [2009-04-27 25256]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-08 1424896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-08 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-08 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-08 416024]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
"combofix"="c:\combofix\CF12019.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: Interfaces\{6793F14E-FF6D-4EF4-9B97-25F49B3DBF25}\E494557657563747: DhcpNameServer = 131.156.1.11 131.156.126.2
FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\o1kyaz0f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=1097&systemid=1&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - 27e7d0f4-8045-46ab-b817-cf9a9de8df30
FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage/Ads,PageRage/Global,PageRageTeases,Buzzdock,BuzzDockTease,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
BHO-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll
Toolbar-10 - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-04-10 19:12:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-11 00:12
ComboFix2.txt 2012-04-10 22:34
.
Pre-Run: 167,476,297,728 bytes free
Post-Run: 167,242,174,464 bytes free
.
- - End Of File - - E2E41E44D16D40A496B2220998F83973

MBAM log:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.10.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kyle :: QUINCY [administrator]

4/10/2012 7:27:31 PM
mbam-log-2012-04-10 (19-27-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198872
Time elapsed: 3 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Kyle\AppData\Roaming\Babylon\Babylon\hdpkf.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Kyle\Downloads\AbiWord_Setup.exe (Adware.IBryte) -> Quarantined and deleted successfully.

(end)

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:49 PM

Posted 10 April 2012 - 08:02 PM

Hello,


You didn't have redirects the first time after you ran Combofix but you do now is that correct?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 reikendude

reikendude
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 10 April 2012 - 08:08 PM

After typing a random word into google and clicking on the first ten sites, it seems that all is well, I must have been mistaken. Though I have had it happen before where after 'removing' the malware and restarting my computer, my computer acts fine for the first little bit and then starts redirecting again. Right now though it seems fine.

EDIT: Nevermind, I'm still getting redirects, I just checked again. Redirected to www.happili.com

Edited by reikendude, 10 April 2012 - 08:18 PM.


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:49 PM

Posted 11 April 2012 - 04:39 PM

Hello,


1.
Is your computer connected to the internet through a router? If so we need to reset that router.
How to reset your router.


2.
Download the yorkyt.exe disinfection tool (1,31 MB).

Save the file to your hard disk; to the Windows Desktop, for example.
Double click the yorkyt.exe file.
A reboot will be requested to install a driver.
Another reboot will be requested to complete the disinfection.
When the disinfection is completed, accept the message that will be displayed.
In order to ensure a full cleanup, run a scan of your PC with the antivirus installed.
Please post the log that it made.

3.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

4.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


Things to include in your next reply::
yorkyt.exe log
Roguekiller log
aswMbr log
Still redirecting?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 reikendude

reikendude
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 11 April 2012 - 10:06 PM

I can't reset the router, as I live in an apartment and I do not own the router. I still have the redirects after running everything but aswMBR actually ran this time.

I did not fix/delete anything that you did not tell me to.

yorkyt:
2012-04-11 19:36:40: ****************************************************
2012-04-11 19:36:40: Starting UP ... v 0.0.0.220
2012-04-11 19:36:40: ****************************************************
2012-04-11 19:36:41: Stop TPSRV returns: 2
2012-04-11 19:36:56: Listing processes...
2012-04-11 19:36:56: :[System Process]:0
2012-04-11 19:36:56: :System:4
2012-04-11 19:36:56: :smss.exe:336
2012-04-11 19:36:56: :csrss.exe:504
2012-04-11 19:36:56: :wininit.exe:580
2012-04-11 19:36:56: :csrss.exe:600
2012-04-11 19:36:56: :services.exe:644
2012-04-11 19:36:56: :lsass.exe:660
2012-04-11 19:36:56: :lsm.exe:668
2012-04-11 19:36:56: :winlogon.exe:728
2012-04-11 19:36:56: :svchost.exe:828
2012-04-11 19:36:56: :TrueSuiteService.exe:888
2012-04-11 19:36:56: :svchost.exe:948
2012-04-11 19:36:56: :svchost.exe:120
2012-04-11 19:36:56: :svchost.exe:500
2012-04-11 19:36:56: :svchost.exe:488
2012-04-11 19:36:56: :stacsv64.exe:664
2012-04-11 19:36:56: :svchost.exe:1220
2012-04-11 19:36:56: :svchost.exe:1344
2012-04-11 19:36:56: :spoolsv.exe:1488
2012-04-11 19:36:56: :svchost.exe:1532
2012-04-11 19:36:56: :AppleMobileDeviceService.exe:1636
2012-04-11 19:36:56: :mDNSResponder.exe:1692
2012-04-11 19:36:56: :svchost.exe:1720
2012-04-11 19:36:56: :hamachi-2.exe:1760
2012-04-11 19:36:56: :HPClientServices.exe:1796
2012-04-11 19:36:56: :HPDrvMntSvc.exe:1824
2012-04-11 19:36:56: :HPWMISVC.exe:1880
2012-04-11 19:36:56: :jhi_service.exe:1904
2012-04-11 19:36:56: :lxdccoms.exe:1264
2012-04-11 19:36:56: :ccsvchst.exe:1304
2012-04-11 19:36:56: :RNowSvc.exe:2036
2012-04-11 19:36:56: :SeaPort.EXE:1676
2012-04-11 19:36:56: :WLIDSVC.EXE:2264
2012-04-11 19:36:56: :WLIDSVCM.EXE:2324
2012-04-11 19:36:56: :WUDFHost.exe:2780
2012-04-11 19:36:56: :svchost.exe:2916
2012-04-11 19:36:56: :SearchIndexer.exe:2572
2012-04-11 19:36:56: :HPSA_Service.exe:3280
2012-04-11 19:36:56: :IAStorDataMgrSvc.exe:3528
2012-04-11 19:36:56: :RIconMan.exe:760
2012-04-11 19:36:56: :LMS.exe:2892
2012-04-11 19:36:56: :UNS.exe:1996
2012-04-11 19:36:56: :taskhost.exe:2208
2012-04-11 19:36:56: :ccsvchst.exe:2120
2012-04-11 19:36:56: :dwm.exe:3668
2012-04-11 19:36:56: :explorer.exe:2956
2012-04-11 19:36:56: :WmiPrvSE.exe:1364
2012-04-11 19:36:56: :SynTPEnh.exe:3588
2012-04-11 19:36:56: :lxdcamon.exe:4108
2012-04-11 19:36:56: :unsecapp.exe:4132
2012-04-11 19:36:56: :sttray64.exe:4216
2012-04-11 19:36:56: :hkcmd.exe:4264
2012-04-11 19:36:56: :igfxpers.exe:4312
2012-04-11 19:36:56: :Steam.exe:4420
2012-04-11 19:36:56: :BitTorrent.exe:4512
2012-04-11 19:36:56: :SynTPHelper.exe:4584
2012-04-11 19:36:56: :netsession_win.exe:4600
2012-04-11 19:36:56: :msnmsgr.exe:4608
2012-04-11 19:36:56: :netsession_win.exe:4652
2012-04-11 19:36:56: :soffice.exe:4712
2012-04-11 19:36:56: :soffice.bin:4768
2012-04-11 19:36:56: :IAStorIcon.exe:4832
2012-04-11 19:36:56: :hpqwutils.exe:4844
2012-04-11 19:36:56: :AdobeARM.exe:4884
2012-04-11 19:36:56: :HPOSD.exe:4928
2012-04-11 19:36:56: :VCDDaemon.exe:4972
2012-04-11 19:36:56: :qttask.exe:4980
2012-04-11 19:36:56: :iTunesHelper.exe:5032
2012-04-11 19:36:56: :datamngrUI.exe:5056
2012-04-11 19:36:56: :DivXUpdate.exe:5064
2012-04-11 19:36:56: :winampa.exe:5100
2012-04-11 19:36:56: :hamachi-2-ui.exe:5108
2012-04-11 19:36:56: :HPMSGSVC.exe:5116
2012-04-11 19:36:56: :hpqWmiEx.exe:4528
2012-04-11 19:36:56: :iPodService.exe:5144
2012-04-11 19:36:56: :taskeng.exe:5800
2012-04-11 19:36:56: :wuauclt.exe:5856
2012-04-11 19:36:56: :YCMMirage.exe:5928
2012-04-11 19:36:56: :SteamService.exe:3684
2012-04-11 19:36:56: :svchost.exe:5492
2012-04-11 19:36:56: :PresentationFontCache.exe:4776
2012-04-11 19:36:56: :wlcomm.exe:3688
2012-04-11 19:36:56: :audiodg.exe:4168
2012-04-11 19:36:56: :TouchControl.exe:6340
2012-04-11 19:36:56: :BioMonitor.exe:6360
2012-04-11 19:36:56: :firefox.exe:4544
2012-04-11 19:36:56: :plugin-container.exe:6408
2012-04-11 19:36:56: :plugin-container.exe:3060
2012-04-11 19:36:56: :SearchProtocolHost.exe:7136
2012-04-11 19:36:56: :SearchFilterHost.exe:5448
2012-04-11 19:36:56: :yorkyt.exe:3676
2012-04-11 19:36:56: :WmiPrvSE.exe:3980
2012-04-11 19:36:56:
2012-04-11 19:36:56: Setting restore point
2012-04-11 19:37:35: RUN mode
2012-04-11 19:37:35: Determining autonomous or dropped mode...
2012-04-11 19:37:35: Autonomus mode
2012-04-11 19:37:35: ---------------------------------------------------------------------
2012-04-11 19:37:35: Found Service: AeLookupSvc
2012-04-11 19:37:35: Real Path: C:\Windows\System32\aelupsvc.dll
2012-04-11 19:37:35: Display Name: @%SystemRoot%\system32\aelupsvc.dll,-1
2012-04-11 19:37:35: Description: @%SystemRoot%\system32\aelupsvc.dll,-2
2012-04-11 19:37:35: ServiceDLL: System32\aelupsvc.dll
2012-04-11 19:37:35: File size: 0
2012-04-11 19:37:35: DLL File name: aelupsvc.dll
2012-04-11 19:37:35: Original File Name: aelupsvc.dll.mui
2012-04-11 19:37:35: Company:
2012-04-11 19:37:35: Mod/Cre/Acc time:
2012-04-11 19:37:36: ---------------------------------------------------------------------
2012-04-11 19:37:36: Found Service: AppIDSvc
2012-04-11 19:37:36: Real Path: C:\Windows\System32\appidsvc.dll
2012-04-11 19:37:36: Display Name: @%systemroot%\system32\appidsvc.dll,-100
2012-04-11 19:37:36: Description: @%systemroot%\system32\appidsvc.dll,-101
2012-04-11 19:37:36: ServiceDLL: System32\appidsvc.dll
2012-04-11 19:37:36: File size: 0
2012-04-11 19:37:36: DLL File name: appidsvc.dll
2012-04-11 19:37:36: Original File Name: appidsvc.dll.mui
2012-04-11 19:37:36: Company:
2012-04-11 19:37:36: Mod/Cre/Acc time:
2012-04-11 19:37:36: ---------------------------------------------------------------------
2012-04-11 19:37:36: Found Service: Appinfo
2012-04-11 19:37:36: Real Path: C:\Windows\System32\appinfo.dll
2012-04-11 19:37:36: Display Name: @%systemroot%\system32\appinfo.dll,-100
2012-04-11 19:37:36: Description: @%systemroot%\system32\appinfo.dll,-101
2012-04-11 19:37:36: ServiceDLL: System32\appinfo.dll
2012-04-11 19:37:36: File size: 0
2012-04-11 19:37:36: DLL File name: appinfo.dll
2012-04-11 19:37:36: Original File Name: appinfo.dll.mui
2012-04-11 19:37:36: Company:
2012-04-11 19:37:36: Mod/Cre/Acc time:
2012-04-11 19:37:36: !!!!!!!
2012-04-11 19:37:36: Found Service: AppMgmt
2012-04-11 19:37:36: Real Path: C:\Windows\System32\appmgmts.dll
2012-04-11 19:37:36: Display Name:
2012-04-11 19:37:36: Description:
2012-04-11 19:37:36: ServiceDLL: System32\appmgmts.dll
2012-04-11 19:37:36: File size: 0
2012-04-11 19:37:36: DLL File name: appmgmts.dll
2012-04-11 19:37:36: Original File Name:
2012-04-11 19:37:36: Company:
2012-04-11 19:37:36: Mod/Cre/Acc time:
2012-04-11 19:37:36: !!!!!!!!!
2012-04-11 19:37:36: ---------------------------------------------------------------------
2012-04-11 19:37:36: Found Service: AudioEndpointBuilder
2012-04-11 19:37:36: Real Path: C:\Windows\System32\Audiosrv.dll
2012-04-11 19:37:36: Display Name: @%SystemRoot%\system32\audiosrv.dll,-204
2012-04-11 19:37:36: Description: @%SystemRoot%\System32\audiosrv.dll,-205
2012-04-11 19:37:36: ServiceDLL: System32\Audiosrv.dll
2012-04-11 19:37:36: File size: 0
2012-04-11 19:37:36: DLL File name: Audiosrv.dll
2012-04-11 19:37:36: Original File Name: audiosrv.dll.mui
2012-04-11 19:37:36: Company:
2012-04-11 19:37:36: Mod/Cre/Acc time:
2012-04-11 19:37:36: ---------------------------------------------------------------------
2012-04-11 19:37:36: Found Service: AudioSrv
2012-04-11 19:37:36: Real Path: C:\Windows\System32\Audiosrv.dll
2012-04-11 19:37:36: Display Name: @%SystemRoot%\system32\audiosrv.dll,-200
2012-04-11 19:37:36: Description: @%SystemRoot%\System32\audiosrv.dll,-201
2012-04-11 19:37:36: ServiceDLL: System32\Audiosrv.dll
2012-04-11 19:37:36: File size: 0
2012-04-11 19:37:36: DLL File name: Audiosrv.dll
2012-04-11 19:37:36: Original File Name: audiosrv.dll.mui
2012-04-11 19:37:36: Company:
2012-04-11 19:37:36: Mod/Cre/Acc time:
2012-04-11 19:37:36: ---------------------------------------------------------------------
2012-04-11 19:37:36: Found Service: AxInstSV
2012-04-11 19:37:36: Real Path: C:\Windows\System32\AxInstSV.dll
2012-04-11 19:37:36: Display Name: @%SystemRoot%\system32\AxInstSV.dll,-103
2012-04-11 19:37:36: Description: @%SystemRoot%\system32\AxInstSV.dll,-104
2012-04-11 19:37:36: ServiceDLL: System32\AxInstSV.dll
2012-04-11 19:37:36: File size: 0
2012-04-11 19:37:36: DLL File name: AxInstSV.dll
2012-04-11 19:37:36: Original File Name: AxInstSv.dll.mui
2012-04-11 19:37:36: Company:
2012-04-11 19:37:36: Mod/Cre/Acc time:
2012-04-11 19:37:36: ---------------------------------------------------------------------
2012-04-11 19:37:36: Found Service: BDESVC
2012-04-11 19:37:36: Real Path: C:\Windows\System32\bdesvc.dll
2012-04-11 19:37:36: Display Name: @%SystemRoot%\system32\bdesvc.dll,-100
2012-04-11 19:37:36: Description: @%SystemRoot%\system32\bdesvc.dll,-101
2012-04-11 19:37:36: ServiceDLL: System32\bdesvc.dll
2012-04-11 19:37:36: File size: 0
2012-04-11 19:37:36: DLL File name: bdesvc.dll
2012-04-11 19:37:36: Original File Name: BDESVC.DLL.MUI
2012-04-11 19:37:36: Company:
2012-04-11 19:37:36: Mod/Cre/Acc time:
2012-04-11 19:37:37: ---------------------------------------------------------------------
2012-04-11 19:37:37: Found Service: BFE
2012-04-11 19:37:37: Real Path: C:\Windows\System32\bfe.dll
2012-04-11 19:37:37: Display Name: @%SystemRoot%\system32\bfe.dll,-1001
2012-04-11 19:37:37: Description: @%SystemRoot%\system32\bfe.dll,-1002
2012-04-11 19:37:37: ServiceDLL: System32\bfe.dll
2012-04-11 19:37:37: File size: 0
2012-04-11 19:37:37: DLL File name: bfe.dll
2012-04-11 19:37:37: Original File Name: BFE.DLL.MUI
2012-04-11 19:37:37: Company:
2012-04-11 19:37:37: Mod/Cre/Acc time:
2012-04-11 19:37:37: ---------------------------------------------------------------------
2012-04-11 19:37:37: Found Service: BITS
2012-04-11 19:37:37: Real Path: C:\Windows\system32\qmgr.dll
2012-04-11 19:37:37: Display Name: @%SystemRoot%\system32\qmgr.dll,-1000
2012-04-11 19:37:37: Description: @%SystemRoot%\system32\qmgr.dll,-1001
2012-04-11 19:37:37: ServiceDLL: system32\qmgr.dll
2012-04-11 19:37:37: File size: 0
2012-04-11 19:37:37: DLL File name: qmgr.dll
2012-04-11 19:37:37: Original File Name: qmgr.dll.mui
2012-04-11 19:37:37: Company:
2012-04-11 19:37:37: Mod/Cre/Acc time:
2012-04-11 19:37:37: ---------------------------------------------------------------------
2012-04-11 19:37:37: Found Service: Browser
2012-04-11 19:37:37: Real Path: C:\Windows\System32\browser.dll
2012-04-11 19:37:37: Display Name: @%systemroot%\system32\browser.dll,-100
2012-04-11 19:37:37: Description: @%systemroot%\system32\browser.dll,-101
2012-04-11 19:37:37: ServiceDLL: System32\browser.dll
2012-04-11 19:37:37: File size: 0
2012-04-11 19:37:37: DLL File name: browser.dll
2012-04-11 19:37:37: Original File Name: browser.dll.mui
2012-04-11 19:37:37: Company:
2012-04-11 19:37:37: Mod/Cre/Acc time:
2012-04-11 19:37:37: ---------------------------------------------------------------------
2012-04-11 19:37:37: Found Service: bthserv
2012-04-11 19:37:37: Real Path: C:\Windows\system32\bthserv.dll
2012-04-11 19:37:37: Display Name: @%SystemRoot%\System32\bthserv.dll,-101
2012-04-11 19:37:37: Description: @%SystemRoot%\System32\bthserv.dll,-102
2012-04-11 19:37:37: ServiceDLL: system32\bthserv.dll
2012-04-11 19:37:37: File size: 0
2012-04-11 19:37:37: DLL File name: bthserv.dll
2012-04-11 19:37:37: Original File Name: BTHSERV.DLL.MUI
2012-04-11 19:37:37: Company:
2012-04-11 19:37:37: Mod/Cre/Acc time:
2012-04-11 19:37:37: ---------------------------------------------------------------------
2012-04-11 19:37:37: Found Service: CertPropSvc
2012-04-11 19:37:37: Real Path: C:\Windows\System32\certprop.dll
2012-04-11 19:37:37: Display Name: @%SystemRoot%\System32\certprop.dll,-11
2012-04-11 19:37:37: Description: @%SystemRoot%\System32\certprop.dll,-12
2012-04-11 19:37:37: ServiceDLL: System32\certprop.dll
2012-04-11 19:37:37: File size: 0
2012-04-11 19:37:37: DLL File name: certprop.dll
2012-04-11 19:37:37: Original File Name: certprop.dll.mui
2012-04-11 19:37:37: Company:
2012-04-11 19:37:37: Mod/Cre/Acc time:
2012-04-11 19:37:37: ---------------------------------------------------------------------
2012-04-11 19:37:37: Found Service: CryptSvc
2012-04-11 19:37:37: Real Path: C:\Windows\system32\cryptsvc.dll
2012-04-11 19:37:37: Display Name: @%SystemRoot%\system32\cryptsvc.dll,-1001
2012-04-11 19:37:37: Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
2012-04-11 19:37:37: ServiceDLL: system32\cryptsvc.dll
2012-04-11 19:37:37: File size: 136192
2012-04-11 19:37:37: DLL File name: cryptsvc.dll
2012-04-11 19:37:37: Original File Name: cryptsvc.dll.mui
2012-04-11 19:37:37: Company:
2012-04-11 19:37:37: Mod/Cre/Acc time: 20101120222432 20101120222432 20120411121107
2012-04-11 19:37:37: ---------------------------------------------------------------------
2012-04-11 19:37:38: Found Service: DcomLaunch
2012-04-11 19:37:38: Real Path: C:\Windows\system32\rpcss.dll
2012-04-11 19:37:38: Display Name: @oleres.dll,-5012
2012-04-11 19:37:38: Description: @oleres.dll,-5013
2012-04-11 19:37:38: ServiceDLL: system32\rpcss.dll
2012-04-11 19:37:38: File size: 0
2012-04-11 19:37:38: DLL File name: rpcss.dll
2012-04-11 19:37:38: Original File Name: rpcss.dll
2012-04-11 19:37:38: Company:
2012-04-11 19:37:38: Mod/Cre/Acc time:
2012-04-11 19:37:38: ---------------------------------------------------------------------
2012-04-11 19:37:38: Found Service: defragsvc
2012-04-11 19:37:38: Real Path: C:\Windows\System32\defragsvc.dll
2012-04-11 19:37:38: Display Name: @%SystemRoot%\system32\defragsvc.dll,-101
2012-04-11 19:37:38: Description: @%SystemRoot%\system32\defragsvc.dll,-102
2012-04-11 19:37:38: ServiceDLL: System32\defragsvc.dll
2012-04-11 19:37:38: File size: 0
2012-04-11 19:37:38: DLL File name: defragsvc.dll
2012-04-11 19:37:38: Original File Name: defragsvc.dll.mui
2012-04-11 19:37:38: Company:
2012-04-11 19:37:38: Mod/Cre/Acc time:
2012-04-11 19:37:38: ---------------------------------------------------------------------
2012-04-11 19:37:38: Found Service: Dhcp
2012-04-11 19:37:38: Real Path: C:\Windows\system32\dhcpcore.dll
2012-04-11 19:37:38: Display Name: @%SystemRoot%\system32\dhcpcore.dll,-100
2012-04-11 19:37:38: Description: @%SystemRoot%\system32\dhcpcore.dll,-101
2012-04-11 19:37:38: ServiceDLL: system32\dhcpcore.dll
2012-04-11 19:37:38: File size: 254464
2012-04-11 19:37:38: DLL File name: dhcpcore.dll
2012-04-11 19:37:38: Original File Name: dhcpcore.dll.mui
2012-04-11 19:37:38: Company:
2012-04-11 19:37:38: Mod/Cre/Acc time: 20101120222409 20101120222409 20120411121325
2012-04-11 19:37:38: ---------------------------------------------------------------------
2012-04-11 19:37:38: Found Service: Dnscache
2012-04-11 19:37:38: Real Path: C:\Windows\System32\dnsrslvr.dll
2012-04-11 19:37:38: Display Name: @%SystemRoot%\System32\dnsapi.dll,-101
2012-04-11 19:37:38: Description: @%SystemRoot%\System32\dnsapi.dll,-102
2012-04-11 19:37:38: ServiceDLL: System32\dnsrslvr.dll
2012-04-11 19:37:38: File size: 0
2012-04-11 19:37:38: DLL File name: dnsrslvr.dll
2012-04-11 19:37:38: Original File Name: dnsrslvr.dll.mui
2012-04-11 19:37:38: Company:
2012-04-11 19:37:38: Mod/Cre/Acc time:
2012-04-11 19:37:38: ---------------------------------------------------------------------
2012-04-11 19:37:38: Found Service: dot3svc
2012-04-11 19:37:38: Real Path: C:\Windows\System32\dot3svc.dll
2012-04-11 19:37:38: Display Name: @%systemroot%\system32\dot3svc.dll,-1102
2012-04-11 19:37:38: Description: @%systemroot%\system32\dot3svc.dll,-1103
2012-04-11 19:37:38: ServiceDLL: System32\dot3svc.dll
2012-04-11 19:37:38: File size: 0
2012-04-11 19:37:38: DLL File name: dot3svc.dll
2012-04-11 19:37:38: Original File Name: dot3svc.dll.mui
2012-04-11 19:37:38: Company:
2012-04-11 19:37:38: Mod/Cre/Acc time:
2012-04-11 19:37:38: ---------------------------------------------------------------------
2012-04-11 19:37:38: Found Service: DPS
2012-04-11 19:37:38: Real Path: C:\Windows\system32\dps.dll
2012-04-11 19:37:38: Display Name: @%systemroot%\system32\dps.dll,-500
2012-04-11 19:37:38: Description: @%systemroot%\system32\dps.dll,-501
2012-04-11 19:37:38: ServiceDLL: system32\dps.dll
2012-04-11 19:37:38: File size: 0
2012-04-11 19:37:38: DLL File name: dps.dll
2012-04-11 19:37:38: Original File Name: dps.dll.mui
2012-04-11 19:37:38: Company:
2012-04-11 19:37:38: Mod/Cre/Acc time:
2012-04-11 19:37:39: ---------------------------------------------------------------------
2012-04-11 19:37:39: Found Service: EapHost
2012-04-11 19:37:39: Real Path: C:\Windows\System32\eapsvc.dll
2012-04-11 19:37:39: Display Name: @%systemroot%\system32\eapsvc.dll,-1
2012-04-11 19:37:39: Description: @%systemroot%\system32\eapsvc.dll,-2
2012-04-11 19:37:39: ServiceDLL: System32\eapsvc.dll
2012-04-11 19:37:39: File size: 0
2012-04-11 19:37:39: DLL File name: eapsvc.dll
2012-04-11 19:37:39: Original File Name: eapsvc.dll.mui
2012-04-11 19:37:39: Company:
2012-04-11 19:37:39: Mod/Cre/Acc time:
2012-04-11 19:37:39: ---------------------------------------------------------------------
2012-04-11 19:37:39: Found Service: EventSystem
2012-04-11 19:37:39: Real Path: C:\Windows\system32\es.dll
2012-04-11 19:37:39: Display Name: @comres.dll,-2450
2012-04-11 19:37:39: Description: @comres.dll,-2451
2012-04-11 19:37:39: ServiceDLL: system32\es.dll
2012-04-11 19:37:39: File size: 271360
2012-04-11 19:37:39: DLL File name: es.dll
2012-04-11 19:37:39: Original File Name: ES.DLL
2012-04-11 19:37:39: Company:
2012-04-11 19:37:39: Mod/Cre/Acc time: 20090713201519 20090713184438 20120411114415
2012-04-11 19:37:39: ---------------------------------------------------------------------
2012-04-11 19:37:39: Found Service: fdPHost
2012-04-11 19:37:39: Real Path: C:\Windows\system32\fdPHost.dll
2012-04-11 19:37:39: Display Name: @%systemroot%\system32\fdPHost.dll,-100
2012-04-11 19:37:39: Description: @%systemroot%\system32\fdPHost.dll,-101
2012-04-11 19:37:39: ServiceDLL: system32\fdPHost.dll
2012-04-11 19:37:39: File size: 0
2012-04-11 19:37:39: DLL File name: fdPHost.dll
2012-04-11 19:37:39: Original File Name: fdPHost.dll.mui
2012-04-11 19:37:39: Company:
2012-04-11 19:37:39: Mod/Cre/Acc time:
2012-04-11 19:37:39: ---------------------------------------------------------------------
2012-04-11 19:37:39: Found Service: FDResPub
2012-04-11 19:37:39: Real Path: C:\Windows\system32\fdrespub.dll
2012-04-11 19:37:39: Display Name: @%systemroot%\system32\fdrespub.dll,-100
2012-04-11 19:37:39: Description: @%systemroot%\system32\fdrespub.dll,-101
2012-04-11 19:37:39: ServiceDLL: system32\fdrespub.dll
2012-04-11 19:37:39: File size: 0
2012-04-11 19:37:39: DLL File name: fdrespub.dll
2012-04-11 19:37:39: Original File Name: FDResPub.dll.mui
2012-04-11 19:37:39: Company:
2012-04-11 19:37:39: Mod/Cre/Acc time:
2012-04-11 19:37:39: !!!!!!!
2012-04-11 19:37:39: Found Service: FontCache
2012-04-11 19:37:39: Real Path: C:\Windows\system32\FntCache.dll
2012-04-11 19:37:39: Display Name: @%systemroot%\system32\FntCache.dll,-100
2012-04-11 19:37:39: Description: @%systemroot%\system32\FntCache.dll,-101
2012-04-11 19:37:39: ServiceDLL: system32\FntCache.dll
2012-04-11 19:37:39: File size: 0
2012-04-11 19:37:39: DLL File name: FntCache.dll
2012-04-11 19:37:39: Original File Name: FontCacheService
2012-04-11 19:37:39: Company:
2012-04-11 19:37:39: Mod/Cre/Acc time:
2012-04-11 19:37:39: !!!!!!!!!
2012-04-11 19:37:39: ---------------------------------------------------------------------
2012-04-11 19:37:39: Found Service: gpsvc
2012-04-11 19:37:39: Real Path: C:\Windows\System32\gpsvc.dll
2012-04-11 19:37:39: Display Name: @gpapi.dll,-112
2012-04-11 19:37:39: Description: @gpapi.dll,-113
2012-04-11 19:37:39: ServiceDLL: System32\gpsvc.dll
2012-04-11 19:37:39: File size: 0
2012-04-11 19:37:39: DLL File name: gpsvc.dll
2012-04-11 19:37:39: Original File Name: gpsvc.dll.mui
2012-04-11 19:37:39: Company:
2012-04-11 19:37:39: Mod/Cre/Acc time:
2012-04-11 19:37:39: ---------------------------------------------------------------------
2012-04-11 19:37:39: Found Service: hidserv
2012-04-11 19:37:39: Real Path: C:\Windows\System32\hidserv.dll
2012-04-11 19:37:39: Display Name: @%SystemRoot%\System32\hidserv.dll,-101
2012-04-11 19:37:39: Description: @%SystemRoot%\System32\hidserv.dll,-102
2012-04-11 19:37:39: ServiceDLL: System32\hidserv.dll
2012-04-11 19:37:39: File size: 49152
2012-04-11 19:37:39: DLL File name: hidserv.dll
2012-04-11 19:37:39: Original File Name: HIDSERV.DLL.MUI
2012-04-11 19:37:39: Company:
2012-04-11 19:37:39: Mod/Cre/Acc time: 20090713201524 20090713185109 20120410192802
2012-04-11 19:37:39: ---------------------------------------------------------------------
2012-04-11 19:37:39: Found Service: hkmsvc
2012-04-11 19:37:39: Real Path: C:\Windows\system32\kmsvc.dll
2012-04-11 19:37:39: Display Name: @%SystemRoot%\system32\kmsvc.dll,-6
2012-04-11 19:37:39: Description: @%SystemRoot%\system32\kmsvc.dll,-7
2012-04-11 19:37:39: ServiceDLL: system32\kmsvc.dll
2012-04-11 19:37:39: File size: 0
2012-04-11 19:37:39: DLL File name: kmsvc.dll
2012-04-11 19:37:39: Original File Name: KmSvc.DLL.MUI
2012-04-11 19:37:39: Company:
2012-04-11 19:37:39: Mod/Cre/Acc time:
2012-04-11 19:37:39: ---------------------------------------------------------------------
2012-04-11 19:37:39: Found Service: HomeGroupListener
2012-04-11 19:37:39: Real Path: C:\Windows\system32\ListSvc.dll
2012-04-11 19:37:39: Display Name: @%SystemRoot%\System32\ListSvc.dll,-100
2012-04-11 19:37:39: Description: @%SystemRoot%\System32\ListSvc.dll,-101
2012-04-11 19:37:39: ServiceDLL: system32\ListSvc.dll
2012-04-11 19:37:39: File size: 0
2012-04-11 19:37:39: DLL File name: ListSvc.dll
2012-04-11 19:37:39: Original File Name: ListSvc.dll.mui
2012-04-11 19:37:39: Company:
2012-04-11 19:37:39: Mod/Cre/Acc time:
2012-04-11 19:37:40: ---------------------------------------------------------------------
2012-04-11 19:37:40: Found Service: HomeGroupProvider
2012-04-11 19:37:40: Real Path: C:\Windows\system32\provsvc.dll
2012-04-11 19:37:40: Display Name: @%SystemRoot%\System32\provsvc.dll,-100
2012-04-11 19:37:40: Description: @%SystemRoot%\System32\provsvc.dll,-101
2012-04-11 19:37:40: ServiceDLL: system32\provsvc.dll
2012-04-11 19:37:40: File size: 165376
2012-04-11 19:37:40: DLL File name: provsvc.dll
2012-04-11 19:37:40: Original File Name: provsvc.dll.mui
2012-04-11 19:37:40: Company:
2012-04-11 19:37:40: Mod/Cre/Acc time: 20101120222510 20101120222510 20120411121325
2012-04-11 19:37:40: ---------------------------------------------------------------------
2012-04-11 19:37:40: Found Service: IKEEXT
2012-04-11 19:37:40: Real Path: C:\Windows\System32\ikeext.dll
2012-04-11 19:37:40: Display Name: @%SystemRoot%\system32\ikeext.dll,-501
2012-04-11 19:37:40: Description: @%SystemRoot%\system32\ikeext.dll,-502
2012-04-11 19:37:40: ServiceDLL: System32\ikeext.dll
2012-04-11 19:37:40: File size: 0
2012-04-11 19:37:40: DLL File name: ikeext.dll
2012-04-11 19:37:40: Original File Name: IKEEXT.DLL.MUI
2012-04-11 19:37:40: Company:
2012-04-11 19:37:40: Mod/Cre/Acc time:
2012-04-11 19:37:40: ---------------------------------------------------------------------
2012-04-11 19:37:40: Found Service: IPBusEnum
2012-04-11 19:37:40: Real Path: C:\Windows\system32\ipbusenum.dll
2012-04-11 19:37:40: Display Name: @%systemroot%\system32\IPBusEnum.dll,-102
2012-04-11 19:37:40: Description: @%systemroot%\system32\IPBusEnum.dll,-103
2012-04-11 19:37:40: ServiceDLL: system32\ipbusenum.dll
2012-04-11 19:37:40: File size: 0
2012-04-11 19:37:40: DLL File name: ipbusenum.dll
2012-04-11 19:37:40: Original File Name: IPBusEnum.dll.mui
2012-04-11 19:37:40: Company:
2012-04-11 19:37:40: Mod/Cre/Acc time:
2012-04-11 19:37:40: ---------------------------------------------------------------------
2012-04-11 19:37:40: Found Service: iphlpsvc
2012-04-11 19:37:40: Real Path: C:\Windows\System32\iphlpsvc.dll
2012-04-11 19:37:40: Display Name: @%SystemRoot%\system32\iphlpsvc.dll,-500
2012-04-11 19:37:40: Description: @%SystemRoot%\system32\iphlpsvc.dll,-501
2012-04-11 19:37:40: ServiceDLL: System32\iphlpsvc.dll
2012-04-11 19:37:40: File size: 0
2012-04-11 19:37:40: DLL File name: iphlpsvc.dll
2012-04-11 19:37:40: Original File Name: iphlpsvc.dll.mui
2012-04-11 19:37:40: Company:
2012-04-11 19:37:40: Mod/Cre/Acc time:
2012-04-11 19:37:40: ---------------------------------------------------------------------
2012-04-11 19:37:40: Found Service: KtmRm
2012-04-11 19:37:40: Real Path: C:\Windows\system32\msdtckrm.dll
2012-04-11 19:37:40: Display Name: @comres.dll,-2946
2012-04-11 19:37:40: Description: @comres.dll,-2947
2012-04-11 19:37:40: ServiceDLL: system32\msdtckrm.dll
2012-04-11 19:37:40: File size: 0
2012-04-11 19:37:40: DLL File name: msdtckrm.dll
2012-04-11 19:37:40: Original File Name: MSDTCKRM.DLL
2012-04-11 19:37:40: Company:
2012-04-11 19:37:40: Mod/Cre/Acc time:
2012-04-11 19:37:40: ---------------------------------------------------------------------
2012-04-11 19:37:40: Found Service: LanmanServer
2012-04-11 19:37:40: Real Path: C:\Windows\System32\srvsvc.dll
2012-04-11 19:37:40: Display Name: @%systemroot%\system32\srvsvc.dll,-100
2012-04-11 19:37:40: Description: @%systemroot%\system32\srvsvc.dll,-101
2012-04-11 19:37:40: ServiceDLL: System32\srvsvc.dll
2012-04-11 19:37:40: File size: 0
2012-04-11 19:37:40: DLL File name: srvsvc.dll
2012-04-11 19:37:40: Original File Name: SRVSVC.DLL.MUI
2012-04-11 19:37:40: Company:
2012-04-11 19:37:40: Mod/Cre/Acc time:
2012-04-11 19:37:40: ---------------------------------------------------------------------
2012-04-11 19:37:40: Found Service: LanmanWorkstation
2012-04-11 19:37:40: Real Path: C:\Windows\System32\wkssvc.dll
2012-04-11 19:37:40: Display Name: @%systemroot%\system32\wkssvc.dll,-100
2012-04-11 19:37:40: Description: @%systemroot%\system32\wkssvc.dll,-101
2012-04-11 19:37:40: ServiceDLL: System32\wkssvc.dll
2012-04-11 19:37:40: File size: 0
2012-04-11 19:37:40: DLL File name: wkssvc.dll
2012-04-11 19:37:40: Original File Name: WKSSVC.DLL.MUI
2012-04-11 19:37:40: Company:
2012-04-11 19:37:40: Mod/Cre/Acc time:
2012-04-11 19:37:40: ---------------------------------------------------------------------
2012-04-11 19:37:40: Found Service: lltdsvc
2012-04-11 19:37:40: Real Path: C:\Windows\System32\lltdsvc.dll
2012-04-11 19:37:40: Display Name: @%SystemRoot%\system32\lltdres.dll,-1
2012-04-11 19:37:40: Description: @%SystemRoot%\system32\lltdres.dll,-2
2012-04-11 19:37:40: ServiceDLL: System32\lltdsvc.dll
2012-04-11 19:37:40: File size: 0
2012-04-11 19:37:40: DLL File name: lltdsvc.dll
2012-04-11 19:37:40: Original File Name: LLTDSVC.DLL
2012-04-11 19:37:40: Company:
2012-04-11 19:37:40: Mod/Cre/Acc time:
2012-04-11 19:37:40: ---------------------------------------------------------------------
2012-04-11 19:37:40: Found Service: lmhosts
2012-04-11 19:37:40: Real Path: C:\Windows\System32\lmhsvc.dll
2012-04-11 19:37:40: Display Name: @%SystemRoot%\system32\lmhsvc.dll,-101
2012-04-11 19:37:40: Description: @%SystemRoot%\system32\lmhsvc.dll,-102
2012-04-11 19:37:40: ServiceDLL: System32\lmhsvc.dll
2012-04-11 19:37:40: File size: 0
2012-04-11 19:37:40: DLL File name: lmhsvc.dll
2012-04-11 19:37:40: Original File Name: lmhsvc.dll.mui
2012-04-11 19:37:40: Company:
2012-04-11 19:37:40: Mod/Cre/Acc time:
2012-04-11 19:37:40: ---------------------------------------------------------------------
2012-04-11 19:37:41: Found Service: Mcx2Svc
2012-04-11 19:37:41: Real Path: C:\Windows\system32\Mcx2Svc.dll
2012-04-11 19:37:41: Display Name: @%SystemRoot%\ehome\ehres.dll,-15501
2012-04-11 19:37:41: Description: @%SystemRoot%\ehome\ehres.dll,-15502
2012-04-11 19:37:41: ServiceDLL: system32\Mcx2Svc.dll
2012-04-11 19:37:41: File size: 0
2012-04-11 19:37:41: DLL File name: Mcx2Svc.dll
2012-04-11 19:37:41: Original File Name: Mcx2Svc.dll
2012-04-11 19:37:41: Company:
2012-04-11 19:37:41: Mod/Cre/Acc time:
2012-04-11 19:37:41: ---------------------------------------------------------------------
2012-04-11 19:37:41: Found Service: MMCSS
2012-04-11 19:37:41: Real Path: C:\Windows\system32\mmcss.dll
2012-04-11 19:37:41: Display Name: @%systemroot%\system32\mmcss.dll,-100
2012-04-11 19:37:41: Description: @%systemroot%\system32\mmcss.dll,-101
2012-04-11 19:37:41: ServiceDLL: system32\mmcss.dll
2012-04-11 19:37:41: File size: 0
2012-04-11 19:37:41: DLL File name: mmcss.dll
2012-04-11 19:37:41: Original File Name: mmcss.dll.mui
2012-04-11 19:37:41: Company:
2012-04-11 19:37:41: Mod/Cre/Acc time:
2012-04-11 19:37:41: ---------------------------------------------------------------------
2012-04-11 19:37:41: Found Service: MpsSvc
2012-04-11 19:37:41: Real Path: C:\Windows\system32\mpssvc.dll
2012-04-11 19:37:41: Display Name: @%SystemRoot%\system32\FirewallAPI.dll,-23090
2012-04-11 19:37:41: Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
2012-04-11 19:37:41: ServiceDLL: system32\mpssvc.dll
2012-04-11 19:37:41: File size: 0
2012-04-11 19:37:41: DLL File name: mpssvc.dll
2012-04-11 19:37:41: Original File Name: mpssvc.dll.mui
2012-04-11 19:37:41: Company:
2012-04-11 19:37:41: Mod/Cre/Acc time:
2012-04-11 19:37:41: ---------------------------------------------------------------------
2012-04-11 19:37:41: Found Service: MSiSCSI
2012-04-11 19:37:41: Real Path: C:\Windows\system32\iscsiexe.dll
2012-04-11 19:37:41: Display Name: @%SystemRoot%\system32\iscsidsc.dll,-5000
2012-04-11 19:37:41: Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
2012-04-11 19:37:41: ServiceDLL: system32\iscsiexe.dll
2012-04-11 19:37:41: File size: 0
2012-04-11 19:37:41: DLL File name: iscsiexe.dll
2012-04-11 19:37:41: Original File Name: iscsiexe.exe.mui
2012-04-11 19:37:41: Company:
2012-04-11 19:37:41: Mod/Cre/Acc time:
2012-04-11 19:37:41: ---------------------------------------------------------------------
2012-04-11 19:37:41: Found Service: napagent
2012-04-11 19:37:41: Real Path: C:\Windows\system32\qagentRT.dll
2012-04-11 19:37:41: Display Name: @%SystemRoot%\system32\qagentrt.dll,-6
2012-04-11 19:37:41: Description: @%SystemRoot%\system32\qagentrt.dll,-7
2012-04-11 19:37:41: ServiceDLL: system32\qagentRT.dll
2012-04-11 19:37:41: File size: 0
2012-04-11 19:37:41: DLL File name: qagentRT.dll
2012-04-11 19:37:41: Original File Name: QAgentRT.DLL.MUI
2012-04-11 19:37:41: Company:
2012-04-11 19:37:41: Mod/Cre/Acc time:
2012-04-11 19:37:41: !!!!!!!
2012-04-11 19:37:41: Found Service: Net Driver HPZ12
2012-04-11 19:37:41: Real Path: C:\Windows\system32\HPZinw12.dll
2012-04-11 19:37:41: Display Name:
2012-04-11 19:37:41: Description:
2012-04-11 19:37:41: ServiceDLL: system32\HPZinw12.dll
2012-04-11 19:37:41: File size: 0
2012-04-11 19:37:41: DLL File name: HPZinw12.dll
2012-04-11 19:37:41: Original File Name: Dot4Net.DLL
2012-04-11 19:37:41: Company:
2012-04-11 19:37:41: Mod/Cre/Acc time:
2012-04-11 19:37:41: !!!!!!!!!
2012-04-11 19:37:41: ---------------------------------------------------------------------
2012-04-11 19:37:41: Found Service: Netman
2012-04-11 19:37:41: Real Path: C:\Windows\System32\netman.dll
2012-04-11 19:37:41: Display Name: @%SystemRoot%\system32\netman.dll,-109
2012-04-11 19:37:41: Description: @%SystemRoot%\system32\netman.dll,-110
2012-04-11 19:37:41: ServiceDLL: System32\netman.dll
2012-04-11 19:37:41: File size: 0
2012-04-11 19:37:41: DLL File name: netman.dll
2012-04-11 19:37:41: Original File Name: netman.dll.mui
2012-04-11 19:37:41: Company:
2012-04-11 19:37:41: Mod/Cre/Acc time:
2012-04-11 19:37:41: ---------------------------------------------------------------------
2012-04-11 19:37:41: Found Service: netprofm
2012-04-11 19:37:41: Real Path: C:\Windows\System32\netprofm.dll
2012-04-11 19:37:41: Display Name: @%SystemRoot%\system32\netprofm.dll,-202
2012-04-11 19:37:41: Description: @%SystemRoot%\system32\netprofm.dll,-203
2012-04-11 19:37:41: ServiceDLL: System32\netprofm.dll
2012-04-11 19:37:41: File size: 360448
2012-04-11 19:37:41: DLL File name: netprofm.dll
2012-04-11 19:37:41: Original File Name: netprofm.dll.mui
2012-04-11 19:37:41: Company:
2012-04-11 19:37:41: Mod/Cre/Acc time: 20090713201603 20090713185658 20120411190538
2012-04-11 19:37:41: ---------------------------------------------------------------------
2012-04-11 19:37:41: Found Service: NlaSvc
2012-04-11 19:37:41: Real Path: C:\Windows\System32\nlasvc.dll
2012-04-11 19:37:41: Display Name: @%SystemRoot%\System32\nlasvc.dll,-1
2012-04-11 19:37:41: Description: @%SystemRoot%\System32\nlasvc.dll,-2
2012-04-11 19:37:41: ServiceDLL: System32\nlasvc.dll
2012-04-11 19:37:41: File size: 0
2012-04-11 19:37:41: DLL File name: nlasvc.dll
2012-04-11 19:37:41: Original File Name: nlasvc.dll.mui
2012-04-11 19:37:41: Company:
2012-04-11 19:37:41: Mod/Cre/Acc time:
2012-04-11 19:37:41: ---------------------------------------------------------------------
2012-04-11 19:37:41: Found Service: nsi
2012-04-11 19:37:41: Real Path: C:\Windows\system32\nsisvc.dll
2012-04-11 19:37:41: Display Name: @%SystemRoot%\system32\nsisvc.dll,-200
2012-04-11 19:37:41: Description: @%SystemRoot%\system32\nsisvc.dll,-201
2012-04-11 19:37:41: ServiceDLL: system32\nsisvc.dll
2012-04-11 19:37:41: File size: 0
2012-04-11 19:37:41: DLL File name: nsisvc.dll
2012-04-11 19:37:41: Original File Name: nsisvc.dll.mui
2012-04-11 19:37:41: Company:
2012-04-11 19:37:41: Mod/Cre/Acc time:
2012-04-11 19:37:41: ---------------------------------------------------------------------
2012-04-11 19:37:41: Found Service: p2pimsvc
2012-04-11 19:37:41: Real Path: C:\Windows\system32\pnrpsvc.dll
2012-04-11 19:37:41: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8004
2012-04-11 19:37:41: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005
2012-04-11 19:37:41: ServiceDLL: system32\pnrpsvc.dll
2012-04-11 19:37:41: File size: 0
2012-04-11 19:37:41: DLL File name: pnrpsvc.dll
2012-04-11 19:37:41: Original File Name: pnrpsvc.dll.mui
2012-04-11 19:37:41: Company:
2012-04-11 19:37:41: Mod/Cre/Acc time:
2012-04-11 19:37:42: ---------------------------------------------------------------------
2012-04-11 19:37:42: Found Service: p2psvc
2012-04-11 19:37:42: Real Path: C:\Windows\system32\p2psvc.dll
2012-04-11 19:37:42: Display Name: @%SystemRoot%\system32\p2psvc.dll,-8006
2012-04-11 19:37:42: Description: @%SystemRoot%\system32\p2psvc.dll,-8007
2012-04-11 19:37:42: ServiceDLL: system32\p2psvc.dll
2012-04-11 19:37:42: File size: 0
2012-04-11 19:37:42: DLL File name: p2psvc.dll
2012-04-11 19:37:42: Original File Name: p2psvc.dll.mui
2012-04-11 19:37:42: Company:
2012-04-11 19:37:42: Mod/Cre/Acc time:
2012-04-11 19:37:42: !!!!!!!
2012-04-11 19:37:42: Found Service: PcaSvc
2012-04-11 19:37:42: Real Path: C:\Windows\System32\pcasvc.dll
2012-04-11 19:37:42: Display Name: @%SystemRoot%\system32\pcasvc.dll,-1
2012-04-11 19:37:42: Description: @%SystemRoot%\system32\pcasvc.dll,-2
2012-04-11 19:37:42: ServiceDLL: System32\pcasvc.dll
2012-04-11 19:37:42: File size: 0
2012-04-11 19:37:42: DLL File name: pcasvc.dll
2012-04-11 19:37:42: Original File Name:
2012-04-11 19:37:42: Company:
2012-04-11 19:37:42: Mod/Cre/Acc time:
2012-04-11 19:37:42: !!!!!!!!!
2012-04-11 19:37:42: ---------------------------------------------------------------------
2012-04-11 19:37:42: Found Service: pla
2012-04-11 19:37:42: Real Path: C:\Windows\system32\pla.dll
2012-04-11 19:37:42: Display Name: @%systemroot%\system32\pla.dll,-500
2012-04-11 19:37:42: Description: @%systemroot%\system32\pla.dll,-501
2012-04-11 19:37:42: ServiceDLL: system32\pla.dll
2012-04-11 19:37:42: File size: 1508864
2012-04-11 19:37:42: DLL File name: pla.dll
2012-04-11 19:37:42: Original File Name: PLA.DLL.MUI
2012-04-11 19:37:42: Company:
2012-04-11 19:37:42: Mod/Cre/Acc time: 20101120222408 20101120222408 20120410192802
2012-04-11 19:37:42: ---------------------------------------------------------------------
2012-04-11 19:37:42: Found Service: PlugPlay
2012-04-11 19:37:42: Real Path: C:\Windows\system32\umpnpmgr.dll
2012-04-11 19:37:42: Display Name: @%SystemRoot%\system32\umpnpmgr.dll,-100
2012-04-11 19:37:42: Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
2012-04-11 19:37:42: ServiceDLL: system32\umpnpmgr.dll
2012-04-11 19:37:42: File size: 0
2012-04-11 19:37:42: DLL File name: umpnpmgr.dll
2012-04-11 19:37:42: Original File Name: Umpnpmgr.DLL.MUI
2012-04-11 19:37:42: Company:
2012-04-11 19:37:42: Mod/Cre/Acc time:
2012-04-11 19:37:42: !!!!!!!
2012-04-11 19:37:42: Found Service: Pml Driver HPZ12
2012-04-11 19:37:42: Real Path: C:\Windows\system32\HPZipm12.dll
2012-04-11 19:37:42: Display Name:
2012-04-11 19:37:42: Description:
2012-04-11 19:37:42: ServiceDLL: system32\HPZipm12.dll
2012-04-11 19:37:42: File size: 0
2012-04-11 19:37:42: DLL File name: HPZipm12.dll
2012-04-11 19:37:42: Original File Name: PmlDrv.DLL
2012-04-11 19:37:42: Company:
2012-04-11 19:37:42: Mod/Cre/Acc time:
2012-04-11 19:37:42: !!!!!!!!!
2012-04-11 19:37:42: ---------------------------------------------------------------------
2012-04-11 19:37:42: Found Service: PNRPAutoReg
2012-04-11 19:37:42: Real Path: C:\Windows\system32\pnrpauto.dll
2012-04-11 19:37:42: Display Name: @%SystemRoot%\system32\pnrpauto.dll,-8002
2012-04-11 19:37:42: Description: @%SystemRoot%\system32\pnrpauto.dll,-8003
2012-04-11 19:37:42: ServiceDLL: system32\pnrpauto.dll
2012-04-11 19:37:42: File size: 0
2012-04-11 19:37:42: DLL File name: pnrpauto.dll
2012-04-11 19:37:42: Original File Name: pnrpauto.dll.mui
2012-04-11 19:37:42: Company:
2012-04-11 19:37:42: Mod/Cre/Acc time:
2012-04-11 19:37:42: ---------------------------------------------------------------------
2012-04-11 19:37:42: Found Service: PNRPsvc
2012-04-11 19:37:42: Real Path: C:\Windows\system32\pnrpsvc.dll
2012-04-11 19:37:42: Display Name: @%SystemRoot%\system32\pnrpsvc.dll,-8000
2012-04-11 19:37:42: Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001
2012-04-11 19:37:42: ServiceDLL: system32\pnrpsvc.dll
2012-04-11 19:37:42: File size: 0
2012-04-11 19:37:42: DLL File name: pnrpsvc.dll
2012-04-11 19:37:42: Original File Name: pnrpsvc.dll.mui
2012-04-11 19:37:42: Company:
2012-04-11 19:37:42: Mod/Cre/Acc time:
2012-04-11 19:37:42: ---------------------------------------------------------------------
2012-04-11 19:37:42: Found Service: PolicyAgent
2012-04-11 19:37:42: Real Path: C:\Windows\System32\ipsecsvc.dll
2012-04-11 19:37:42: Display Name: @%SystemRoot%\System32\polstore.dll,-5010
2012-04-11 19:37:42: Description: @%SystemRoot%\system32\polstore.dll,-5011
2012-04-11 19:37:42: ServiceDLL: System32\ipsecsvc.dll
2012-04-11 19:37:42: File size: 0
2012-04-11 19:37:42: DLL File name: ipsecsvc.dll
2012-04-11 19:37:42: Original File Name: ipsecsvc.dll.mui
2012-04-11 19:37:42: Company:
2012-04-11 19:37:42: Mod/Cre/Acc time:
2012-04-11 19:37:42: ---------------------------------------------------------------------
2012-04-11 19:37:42: Found Service: Power
2012-04-11 19:37:42: Real Path: C:\Windows\system32\umpo.dll
2012-04-11 19:37:42: Display Name: @%SystemRoot%\system32\umpo.dll,-100
2012-04-11 19:37:42: Description: @%SystemRoot%\system32\umpo.dll,-101
2012-04-11 19:37:42: ServiceDLL: system32\umpo.dll
2012-04-11 19:37:42: File size: 0
2012-04-11 19:37:42: DLL File name: umpo.dll
2012-04-11 19:37:42: Original File Name: Umpo.DLL.MUI
2012-04-11 19:37:42: Company:
2012-04-11 19:37:42: Mod/Cre/Acc time:
2012-04-11 19:37:42: ---------------------------------------------------------------------
2012-04-11 19:37:42: Found Service: ProfSvc
2012-04-11 19:37:42: Real Path: C:\Windows\system32\profsvc.dll
2012-04-11 19:37:42: Display Name: @%systemroot%\system32\profsvc.dll,-300
2012-04-11 19:37:42: Description: @%systemroot%\system32\profsvc.dll,-301
2012-04-11 19:37:42: ServiceDLL: system32\profsvc.dll
2012-04-11 19:37:42: File size: 0
2012-04-11 19:37:42: DLL File name: profsvc.dll
2012-04-11 19:37:42: Original File Name: ProfSvc.dll.mui
2012-04-11 19:37:42: Company:
2012-04-11 19:37:42: Mod/Cre/Acc time:
2012-04-11 19:37:43: ---------------------------------------------------------------------
2012-04-11 19:37:43: Found Service: QWAVE
2012-04-11 19:37:43: Real Path: C:\Windows\system32\qwave.dll
2012-04-11 19:37:43: Display Name: @%SystemRoot%\system32\qwave.dll,-1
2012-04-11 19:37:43: Description: @%SystemRoot%\system32\qwave.dll,-2
2012-04-11 19:37:43: ServiceDLL: system32\qwave.dll
2012-04-11 19:37:43: File size: 210944
2012-04-11 19:37:43: DLL File name: qwave.dll
2012-04-11 19:37:43: Original File Name: qwave.dll.mui
2012-04-11 19:37:43: Company:
2012-04-11 19:37:43: Mod/Cre/Acc time: 20090713201612 20090713185415 20120410192802
2012-04-11 19:37:43: ---------------------------------------------------------------------
2012-04-11 19:37:43: Found Service: RasAuto
2012-04-11 19:37:43: Real Path: C:\Windows\System32\rasauto.dll
2012-04-11 19:37:43: Display Name: @%Systemroot%\system32\rasauto.dll,-200
2012-04-11 19:37:43: Description: @%Systemroot%\system32\rasauto.dll,-201
2012-04-11 19:37:43: ServiceDLL: System32\rasauto.dll
2012-04-11 19:37:43: File size: 0
2012-04-11 19:37:43: DLL File name: rasauto.dll
2012-04-11 19:37:43: Original File Name: rasauto.dll.mui
2012-04-11 19:37:43: Company:
2012-04-11 19:37:43: Mod/Cre/Acc time:
2012-04-11 19:37:43: ---------------------------------------------------------------------
2012-04-11 19:37:43: Found Service: RasMan
2012-04-11 19:37:43: Real Path: C:\Windows\System32\rasmans.dll
2012-04-11 19:37:43: Display Name: @%Systemroot%\system32\rasmans.dll,-200
2012-04-11 19:37:43: Description: @%Systemroot%\system32\rasmans.dll,-201
2012-04-11 19:37:43: ServiceDLL: System32\rasmans.dll
2012-04-11 19:37:43: File size: 0
2012-04-11 19:37:43: DLL File name: rasmans.dll
2012-04-11 19:37:43: Original File Name: Rasmans.dll.mui
2012-04-11 19:37:43: Company:
2012-04-11 19:37:43: Mod/Cre/Acc time:
2012-04-11 19:37:43: ---------------------------------------------------------------------
2012-04-11 19:37:43: Found Service: RemoteAccess
2012-04-11 19:37:43: Real Path: C:\Windows\System32\mprdim.dll
2012-04-11 19:37:43: Display Name: @%Systemroot%\system32\mprdim.dll,-200
2012-04-11 19:37:43: Description: @%Systemroot%\system32\mprdim.dll,-201
2012-04-11 19:37:43: ServiceDLL: System32\mprdim.dll
2012-04-11 19:37:43: File size: 75264
2012-04-11 19:37:43: DLL File name: mprdim.dll
2012-04-11 19:37:43: Original File Name: MPRDIM.DLL.MUI
2012-04-11 19:37:43: Company:
2012-04-11 19:37:43: Mod/Cre/Acc time: 20090713201541 20090713185426 20120410192802
2012-04-11 19:37:43: ---------------------------------------------------------------------
2012-04-11 19:37:43: Found Service: RemoteRegistry
2012-04-11 19:37:43: Real Path: C:\Windows\system32\regsvc.dll
2012-04-11 19:37:43: Display Name: @regsvc.dll,-1
2012-04-11 19:37:43: Description: @regsvc.dll,-2
2012-04-11 19:37:43: ServiceDLL: system32\regsvc.dll
2012-04-11 19:37:43: File size: 0
2012-04-11 19:37:43: DLL File name: regsvc.dll
2012-04-11 19:37:43: Original File Name: REGSVC.DLL.MUI
2012-04-11 19:37:43: Company:
2012-04-11 19:37:43: Mod/Cre/Acc time:
2012-04-11 19:37:43: ---------------------------------------------------------------------
2012-04-11 19:37:43: Found Service: RpcEptMapper
2012-04-11 19:37:43: Real Path: C:\Windows\System32\RpcEpMap.dll
2012-04-11 19:37:43: Display Name: @%windir%\system32\RpcEpMap.dll,-1001
2012-04-11 19:37:43: Description: @%windir%\system32\RpcEpMap.dll,-1002
2012-04-11 19:37:43: ServiceDLL: System32\RpcEpMap.dll
2012-04-11 19:37:43: File size: 0
2012-04-11 19:37:43: DLL File name: RpcEpMap.dll
2012-04-11 19:37:43: Original File Name: RpcEpMap.dll.mui
2012-04-11 19:37:43: Company:
2012-04-11 19:37:43: Mod/Cre/Acc time:
2012-04-11 19:37:43: ---------------------------------------------------------------------
2012-04-11 19:37:43: Found Service: RpcSs
2012-04-11 19:37:43: Real Path: C:\Windows\system32\rpcss.dll
2012-04-11 19:37:43: Display Name: @oleres.dll,-5010
2012-04-11 19:37:43: Description: @oleres.dll,-5011
2012-04-11 19:37:43: ServiceDLL: system32\rpcss.dll
2012-04-11 19:37:43: File size: 0
2012-04-11 19:37:43: DLL File name: rpcss.dll
2012-04-11 19:37:43: Original File Name: rpcss.dll
2012-04-11 19:37:43: Company:
2012-04-11 19:37:43: Mod/Cre/Acc time:
2012-04-11 19:37:43: ---------------------------------------------------------------------
2012-04-11 19:37:43: Found Service: SCardSvr
2012-04-11 19:37:43: Real Path: C:\Windows\System32\SCardSvr.dll
2012-04-11 19:37:43: Display Name: @%SystemRoot%\System32\SCardSvr.dll,-1
2012-04-11 19:37:43: Description: @%SystemRoot%\System32\SCardSvr.dll,-5
2012-04-11 19:37:43: ServiceDLL: System32\SCardSvr.dll
2012-04-11 19:37:43: File size: 0
2012-04-11 19:37:43: DLL File name: SCardSvr.dll
2012-04-11 19:37:43: Original File Name: SCardSvr.exe.mui
2012-04-11 19:37:43: Company:
2012-04-11 19:37:43: Mod/Cre/Acc time:
2012-04-11 19:37:43: ---------------------------------------------------------------------
2012-04-11 19:37:43: Found Service: Schedule
2012-04-11 19:37:43: Real Path: C:\Windows\system32\schedsvc.dll
2012-04-11 19:37:43: Display Name: @%SystemRoot%\system32\schedsvc.dll,-100
2012-04-11 19:37:43: Description: @%SystemRoot%\system32\schedsvc.dll,-101
2012-04-11 19:37:43: ServiceDLL: system32\schedsvc.dll
2012-04-11 19:37:43: File size: 0
2012-04-11 19:37:43: DLL File name: schedsvc.dll
2012-04-11 19:37:43: Original File Name: schedsvc.dll.mui
2012-04-11 19:37:43: Company:
2012-04-11 19:37:43: Mod/Cre/Acc time:
2012-04-11 19:37:44: ---------------------------------------------------------------------
2012-04-11 19:37:44: Found Service: SCPolicySvc
2012-04-11 19:37:44: Real Path: C:\Windows\System32\certprop.dll
2012-04-11 19:37:44: Display Name: @%SystemRoot%\System32\certprop.dll,-13
2012-04-11 19:37:44: Description: @%SystemRoot%\System32\certprop.dll,-14
2012-04-11 19:37:44: ServiceDLL: System32\certprop.dll
2012-04-11 19:37:44: File size: 0
2012-04-11 19:37:44: DLL File name: certprop.dll
2012-04-11 19:37:44: Original File Name: certprop.dll.mui
2012-04-11 19:37:44: Company:
2012-04-11 19:37:44: Mod/Cre/Acc time:
2012-04-11 19:37:44: ---------------------------------------------------------------------
2012-04-11 19:37:44: Found Service: SDRSVC
2012-04-11 19:37:44: Real Path: C:\Windows\System32\SDRSVC.dll
2012-04-11 19:37:44: Display Name: @%SystemRoot%\system32\sdrsvc.dll,-107
2012-04-11 19:37:44: Description: @%SystemRoot%\system32\sdrsvc.dll,-102
2012-04-11 19:37:44: ServiceDLL: System32\SDRSVC.dll
2012-04-11 19:37:44: File size: 0
2012-04-11 19:37:44: DLL File name: SDRSVC.dll
2012-04-11 19:37:44: Original File Name: SDRSVC.DLL.MUI
2012-04-11 19:37:44: Company:
2012-04-11 19:37:44: Mod/Cre/Acc time:
2012-04-11 19:37:44: ---------------------------------------------------------------------
2012-04-11 19:37:44: Found Service: seclogon
2012-04-11 19:37:44: Real Path: C:\Windows\system32\seclogon.dll
2012-04-11 19:37:44: Display Name: @%SystemRoot%\system32\seclogon.dll,-7001
2012-04-11 19:37:44: Description: @%SystemRoot%\system32\seclogon.dll,-7000
2012-04-11 19:37:44: ServiceDLL: system32\seclogon.dll
2012-04-11 19:37:44: File size: 0
2012-04-11 19:37:44: DLL File name: seclogon.dll
2012-04-11 19:37:44: Original File Name: SECLOGON.EXE.MUI
2012-04-11 19:37:44: Company:
2012-04-11 19:37:44: Mod/Cre/Acc time:
2012-04-11 19:37:44: ---------------------------------------------------------------------
2012-04-11 19:37:44: Found Service: SENS
2012-04-11 19:37:44: Real Path: C:\Windows\system32\sens.dll
2012-04-11 19:37:44: Display Name: @%SystemRoot%\system32\Sens.dll,-200
2012-04-11 19:37:44: Description: @%SystemRoot%\system32\Sens.dll,-201
2012-04-11 19:37:44: ServiceDLL: system32\sens.dll
2012-04-11 19:37:44: File size: 49664
2012-04-11 19:37:44: DLL File name: sens.dll
2012-04-11 19:37:44: Original File Name: sens.dll.mui
2012-04-11 19:37:44: Company:
2012-04-11 19:37:44: Mod/Cre/Acc time: 20090713201613 20090713182158 20120411174258
2012-04-11 19:37:44: ---------------------------------------------------------------------
2012-04-11 19:37:44: Found Service: SensrSvc
2012-04-11 19:37:44: Real Path: C:\Windows\system32\sensrsvc.dll
2012-04-11 19:37:44: Display Name: @%SystemRoot%\System32\sensrsvc.dll,-1000
2012-04-11 19:37:44: Description: @%SystemRoot%\System32\sensrsvc.dll,-1001
2012-04-11 19:37:44: ServiceDLL: system32\sensrsvc.dll
2012-04-11 19:37:44: File size: 0
2012-04-11 19:37:44: DLL File name: sensrsvc.dll
2012-04-11 19:37:44: Original File Name: sensrsvc.dll.mui
2012-04-11 19:37:44: Company:
2012-04-11 19:37:44: Mod/Cre/Acc time:
2012-04-11 19:37:44: ---------------------------------------------------------------------
2012-04-11 19:37:44: Found Service: SessionEnv
2012-04-11 19:37:44: Real Path: C:\Windows\system32\sessenv.dll
2012-04-11 19:37:44: Display Name: @%SystemRoot%\System32\SessEnv.dll,-1026
2012-04-11 19:37:44: Description: @%SystemRoot%\System32\SessEnv.dll,-1027
2012-04-11 19:37:44: ServiceDLL: system32\sessenv.dll
2012-04-11 19:37:44: File size: 113664
2012-04-11 19:37:44: DLL File name: sessenv.dll
2012-04-11 19:37:44: Original File Name: SessEnv.DLL.MUI
2012-04-11 19:37:44: Company:
2012-04-11 19:37:44: Mod/Cre/Acc time: 20101120222355 20101120222355 20120410192802
2012-04-11 19:37:44: ---------------------------------------------------------------------
2012-04-11 19:37:44: Found Service: SharedAccess
2012-04-11 19:37:44: Real Path: C:\Windows\System32\ipnathlp.dll
2012-04-11 19:37:44: Display Name: @%SystemRoot%\system32\ipnathlp.dll,-106
2012-04-11 19:37:44: Description: @%SystemRoot%\system32\ipnathlp.dll,-107
2012-04-11 19:37:44: ServiceDLL: System32\ipnathlp.dll
2012-04-11 19:37:44: File size: 0
2012-04-11 19:37:44: DLL File name: ipnathlp.dll
2012-04-11 19:37:44: Original File Name: IPNATHLP.DLL.MUI
2012-04-11 19:37:44: Company:
2012-04-11 19:37:44: Mod/Cre/Acc time:
2012-04-11 19:37:44: ---------------------------------------------------------------------
2012-04-11 19:37:44: Found Service: ShellHWDetection
2012-04-11 19:37:44: Real Path: C:\Windows\System32\shsvcs.dll
2012-04-11 19:37:44: Display Name: @%SystemRoot%\System32\shsvcs.dll,-12288
2012-04-11 19:37:44: Description: @%SystemRoot%\System32\shsvcs.dll,-12289
2012-04-11 19:37:44: ServiceDLL: System32\shsvcs.dll
2012-04-11 19:37:44: File size: 328192
2012-04-11 19:37:44: DLL File name: shsvcs.dll
2012-04-11 19:37:44: Original File Name: SHSVCS.DLL.MUI
2012-04-11 19:37:44: Company:
2012-04-11 19:37:44: Mod/Cre/Acc time: 20101120222403 20101120222403 20120411121445
2012-04-11 19:37:45: ---------------------------------------------------------------------
2012-04-11 19:37:45: Found Service: sppuinotify
2012-04-11 19:37:45: Real Path: C:\Windows\system32\sppuinotify.dll
2012-04-11 19:37:45: Display Name: @%SystemRoot%\system32\sppuinotify.dll,-103
2012-04-11 19:37:45: Description: @%SystemRoot%\system32\sppuinotify.dll,-102
2012-04-11 19:37:45: ServiceDLL: system32\sppuinotify.dll
2012-04-11 19:37:45: File size: 0
2012-04-11 19:37:45: DLL File name: sppuinotify.dll
2012-04-11 19:37:45: Original File Name: sppuinotify.dll.mui
2012-04-11 19:37:45: Company:
2012-04-11 19:37:45: Mod/Cre/Acc time:
2012-04-11 19:37:45: ---------------------------------------------------------------------
2012-04-11 19:37:45: Found Service: SSDPSRV
2012-04-11 19:37:45: Real Path: C:\Windows\System32\ssdpsrv.dll
2012-04-11 19:37:45: Display Name: @%systemroot%\system32\ssdpsrv.dll,-100
2012-04-11 19:37:45: Description: @%systemroot%\system32\ssdpsrv.dll,-101
2012-04-11 19:37:45: ServiceDLL: System32\ssdpsrv.dll
2012-04-11 19:37:45: File size: 0
2012-04-11 19:37:45: DLL File name: ssdpsrv.dll
2012-04-11 19:37:45: Original File Name: ssdpsrv.dll.mui
2012-04-11 19:37:45: Company:
2012-04-11 19:37:45: Mod/Cre/Acc time:
2012-04-11 19:37:45: ---------------------------------------------------------------------
2012-04-11 19:37:45: Found Service: SstpSvc
2012-04-11 19:37:45: Real Path: C:\Windows\system32\sstpsvc.dll
2012-04-11 19:37:45: Display Name: @%SystemRoot%\system32\sstpsvc.dll,-200
2012-04-11 19:37:45: Description: @%SystemRoot%\system32\sstpsvc.dll,-201
2012-04-11 19:37:45: ServiceDLL: system32\sstpsvc.dll
2012-04-11 19:37:45: File size: 0
2012-04-11 19:37:45: DLL File name: sstpsvc.dll
2012-04-11 19:37:45: Original File Name: sstpsvc.dll.mui
2012-04-11 19:37:45: Company:
2012-04-11 19:37:45: Mod/Cre/Acc time:
2012-04-11 19:37:45: ---------------------------------------------------------------------
2012-04-11 19:37:45: Found Service: stisvc
2012-04-11 19:37:45: Real Path: C:\Windows\System32\wiaservc.dll
2012-04-11 19:37:45: Display Name: @%SystemRoot%\system32\wiaservc.dll,-9
2012-04-11 19:37:45: Description: @%SystemRoot%\system32\wiaservc.dll,-10
2012-04-11 19:37:45: ServiceDLL: System32\wiaservc.dll
2012-04-11 19:37:45: File size: 0
2012-04-11 19:37:45: DLL File name: wiaservc.dll
2012-04-11 19:37:45: Original File Name: WIASERVC.DLL.MUI
2012-04-11 19:37:45: Company:
2012-04-11 19:37:45: Mod/Cre/Acc time:
2012-04-11 19:37:45: ---------------------------------------------------------------------
2012-04-11 19:37:45: Found Service: swprv
2012-04-11 19:37:45: Real Path: C:\Windows\System32\swprv.dll
2012-04-11 19:37:45: Display Name: @%SystemRoot%\System32\swprv.dll,-103
2012-04-11 19:37:45: Description: @%SystemRoot%\System32\swprv.dll,-102
2012-04-11 19:37:45: ServiceDLL: System32\swprv.dll
2012-04-11 19:37:45: File size: 0
2012-04-11 19:37:45: DLL File name: swprv.dll
2012-04-11 19:37:45: Original File Name: SWPRV.DLL.MUI
2012-04-11 19:37:45: Company:
2012-04-11 19:37:45: Mod/Cre/Acc time:
2012-04-11 19:37:45: ---------------------------------------------------------------------
2012-04-11 19:37:45: Found Service: SysMain
2012-04-11 19:37:45: Real Path: C:\Windows\system32\sysmain.dll
2012-04-11 19:37:45: Display Name: @%SystemRoot%\system32\sysmain.dll,-1000
2012-04-11 19:37:45: Description: @%SystemRoot%\system32\sysmain.dll,-1001
2012-04-11 19:37:45: ServiceDLL: system32\sysmain.dll
2012-04-11 19:37:45: File size: 0
2012-04-11 19:37:45: DLL File name: sysmain.dll
2012-04-11 19:37:45: Original File Name: sysmain.dll.mui
2012-04-11 19:37:45: Company:
2012-04-11 19:37:45: Mod/Cre/Acc time:
2012-04-11 19:37:45: ---------------------------------------------------------------------
2012-04-11 19:37:45: Found Service: TabletInputService
2012-04-11 19:37:45: Real Path: C:\Windows\System32\TabSvc.dll
2012-04-11 19:37:45: Display Name: @%SystemRoot%\system32\TabSvc.dll,-100
2012-04-11 19:37:45: Description: @%SystemRoot%\system32\TabSvc.dll,-101
2012-04-11 19:37:45: ServiceDLL: System32\TabSvc.dll
2012-04-11 19:37:45: File size: 0
2012-04-11 19:37:45: DLL File name: TabSvc.dll
2012-04-11 19:37:45: Original File Name: TabSvc.dll.mui
2012-04-11 19:37:45: Company:
2012-04-11 19:37:45: Mod/Cre/Acc time:
2012-04-11 19:37:45: ---------------------------------------------------------------------
2012-04-11 19:37:45: Found Service: TapiSrv
2012-04-11 19:37:45: Real Path: C:\Windows\System32\tapisrv.dll
2012-04-11 19:37:45: Display Name: @%SystemRoot%\system32\tapisrv.dll,-10100
2012-04-11 19:37:45: Description: @%SystemRoot%\system32\tapisrv.dll,-10101
2012-04-11 19:37:45: ServiceDLL: System32\tapisrv.dll
2012-04-11 19:37:45: File size: 242176
2012-04-11 19:37:45: DLL File name: tapisrv.dll
2012-04-11 19:37:45: Original File Name: TAPISRV.EXE.MUI
2012-04-11 19:37:45: Company:
2012-04-11 19:37:45: Mod/Cre/Acc time: 20101120222400 20101120222400 20120411121108
2012-04-11 19:37:45: ---------------------------------------------------------------------
2012-04-11 19:37:45: Found Service: TBS
2012-04-11 19:37:45: Real Path: C:\Windows\System32\tbssvc.dll
2012-04-11 19:37:45: Display Name: @%SystemRoot%\system32\tbssvc.dll,-100
2012-04-11 19:37:45: Description: @%SystemRoot%\system32\tbssvc.dll,-101
2012-04-11 19:37:45: ServiceDLL: System32\tbssvc.dll
2012-04-11 19:37:45: File size: 0
2012-04-11 19:37:45: DLL File name: tbssvc.dll
2012-04-11 19:37:45: Original File Name: TBSSVC.DLL.MUI
2012-04-11 19:37:45: Company:
2012-04-11 19:37:45: Mod/Cre/Acc time:
2012-04-11 19:37:46: ---------------------------------------------------------------------
2012-04-11 19:37:46: Found Service: TermService
2012-04-11 19:37:46: Real Path: C:\Windows\System32\termsrv.dll
2012-04-11 19:37:46: Display Name: @%SystemRoot%\System32\termsrv.dll,-268
2012-04-11 19:37:46: Description: @%SystemRoot%\System32\termsrv.dll,-267
2012-04-11 19:37:46: ServiceDLL: System32\termsrv.dll
2012-04-11 19:37:46: File size: 0
2012-04-11 19:37:46: DLL File name: termsrv.dll
2012-04-11 19:37:46: Original File Name: termsrv.dll.mui
2012-04-11 19:37:46: Company:
2012-04-11 19:37:46: Mod/Cre/Acc time:
2012-04-11 19:37:46: ---------------------------------------------------------------------
2012-04-11 19:37:46: Found Service: Themes
2012-04-11 19:37:46: Real Path: C:\Windows\system32\themeservice.dll
2012-04-11 19:37:46: Display Name: @%SystemRoot%\System32\themeservice.dll,-8192
2012-04-11 19:37:46: Description: @%SystemRoot%\System32\themeservice.dll,-8193
2012-04-11 19:37:46: ServiceDLL: system32\themeservice.dll
2012-04-11 19:37:46: File size: 0
2012-04-11 19:37:46: DLL File name: themeservice.dll
2012-04-11 19:37:46: Original File Name: THEMESERVICE.DLL.MUI
2012-04-11 19:37:46: Company:
2012-04-11 19:37:46: Mod/Cre/Acc time:
2012-04-11 19:37:46: ---------------------------------------------------------------------
2012-04-11 19:37:46: Found Service: THREADORDER
2012-04-11 19:37:46: Real Path: C:\Windows\system32\mmcss.dll
2012-04-11 19:37:46: Display Name: @%systemroot%\system32\mmcss.dll,-102
2012-04-11 19:37:46: Description: @%systemroot%\system32\mmcss.dll,-103
2012-04-11 19:37:46: ServiceDLL: system32\mmcss.dll
2012-04-11 19:37:46: File size: 0
2012-04-11 19:37:46: DLL File name: mmcss.dll
2012-04-11 19:37:46: Original File Name: mmcss.dll.mui
2012-04-11 19:37:46: Company:
2012-04-11 19:37:46: Mod/Cre/Acc time:
2012-04-11 19:37:46: ---------------------------------------------------------------------
2012-04-11 19:37:46: Found Service: TrkWks
2012-04-11 19:37:46: Real Path: C:\Windows\System32\trkwks.dll
2012-04-11 19:37:46: Display Name: @%SystemRoot%\system32\trkwks.dll,-1
2012-04-11 19:37:46: Description: @%SystemRoot%\system32\trkwks.dll,-2
2012-04-11 19:37:46: ServiceDLL: System32\trkwks.dll
2012-04-11 19:37:46: File size: 0
2012-04-11 19:37:46: DLL File name: trkwks.dll
2012-04-11 19:37:46: Original File Name: trkwks.dll.mui
2012-04-11 19:37:46: Company:
2012-04-11 19:37:46: Mod/Cre/Acc time:
2012-04-11 19:37:46: !!!!!!!
2012-04-11 19:37:46: Found Service: upnphost
2012-04-11 19:37:46: Real Path: C:\Windows\System32\upnphost.dll
2012-04-11 19:37:46: Display Name: @%systemroot%\system32\upnphost.dll,-213
2012-04-11 19:37:46: Description: @%systemroot%\system32\upnphost.dll,-214
2012-04-11 19:37:46: ServiceDLL: System32\upnphost.dll
2012-04-11 19:37:46: File size: 266752
2012-04-11 19:37:46: DLL File name: upnphost.dll
2012-04-11 19:37:46: Original File Name: unpnhost.dll.mui
2012-04-11 19:37:46: Company:
2012-04-11 19:37:46: Mod/Cre/Acc time: 20090713201617 20090713185541 20120411121127
2012-04-11 19:37:46: !!!!!!!!!
2012-04-11 19:37:47: ---------------------------------------------------------------------
2012-04-11 19:37:47: Found Service: UxSms
2012-04-11 19:37:47: Real Path: C:\Windows\System32\uxsms.dll
2012-04-11 19:37:47: Display Name: @%SystemRoot%\system32\dwm.exe,-2000
2012-04-11 19:37:47: Description: @%SystemRoot%\system32\dwm.exe,-2001
2012-04-11 19:37:47: ServiceDLL: System32\uxsms.dll
2012-04-11 19:37:47: File size: 0
2012-04-11 19:37:47: DLL File name: uxsms.dll
2012-04-11 19:37:47: Original File Name: UxSms.dll
2012-04-11 19:37:47: Company:
2012-04-11 19:37:47: Mod/Cre/Acc time:
2012-04-11 19:37:47: ---------------------------------------------------------------------
2012-04-11 19:37:47: Found Service: W32Time
2012-04-11 19:37:47: Real Path: C:\Windows\system32\w32time.dll
2012-04-11 19:37:47: Display Name: @%SystemRoot%\system32\w32time.dll,-200
2012-04-11 19:37:47: Description: @%SystemRoot%\system32\w32time.dll,-201
2012-04-11 19:37:47: ServiceDLL: system32\w32time.dll
2012-04-11 19:37:47: File size: 0
2012-04-11 19:37:47: DLL File name: w32time.dll
2012-04-11 19:37:47: Original File Name: w32time.dll.mui
2012-04-11 19:37:47: Company:
2012-04-11 19:37:47: Mod/Cre/Acc time:
2012-04-11 19:37:47: ---------------------------------------------------------------------
2012-04-11 19:37:47: Found Service: WbioSrvc
2012-04-11 19:37:47: Real Path: C:\Windows\System32\wbiosrvc.dll
2012-04-11 19:37:47: Display Name: @%systemroot%\system32\wbiosrvc.dll,-100
2012-04-11 19:37:47: Description: @%systemroot%\system32\wbiosrvc.dll,-101
2012-04-11 19:37:47: ServiceDLL: System32\wbiosrvc.dll
2012-04-11 19:37:47: File size: 0
2012-04-11 19:37:47: DLL File name: wbiosrvc.dll
2012-04-11 19:37:47: Original File Name: wbiosrvc.dll.mui
2012-04-11 19:37:47: Company:
2012-04-11 19:37:47: Mod/Cre/Acc time:
2012-04-11 19:37:47: ---------------------------------------------------------------------
2012-04-11 19:37:47: Found Service: wcncsvc
2012-04-11 19:37:47: Real Path: C:\Windows\System32\wcncsvc.dll
2012-04-11 19:37:47: Display Name: @%SystemRoot%\system32\wcncsvc.dll,-3
2012-04-11 19:37:47: Description: @%SystemRoot%\system32\wcncsvc.dll,-4
2012-04-11 19:37:47: ServiceDLL: System32\wcncsvc.dll
2012-04-11 19:37:47: File size: 276992
2012-04-11 19:37:47: DLL File name: wcncsvc.dll
2012-04-11 19:37:47: Original File Name: WCNCSVC.DLL.MUI
2012-04-11 19:37:47: Company:
2012-04-11 19:37:47: Mod/Cre/Acc time: 20101120222449 20101120222449 20120410192802
2012-04-11 19:37:47: ---------------------------------------------------------------------
2012-04-11 19:37:47: Found Service: WcsPlugInService
2012-04-11 19:37:47: Real Path: C:\Windows\System32\WcsPlugInService.dll
2012-04-11 19:37:47: Display Name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
2012-04-11 19:37:47: Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
2012-04-11 19:37:47: ServiceDLL: System32\WcsPlugInService.dll
2012-04-11 19:37:47: File size: 32768
2012-04-11 19:37:47: DLL File name: WcsPlugInService.dll
2012-04-11 19:37:47: Original File Name: WcsPlugInService.DLL.MUI
2012-04-11 19:37:47: Company:
2012-04-11 19:37:47: Mod/Cre/Acc time: 20090713201618 20090713182513 20120410192802
2012-04-11 19:37:47: ---------------------------------------------------------------------
2012-04-11 19:37:47: Found Service: WdiServiceHost
2012-04-11 19:37:47: Real Path: C:\Windows\system32\wdi.dll
2012-04-11 19:37:47: Display Name: @%systemroot%\system32\wdi.dll,-502
2012-04-11 19:37:47: Description: @%systemroot%\system32\wdi.dll,-503
2012-04-11 19:37:47: ServiceDLL: system32\wdi.dll
2012-04-11 19:37:47: File size: 76288
2012-04-11 19:37:47: DLL File name: wdi.dll
2012-04-11 19:37:47: Original File Name: wdi.dll.mui
2012-04-11 19:37:47: Company:
2012-04-11 19:37:47: Mod/Cre/Acc time: 20090713201618 20090713181947 20120410192802
2012-04-11 19:37:47: ---------------------------------------------------------------------
2012-04-11 19:37:47: Found Service: WdiSystemHost
2012-04-11 19:37:47: Real Path: C:\Windows\system32\wdi.dll
2012-04-11 19:37:47: Display Name: @%systemroot%\system32\wdi.dll,-500
2012-04-11 19:37:47: Description: @%systemroot%\system32\wdi.dll,-501
2012-04-11 19:37:47: ServiceDLL: system32\wdi.dll
2012-04-11 19:37:47: File size: 76288
2012-04-11 19:37:47: DLL File name: wdi.dll
2012-04-11 19:37:47: Original File Name: wdi.dll.mui
2012-04-11 19:37:47: Company:
2012-04-11 19:37:47: Mod/Cre/Acc time: 20090713201618 20090713181947 20120410192802
2012-04-11 19:37:47: !!!!!!!
2012-04-11 19:37:47: Found Service: WebClient
2012-04-11 19:37:47: Real Path: C:\Windows\System32\webclnt.dll
2012-04-11 19:37:47: Display Name: @%systemroot%\system32\webclnt.dll,-100
2012-04-11 19:37:47: Description: @%systemroot%\system32\webclnt.dll,-101
2012-04-11 19:37:47: ServiceDLL: System32\webclnt.dll
2012-04-11 19:37:47: File size: 204800
2012-04-11 19:37:47: DLL File name: webclnt.dll
2012-04-11 19:37:47: Original File Name: davsvc.dll.mui
2012-04-11 19:37:47: Company:
2012-04-11 19:37:47: Mod/Cre/Acc time: 20101120222449 20101120222449 20120410192802
2012-04-11 19:37:47: !!!!!!!!!
2012-04-11 19:37:47: ---------------------------------------------------------------------
2012-04-11 19:37:47: Found Service: Wecsvc
2012-04-11 19:37:47: Real Path: C:\Windows\system32\wecsvc.dll
2012-04-11 19:37:47: Display Name: @%SystemRoot%\system32\wecsvc.dll,-200
2012-04-11 19:37:47: Description: @%SystemRoot%\system32\wecsvc.dll,-201
2012-04-11 19:37:47: ServiceDLL: system32\wecsvc.dll
2012-04-11 19:37:47: File size: 0
2012-04-11 19:37:47: DLL File name: wecsvc.dll
2012-04-11 19:37:47: Original File Name: wecsvc.dll.mui
2012-04-11 19:37:47: Company:
2012-04-11 19:37:47: Mod/Cre/Acc time:
2012-04-11 19:37:48: !!!!!!!
2012-04-11 19:37:48: Found Service: wercplsupport
2012-04-11 19:37:48: Real Path: C:\Windows\System32\wercplsupport.dll
2012-04-11 19:37:48: Display Name: @%SystemRoot%\System32\wercplsupport.dll,-101
2012-04-11 19:37:48: Description: @%SystemRoot%\System32\wercplsupport.dll,-100
2012-04-11 19:37:48: ServiceDLL: System32\wercplsupport.dll
2012-04-11 19:37:48: File size: 0
2012-04-11 19:37:48: DLL File name: wercplsupport.dll
2012-04-11 19:37:48: Original File Name: ERC
2012-04-11 19:37:48: Company:
2012-04-11 19:37:48: Mod/Cre/Acc time:
2012-04-11 19:37:48: !!!!!!!!!
2012-04-11 19:37:48: !!!!!!!
2012-04-11 19:37:48: Found Service: WerSvc
2012-04-11 19:37:48: Real Path: C:\Windows\System32\WerSvc.dll
2012-04-11 19:37:48: Display Name: @%SystemRoot%\System32\wersvc.dll,-100
2012-04-11 19:37:48: Description: @%SystemRoot%\System32\wersvc.dll,-101
2012-04-11 19:37:48: ServiceDLL: System32\WerSvc.dll
2012-04-11 19:37:48: File size: 0
2012-04-11 19:37:48: DLL File name: WerSvc.dll
2012-04-11 19:37:48: Original File Name: wersvc
2012-04-11 19:37:48: Company:
2012-04-11 19:37:48: Mod/Cre/Acc time:
2012-04-11 19:37:48: !!!!!!!!!
2012-04-11 19:37:48: ---------------------------------------------------------------------
2012-04-11 19:37:48: Found Service: Winmgmt
2012-04-11 19:37:48: Real Path: C:\Windows\system32\wbem\WMIsvc.dll
2012-04-11 19:37:48: Display Name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
2012-04-11 19:37:48: Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
2012-04-11 19:37:48: ServiceDLL: system32\wbem\WMIsvc.dll
2012-04-11 19:37:48: File size: 0
2012-04-11 19:37:48: DLL File name: WMIsvc.dll
2012-04-11 19:37:48: Original File Name: wmisvc.dll.mui
2012-04-11 19:37:48: Company:
2012-04-11 19:37:48: Mod/Cre/Acc time:
2012-04-11 19:37:48: ---------------------------------------------------------------------
2012-04-11 19:37:48: Found Service: WinRM
2012-04-11 19:37:48: Real Path: C:\Windows\system32\WsmSvc.dll
2012-04-11 19:37:48: Display Name: @%Systemroot%\system32\wsmsvc.dll,-101
2012-04-11 19:37:48: Description: @%Systemroot%\system32\wsmsvc.dll,-102
2012-04-11 19:37:48: ServiceDLL: system32\WsmSvc.dll
2012-04-11 19:37:48: File size: 1175040
2012-04-11 19:37:48: DLL File name: WsmSvc.dll
2012-04-11 19:37:48: Original File Name: WsmSvc.dll.mui
2012-04-11 19:37:48: Company:
2012-04-11 19:37:48: Mod/Cre/Acc time: 20101120222432 20101120222432 20120410192802
2012-04-11 19:37:48: ---------------------------------------------------------------------
2012-04-11 19:37:48: Found Service: Wlansvc
2012-04-11 19:37:48: Real Path: C:\Windows\System32\wlansvc.dll
2012-04-11 19:37:48: Display Name: @%SystemRoot%\System32\wlansvc.dll,-257
2012-04-11 19:37:48: Description: @%SystemRoot%\System32\wlansvc.dll,-258
2012-04-11 19:37:48: ServiceDLL: System32\wlansvc.dll
2012-04-11 19:37:48: File size: 0
2012-04-11 19:37:48: DLL File name: wlansvc.dll
2012-04-11 19:37:48: Original File Name: wlansvc.dll.mui
2012-04-11 19:37:48: Company:
2012-04-11 19:37:48: Mod/Cre/Acc time:
2012-04-11 19:37:48: ---------------------------------------------------------------------
2012-04-11 19:37:48: Found Service: WPCSvc
2012-04-11 19:37:48: Real Path: C:\Windows\System32\wpcsvc.dll
2012-04-11 19:37:48: Display Name: @%SystemRoot%\system32\wpcsvc.dll,-100
2012-04-11 19:37:48: Description: @%SystemRoot%\system32\wpcsvc.dll,-101
2012-04-11 19:37:48: ServiceDLL: System32\wpcsvc.dll
2012-04-11 19:37:48: File size: 10752
2012-04-11 19:37:48: DLL File name: wpcsvc.dll
2012-04-11 19:37:48: Original File Name: wpcsvc.exe.mui
2012-04-11 19:37:48: Company:
2012-04-11 19:37:48: Mod/Cre/Acc time: 20090713201620 20090713184010 20120410192802
2012-04-11 19:37:48: ---------------------------------------------------------------------
2012-04-11 19:37:48: Found Service: WPDBusEnum
2012-04-11 19:37:48: Real Path: C:\Windows\system32\wpdbusenum.dll
2012-04-11 19:37:48: Display Name: @%SystemRoot%\system32\wpdbusenum.dll,-100
2012-04-11 19:37:48: Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
2012-04-11 19:37:48: ServiceDLL: system32\wpdbusenum.dll
2012-04-11 19:37:48: File size: 0
2012-04-11 19:37:48: DLL File name: wpdbusenum.dll
2012-04-11 19:37:48: Original File Name: WpdBusEnum.DLL.MUI
2012-04-11 19:37:48: Company:
2012-04-11 19:37:48: Mod/Cre/Acc time:
2012-04-11 19:37:48: ---------------------------------------------------------------------
2012-04-11 19:37:48: Found Service: wscsvc
2012-04-11 19:37:48: Real Path: C:\Windows\system32\wscsvc.dll
2012-04-11 19:37:48: Display Name: @%SystemRoot%\System32\wscsvc.dll,-200
2012-04-11 19:37:48: Description: @%SystemRoot%\System32\wscsvc.dll,-201
2012-04-11 19:37:48: ServiceDLL: system32\wscsvc.dll
2012-04-11 19:37:48: File size: 0
2012-04-11 19:37:48: DLL File name: wscsvc.dll
2012-04-11 19:37:48: Original File Name: wscsvc.dll.mui
2012-04-11 19:37:48: Company:
2012-04-11 19:37:48: Mod/Cre/Acc time:
2012-04-11 19:37:48: ---------------------------------------------------------------------
2012-04-11 19:37:48: Found Service: wuauserv
2012-04-11 19:37:48: Real Path: C:\Windows\system32\wuaueng.dll
2012-04-11 19:37:48: Display Name: @%systemroot%\system32\wuaueng.dll,-105
2012-04-11 19:37:48: Description: @%systemroot%\system32\wuaueng.dll,-106
2012-04-11 19:37:48: ServiceDLL: system32\wuaueng.dll
2012-04-11 19:37:48: File size: 0
2012-04-11 19:37:48: DLL File name: wuaueng.dll
2012-04-11 19:37:48: Original File Name: wuaueng.dll.mui
2012-04-11 19:37:48: Company:
2012-04-11 19:37:49: Mod/Cre/Acc time:
2012-04-11 19:37:49: ---------------------------------------------------------------------
2012-04-11 19:37:49: Found Service: wudfsvc
2012-04-11 19:37:49: Real Path: C:\Windows\System32\WUDFSvc.dll
2012-04-11 19:37:49: Display Name: @%SystemRoot%\system32\wudfsvc.dll,-1000
2012-04-11 19:37:49: Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
2012-04-11 19:37:49: ServiceDLL: System32\WUDFSvc.dll
2012-04-11 19:37:49: File size: 0
2012-04-11 19:37:49: DLL File name: WUDFSvc.dll
2012-04-11 19:37:49: Original File Name: WUDFSvc.dll.mui
2012-04-11 19:37:49: Company:
2012-04-11 19:37:49: Mod/Cre/Acc time:
2012-04-11 19:37:49: ---------------------------------------------------------------------
2012-04-11 19:37:49: Found Service: WwanSvc
2012-04-11 19:37:49: Real Path: C:\Windows\System32\wwansvc.dll
2012-04-11 19:37:49: Display Name: @%SystemRoot%\System32\wwansvc.dll,-257
2012-04-11 19:37:49: Description: @%SystemRoot%\System32\wwansvc.dll,-258
2012-04-11 19:37:49: ServiceDLL: System32\wwansvc.dll
2012-04-11 19:37:49: File size: 0
2012-04-11 19:37:49: DLL File name: wwansvc.dll
2012-04-11 19:37:49: Original File Name: WwanSvc.dll.mui
2012-04-11 19:37:49: Company:
2012-04-11 19:37:49: Mod/Cre/Acc time:
2012-04-11 19:37:49:
2012-04-11 19:37:49: Looking for SHELL key
2012-04-11 19:37:49: Now looking for bad DLL files in system32
2012-04-11 19:38:51: Folder: GAC
2012-04-11 19:38:51: Folder: GAC_32
2012-04-11 19:38:51: Folder: GAC_64
2012-04-11 19:38:51: Folder: GAC_MSIL
2012-04-11 19:38:51: Folder: NativeImages_v2.0.50727_32
2012-04-11 19:38:51: Folder: NativeImages_v2.0.50727_64
2012-04-11 19:38:51: Folder: NativeImages_v4.0.30319_32
2012-04-11 19:38:51: Folder: NativeImages_v4.0.30319_64
2012-04-11 19:38:51: Folder: temp
2012-04-11 19:38:51: Folder: tmp
2012-04-11 19:38:51: Checking for bad folder
2012-04-11 19:38:51: Found 1 folders.
2012-04-11 19:38:51: Checking C:\Windows\assembly\tmp
2012-04-11 19:38:51: ... Folder test returns: 1
2012-04-11 19:38:51: Done with folder list in C:\Windows\assembly\ tmp
2012-04-11 19:38:51: Autonomous mode, clearing out yt folder
2012-04-11 19:38:51: cmd.exe /c start "C:\Users\Kyle\Desktop\yorkyt.exe"
2012-04-11 19:39:08: Restarting...
2012-04-11 19:41:17: ****************************************************
2012-04-11 19:41:17: Starting UP ... v 0.0.0.220
2012-04-11 19:41:17: ****************************************************
2012-04-11 19:41:18: Stop TPSRV returns: 2
2012-04-11 19:41:33: Listing processes...
2012-04-11 19:41:33: :[System Process]:0
2012-04-11 19:41:33: :System:4
2012-04-11 19:41:33: :smss.exe:336
2012-04-11 19:41:33: :csrss.exe:504
2012-04-11 19:41:33: :wininit.exe:564
2012-04-11 19:41:33: :csrss.exe:596
2012-04-11 19:41:33: :services.exe:628
2012-04-11 19:41:33: :winlogon.exe:664
2012-04-11 19:41:33: :lsass.exe:692
2012-04-11 19:41:33: :lsm.exe:700
2012-04-11 19:41:33: :svchost.exe:796
2012-04-11 19:41:33: :TrueSuiteService.exe:856
2012-04-11 19:41:33: :svchost.exe:908
2012-04-11 19:41:33: :svchost.exe:972
2012-04-11 19:41:33: :svchost.exe:356
2012-04-11 19:41:33: :svchost.exe:520
2012-04-11 19:41:33: :stacsv64.exe:488
2012-04-11 19:41:33: :audiodg.exe:996
2012-04-11 19:41:33: :svchost.exe:1156
2012-04-11 19:41:33: :svchost.exe:1300
2012-04-11 19:41:33: :spoolsv.exe:1508
2012-04-11 19:41:33: :svchost.exe:1548
2012-04-11 19:41:33: :AppleMobileDeviceService.exe:1632
2012-04-11 19:41:33: :mDNSResponder.exe:1844
2012-04-11 19:41:33: :svchost.exe:1896
2012-04-11 19:41:33: :hamachi-2.exe:1932
2012-04-11 19:41:33: :HPClientServices.exe:1956
2012-04-11 19:41:33: :HPDrvMntSvc.exe:1320
2012-04-11 19:41:33: :HPWMISVC.exe:512
2012-04-11 19:41:33: :jhi_service.exe:1692
2012-04-11 19:41:33: :lxdccoms.exe:1804
2012-04-11 19:41:33: :ccsvchst.exe:1884
2012-04-11 19:41:33: :svchost.exe:1724
2012-04-11 19:41:33: :svchost.exe:1204
2012-04-11 19:41:33: :RNowSvc.exe:1112
2012-04-11 19:41:33: :SeaPort.EXE:1260
2012-04-11 19:41:33: :svchost.exe:2112
2012-04-11 19:41:33: :WLIDSVC.EXE:2176
2012-04-11 19:41:33: :WLIDSVCM.EXE:2400
2012-04-11 19:41:33: :WUDFHost.exe:2628
2012-04-11 19:41:33: :svchost.exe:2776
2012-04-11 19:41:33: :WmiPrvSE.exe:3020
2012-04-11 19:41:33: :WmiPrvSE.exe:3028
2012-04-11 19:41:33: :dwm.exe:3076
2012-04-11 19:41:33: :explorer.exe:3084
2012-04-11 19:41:33: :ccsvchst.exe:3152
2012-04-11 19:41:33: :SearchIndexer.exe:3180
2012-04-11 19:41:33: :rundll32.exe:3280
2012-04-11 19:41:33: :taskhost.exe:3380
2012-04-11 19:41:33: :TouchControl.exe:3480
2012-04-11 19:41:33: :BioMonitor.exe:3556
2012-04-11 19:41:33: :SearchProtocolHost.exe:3652
2012-04-11 19:41:33: :SearchFilterHost.exe:3680
2012-04-11 19:41:33: :svchost.exe:3748
2012-04-11 19:41:33: :unsecapp.exe:4048
2012-04-11 19:41:33: :yorkyt.exe:2852
2012-04-11 19:41:33: :SynTPEnh.exe:3448
2012-04-11 19:41:33: :lxdcamon.exe:3312
2012-04-11 19:41:33: :sttray64.exe:3256
2012-04-11 19:41:33: :hkcmd.exe:4016
2012-04-11 19:41:33: :igfxpers.exe:3316
2012-04-11 19:41:33: :Steam.exe:4128
2012-04-11 19:41:33: :PMB.exe:4152
2012-04-11 19:41:33: :BitTorrent.exe:4244
2012-04-11 19:41:33: :netsession_win.exe:4340
2012-04-11 19:41:33: :msnmsgr.exe:4348
2012-04-11 19:41:33: :runonce.exe:4364
2012-04-11 19:41:33: :netsession_win.exe:4376
2012-04-11 19:41:33: :IAStorIcon.exe:4400
2012-04-11 19:41:33: :hpqwutils.exe:4408
2012-04-11 19:41:33: :reader_sl.exe:4444
2012-04-11 19:41:33: :AdobeARM.exe:4468
2012-04-11 19:41:33: :taskeng.exe:4488
2012-04-11 19:41:33: :HPOSD.exe:4504
2012-04-11 19:41:33: :svchost.exe:4512
2012-04-11 19:41:33: :APSDaemon.exe:4548
2012-04-11 19:41:33: :VCDDaemon.exe:4572
2012-04-11 19:41:33: :qttask.exe:4584
2012-04-11 19:41:33: :iTunesHelper.exe:4592
2012-04-11 19:41:33: :YCMMirage.exe:4600
2012-04-11 19:41:33:
2012-04-11 19:41:33: Starting cleanup mode...
2012-04-11 19:43:26: ... Done with files, now folders
2012-04-11 19:43:39: All DONE

RKReport:
RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Kyle [Admin rights]
Mode: Scan -- Date: 04/11/2012 19:46:10

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] a5ce83518d2b60f5688dd2e17befd139
[BSP] 167f786979dbbf3206710b60c66203c9 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 456924 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 936189952 | Size: 15752 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 968450048 | Size: 4063 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SDHC Card +++++
--- User ---
[MBR] d6c81a7a79be04b3276b82dd112ea7f4
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3819 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt



aswMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-11 21:43:10
-----------------------------
21:43:10.792 OS Version: Windows x64 6.1.7601 Service Pack 1
21:43:10.792 Number of processors: 4 586 0x2A07
21:43:10.792 ComputerName: QUINCY UserName: Kyle
21:43:14.832 Initialize success
21:43:19.699 AVAST engine defs: 12041101
21:43:21.150 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:43:21.150 Disk 0 Vendor: ST950032 0005 Size: 476940MB BusType: 3
21:43:21.181 Disk 0 MBR read successfully
21:43:21.197 Disk 0 MBR scan
21:43:21.197 Disk 0 Windows 7 default MBR code
21:43:21.213 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
21:43:21.259 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 456924 MB offset 409600
21:43:21.291 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15752 MB offset 936189952
21:43:21.369 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4063 MB offset 968450048
21:43:21.478 Disk 0 scanning C:\Windows\system32\drivers
21:43:53.037 Service scanning
21:44:27.029 Modules scanning
21:44:27.045 Disk 0 trace - called modules:
21:44:27.123 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:44:27.138 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800729c790]
21:44:27.138 3 CLASSPNP.SYS[fffff88001f6443f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800603e050]
21:44:28.527 AVAST engine scan C:\Windows
21:44:52.988 AVAST engine scan C:\Windows\system32
21:50:35.926 AVAST engine scan C:\Windows\system32\drivers
21:51:14.817 AVAST engine scan C:\Users\Kyle
22:00:28.496 AVAST engine scan C:\ProgramData
22:01:33.579 File: C:\ProgramData\Microsoft\Windows\DRM\A840.tmp **INFECTED** Win32:Malware-gen
22:01:33.689 File: C:\ProgramData\Microsoft\Windows\DRM\A8CE.tmp **INFECTED** Win32:Malware-gen
22:03:30.548 Scan finished successfully
22:03:45.181 Disk 0 MBR has been saved successfully to "C:\Users\Kyle\Desktop\MBR.dat"
22:03:45.197 The log file has been saved successfully to "C:\Users\Kyle\Desktop\aswMBR.txt"

Edited by reikendude, 11 April 2012 - 11:14 PM.


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:49 PM

Posted 12 April 2012 - 12:12 PM

We need to run a CFScript.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Killall::

File::
C:\ProgramData\Microsoft\Windows\DRM\A840.tmp 
C:\ProgramData\Microsoft\Windows\DRM\A8CE.tmp 


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Things to include in your next reply::
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 reikendude

reikendude
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 12 April 2012 - 04:05 PM

I still have the redirects, they appeared the first time that I checked.



ComboFix 12-04-10.02 - Kyle 04/12/2012 15:26:04.6.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2375 [GMT -5:00]
Running from: c:\users\Kyle\Desktop\ComboFix.exe
Command switches used :: c:\users\Kyle\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\DRM\A840.tmp"
"c:\programdata\Microsoft\Windows\DRM\A8CE.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\A840.tmp
c:\programdata\Microsoft\Windows\DRM\A8CE.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))
.
.
2012-04-12 20:41 . 2012-04-12 20:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-11 08:00 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 08:00 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 08:00 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 08:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 08:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 08:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 08:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 08:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 08:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 08:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 00:39 . 2012-04-11 00:39 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-11 00:39 . 2012-04-11 00:39 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-11 00:39 . 2012-04-11 00:39 -------- d-----w- c:\program files\Java
2012-04-11 00:26 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-10 01:40 . 2011-05-06 06:01 1658368 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM.dll
2012-04-09 03:32 . 2012-04-09 03:40 -------- d-----w- c:\users\Kyle\AppData\Local\NPE
2012-04-09 03:25 . 2012-04-09 03:25 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-04-03 23:23 . 2012-04-06 05:20 -------- d-----w- c:\windows\system32\drivers\N360x64\0502010.003
2012-04-01 00:22 . 2012-04-06 05:18 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-04-01 00:22 . 2012-04-06 05:20 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-03-31 20:09 . 2012-03-31 20:09 -------- d-----w- c:\users\Kyle\AppData\Roaming\digipen
2012-03-31 20:09 . 2012-03-31 20:09 -------- d-----w- c:\users\Kyle\AppData\Local\digipen
2012-03-31 20:04 . 2012-04-06 05:18 -------- d-----w- c:\program files (x86)\Digipen
2012-03-31 01:26 . 2012-03-31 01:27 -------- d-----w- c:\users\Kyle\AppData\Roaming\Beat Hazard
2012-03-25 09:27 . 2012-03-25 09:27 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-03-25 09:27 . 2012-03-25 09:27 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-03-25 09:26 . 2012-03-25 09:26 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-03-25 09:26 . 2012-03-25 09:26 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-03-25 09:26 . 2012-03-25 09:26 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-03-25 09:26 . 2012-03-25 09:26 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2012-03-25 09:26 . 2012-03-25 09:26 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-03-25 09:26 . 2012-03-25 09:26 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-03-25 09:23 . 2012-01-12 16:23 -------- d-----w- c:\windows\ehome
2012-03-25 09:23 . 2012-03-25 09:23 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2012-03-25 09:23 . 2012-03-25 09:23 -------- d-----r- c:\users\Public\Recorded TV
2012-03-25 08:57 . 2012-03-25 08:57 -------- d-----w- c:\programdata\Synaptics
2012-03-25 08:57 . 2012-03-25 08:57 -------- d-----w- c:\programdata\Intel
2012-03-25 08:50 . 2012-03-25 08:50 -------- d-----w- c:\users\Public\Symantec
2012-03-25 08:50 . 2012-03-25 08:50 -------- d-----w- c:\program files (x86)\SymSilent
2012-03-25 08:50 . 2012-03-25 08:50 -------- d-----w- c:\program files (x86)\Microsoft
2012-03-25 08:46 . 2012-03-25 08:46 -------- d-----w- c:\program files (x86)\HP SimplePass 2011
2012-03-25 08:45 . 2012-03-25 08:45 -------- d-----w- c:\program files\Common Files\AuthenTec
2012-03-25 08:45 . 2012-03-25 08:45 -------- d-----w- c:\program files (x86)\Common Files\AuthenTec
2012-03-25 08:45 . 2012-03-25 08:46 -------- d-----w- c:\programdata\Downloaded Installations
2012-03-25 08:45 . 2012-04-09 03:32 -------- d-----w- c:\programdata\Norton
2012-03-25 08:43 . 2012-03-25 08:43 -------- d-----w- c:\program files (x86)\CyberLink
2012-03-25 08:43 . 2012-03-25 08:43 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-03-25 08:42 . 2011-10-26 02:58 -------- d-----r- c:\program files\Online Services
2012-03-25 08:39 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-03-25 08:39 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2012-03-25 08:38 . 2011-11-27 19:13 -------- d-----w- c:\program files\Symantec
2012-03-25 08:36 . 2012-03-25 08:42 -------- d-----w- c:\windows\Hewlett-Packard
2012-03-25 08:36 . 2011-11-15 04:53 1813056 ----a-w- c:\windows\system32\drivers\netr28x.sys
2012-03-25 08:36 . 2011-11-15 04:21 327008 ----a-w- c:\windows\system32\RaCoInstx.dll
2012-03-25 08:36 . 2012-03-25 08:36 -------- d-----w- c:\programdata\Ralink Driver
2012-03-25 08:35 . 2011-12-08 05:36 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-03-25 08:35 . 2011-12-08 05:37 4113408 ----a-w- c:\windows\system32\stlang64.dll
2012-03-25 08:35 . 2011-12-08 05:37 1424896 ----a-w- c:\windows\sttray64.exe
2012-03-25 08:35 . 2011-12-08 05:37 6012416 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-03-25 08:35 . 2011-12-08 05:37 564224 ----a-w- c:\windows\system32\idt64mp1.exe
2012-03-25 08:35 . 2011-12-08 05:37 5077504 ----a-w- c:\windows\system32\IDTNHP.dll
2012-03-25 08:35 . 2011-12-08 05:37 233472 ----a-w- c:\windows\system32\IDTNJ.exe
2012-03-25 08:35 . 2011-12-08 05:37 1819136 ----a-w- c:\windows\system32\IDTNC64.cpl
2012-03-25 08:35 . 2011-12-08 05:37 1041920 ----a-w- c:\windows\system32\IDTNX.dll
2012-03-25 08:35 . 2012-03-25 08:35 -------- d-----w- c:\windows\system32\SRSLabs
2012-03-25 08:34 . 2011-12-08 05:37 251392 ----a-w- c:\windows\system32\staco64.dll
2012-03-25 08:34 . 2012-03-20 10:59 -------- d-----w- c:\windows\SysWow64\sda
2012-03-25 08:34 . 2012-03-20 10:58 -------- d-----w- c:\program files (x86)\Realtek
2012-03-25 08:34 . 2011-02-01 21:24 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2012-03-25 08:34 . 2012-03-25 08:34 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2012-03-25 08:34 . 2011-04-26 18:07 557848 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-03-25 08:33 . 2012-03-25 08:33 -------- d-----w- c:\program files\Synaptics
2012-03-25 08:33 . 2012-03-25 08:33 -------- d-----w- c:\program files\Common Files\Intel
2012-03-25 08:33 . 2012-03-25 08:33 -------- d-----w- c:\program files (x86)\Common Files\Intel
2012-03-25 08:32 . 2012-03-25 08:38 -------- d-----w- c:\program files (x86)\Intel
2012-03-25 08:32 . 2010-10-07 17:37 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-03-25 08:32 . 2012-03-25 08:32 -------- d-----w- C:\Intel
2012-03-20 10:58 . 2012-03-20 10:58 9887848 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll
2012-03-20 10:58 . 2012-03-20 10:58 339048 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2012-03-20 05:53 . 2012-03-20 05:53 -------- d-----w- c:\users\Kyle\AppData\Roaming\Tific
2012-03-20 05:53 . 2012-03-20 05:53 -------- d-----w- c:\users\Kyle\AppData\Local\Symantec
2012-03-20 05:14 . 2012-03-20 05:14 -------- d-----w- c:\users\Kyle\AppData\Roaming\Malwarebytes
2012-03-20 05:14 . 2012-04-11 00:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-20 05:14 . 2012-03-20 05:14 -------- d-----w- c:\programdata\Malwarebytes
2012-03-20 04:27 . 2012-04-09 21:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-20 04:19 . 2012-03-20 04:34 -------- d-----w- C:\sh4ldr
2012-03-20 04:19 . 2012-03-20 04:19 -------- d-----w- c:\program files\Enigma Software Group
2012-03-16 00:42 . 2012-03-16 00:42 -------- d-----w- c:\program files (x86)\Strange Loop Games
2012-03-14 07:40 . 2012-03-14 07:40 -------- d-----w- c:\users\Kyle\AppData\Roaming\Doublefine
2012-03-14 07:01 . 2012-03-14 07:38 -------- d-----w- c:\program files (x86)\Alan Wake.v 1.00.16.3209 + 2 DLC
2012-03-14 06:50 . 2012-03-14 06:50 -------- d-----w- c:\program files (x86)\Double Fine Productions
2012-03-14 02:32 . 2012-03-14 02:32 -------- d-----w- c:\users\Kyle\AppData\Local\Chromium
2012-03-13 23:15 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 23:15 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 23:15 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 13:09 . 2012-02-20 05:19 1890 --sha-w- c:\programdata\KGyGaAvL.sys
2012-02-20 06:52 . 2012-02-20 06:52 286720 ----a-w- c:\windows\iun506.exe
2012-02-20 05:19 . 2012-02-20 05:19 88 --sh--r- c:\programdata\EA3B4CDAF4.sys
2012-02-17 06:38 . 2012-03-13 17:26 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 17:26 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 17:26 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 17:26 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-01-25 06:38 . 2012-03-13 17:26 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-13 17:26 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-13 17:26 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-10_22.29.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-06 11:20 . 2007-02-17 14:21 63488 c:\windows\xcacls.exe
- 2012-02-15 09:00 . 2011-12-14 02:50 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2012-04-11 08:01 . 2012-02-28 01:03 72704 c:\windows\SysWOW64\mshtmled.dll
- 2012-02-15 09:00 . 2011-12-14 02:54 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-04-11 08:01 . 2012-02-28 01:08 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-04-11 08:01 . 2012-02-28 01:08 65024 c:\windows\SysWOW64\jsproxy.dll
- 2012-02-15 09:00 . 2011-12-14 02:54 65024 c:\windows\SysWOW64\jsproxy.dll
- 2009-07-14 04:54 . 2012-04-10 22:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-10 22:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-10 22:40 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-10 22:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-10 22:13 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-10 22:40 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-04-11 00:34 51774 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-12 02:15 40508 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-04-11 08:01 . 2012-02-28 06:43 96256 c:\windows\system32\mshtmled.dll
- 2012-02-15 09:00 . 2011-12-14 06:57 96256 c:\windows\system32\mshtmled.dll
+ 2012-04-11 08:01 . 2012-02-28 06:47 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2012-02-15 09:00 . 2011-12-14 07:02 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2012-02-15 09:00 . 2011-12-14 07:01 85504 c:\windows\system32\jsproxy.dll
+ 2012-04-11 08:01 . 2012-02-28 06:47 85504 c:\windows\system32\jsproxy.dll
+ 2011-10-26 02:59 . 2012-04-11 16:54 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-26 02:59 . 2012-04-09 03:31 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-26 02:59 . 2012-04-11 16:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-26 02:59 . 2012-04-09 03:31 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-09 03:31 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-11 16:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-04-12 00:48 94744 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-02-28 09:03 . 2012-02-28 09:03 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-04-11 08:06 . 2012-04-11 08:07 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-02-28 09:02 . 2012-02-28 09:02 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-02-28 09:03 . 2012-02-28 09:03 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-04-11 08:06 . 2012-04-11 08:06 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-04-11 08:06 . 2012-04-11 08:06 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-11 08:06 . 2012-04-11 08:06 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-11 08:05 . 2012-04-11 08:05 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-11 08:05 . 2012-04-11 08:05 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-11 08:35 . 2012-04-11 08:35 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\66b5c693a8aa660276216d7a521da5e2\System.Web.DynamicData.Design.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\5aa50d178dd6774b1d6b46a0997f0b95\WindowsLiveWriter.ni.exe
+ 2012-04-11 08:33 . 2012-04-11 08:33 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1371ed674fc04f510cb41524e2d4322d\System.Web.DynamicData.Design.ni.dll
+ 2011-10-26 02:59 . 2012-04-12 02:15 9728 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1247527095-1015957483-954240397-1001_UserData.bin
+ 2012-04-12 20:43 . 2012-04-12 20:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-10 22:29 . 2012-04-10 22:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-10 22:29 . 2012-04-10 22:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-12 20:43 . 2012-04-12 20:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-11 08:01 . 2012-02-28 01:09 231936 c:\windows\SysWOW64\url.dll
- 2012-02-15 09:00 . 2011-12-14 02:55 231936 c:\windows\SysWOW64\url.dll
+ 2012-04-11 08:01 . 2012-02-28 01:06 716800 c:\windows\SysWOW64\jscript.dll
- 2012-02-15 09:00 . 2011-12-14 02:53 716800 c:\windows\SysWOW64\jscript.dll
- 2012-02-15 09:00 . 2011-12-14 02:47 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-04-11 08:01 . 2012-02-28 00:59 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-10-26 05:47 . 2012-04-12 20:19 276090 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2012-02-15 09:00 . 2011-12-14 07:03 237056 c:\windows\system32\url.dll
+ 2012-04-11 08:01 . 2012-02-28 06:48 237056 c:\windows\system32\url.dll
- 2009-07-14 02:36 . 2012-04-10 22:18 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-12 02:20 624178 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-10 22:18 106522 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-12 02:20 106522 c:\windows\system32\perfc009.dat
- 2012-02-15 09:00 . 2011-12-14 07:00 818688 c:\windows\system32\jscript.dll
+ 2012-04-11 08:01 . 2012-02-28 06:45 818688 c:\windows\system32\jscript.dll
+ 2012-04-11 00:39 . 2012-04-11 00:39 264584 c:\windows\system32\javaws.exe
+ 2012-04-11 00:39 . 2012-04-11 00:39 188808 c:\windows\system32\javaw.exe
+ 2012-04-11 00:39 . 2012-04-11 00:39 188808 c:\windows\system32\java.exe
+ 2012-04-11 08:01 . 2012-02-28 06:39 248320 c:\windows\system32\ieui.dll
- 2012-02-15 09:00 . 2011-12-14 06:53 248320 c:\windows\system32\ieui.dll
+ 2009-07-14 05:01 . 2012-04-12 20:42 342304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-10 22:28 342304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-21 22:40 . 2012-01-21 22:40 616216 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll
+ 2012-04-10 22:03 . 2012-01-26 23:31 630784 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll
+ 2012-01-21 22:40 . 2012-01-21 22:40 616216 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
+ 2012-04-10 22:03 . 2012-01-26 23:33 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-04-11 08:06 . 2012-04-11 08:06 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 616216 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-04-11 08:06 . 2012-04-11 08:06 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-04-11 08:06 . 2012-04-11 08:06 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-04-11 08:06 . 2012-04-11 08:06 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-04-11 08:06 . 2012-04-11 08:06 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-11 08:06 . 2012-04-11 08:06 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-11 08:06 . 2012-04-11 08:06 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-04-11 08:06 . 2012-04-11 08:06 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-04-11 08:05 . 2012-04-11 08:05 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-11 08:05 . 2012-04-11 08:05 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-04-11 08:05 . 2012-04-11 08:05 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-04-11 00:38 . 2012-04-11 00:38 973824 c:\windows\Installer\4d8b0.msi
+ 2012-04-11 08:13 . 2012-04-11 08:13 337408 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsFormsIntegra#\3893bfa343bfd255531a743ffa660722\WindowsFormsIntegration.ni.dll
+ 2012-04-11 08:13 . 2012-04-11 08:13 281088 c:\windows\assembly\NativeImages_v4.0.30319_64\System.ServiceProce#\a38a67bfd6245b2f72eb918a57d37bcd\System.ServiceProcess.ni.dll
+ 2012-04-11 08:13 . 2012-04-11 08:13 781824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Messaging\cdf11c8e0679ce7ff91dc37c6e1b5545\System.Messaging.ni.dll
+ 2012-04-11 08:11 . 2012-04-11 08:11 289280 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\81c23cf78d9779b1447762a8ffb26d0b\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-04-11 08:15 . 2012-04-11 08:15 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ebd99d5801192b27f605630e2665db37\WindowsFormsIntegration.ni.dll
+ 2012-04-11 08:14 . 2012-04-11 08:14 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9cabbb335fc6dff10392376707a4d0a2\System.ServiceProcess.ni.dll
+ 2012-04-11 08:14 . 2012-04-11 08:14 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\621d2aae96fd06f9ccf66d335d7f1232\System.Messaging.ni.dll
+ 2012-04-11 08:14 . 2012-04-11 08:14 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\62c9a6fe14577f82bcd2a8420b8fa2db\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-04-11 08:35 . 2012-04-11 08:35 329216 c:\windows\assembly\NativeImages_v2.0.50727_64\WindowsFormsIntegra#\718e8186ee8de8555888be444b86d443\WindowsFormsIntegration.ni.dll
+ 2012-04-11 08:35 . 2012-04-11 08:35 304128 c:\windows\assembly\NativeImages_v2.0.50727_64\TaskScheduler\6138a7bf63fa559ffe856b586e369ba2\TaskScheduler.ni.dll
+ 2012-04-11 08:35 . 2012-04-11 08:35 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\01e6d953aaaada7216112df9e0f39c11\System.Web.Routing.ni.dll
+ 2012-04-11 08:35 . 2012-04-11 08:35 449024 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\32b4d44198ecd16ca5deb1024642313f\System.Web.Entity.ni.dll
+ 2012-04-11 08:35 . 2012-04-11 08:35 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\9d7b9e05e5bc7eab07de61a8dd70757a\System.Web.Entity.Design.ni.dll
+ 2012-04-11 08:35 . 2012-04-11 08:35 753664 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\e59cbe4ccb29922c44bf66d3ae044b32\System.Web.DynamicData.ni.dll
+ 2012-04-11 08:35 . 2012-04-11 08:35 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\cb674da808088671f0633d46d1dade03\System.Web.Abstractions.ni.dll
+ 2012-04-11 08:31 . 2012-04-11 08:31 295424 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\2ea95f3113ace6c1adf4ab9f9fc4285e\System.ServiceProcess.ni.dll
+ 2012-04-11 08:33 . 2012-04-11 08:33 783360 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\c5bef7173a92e1a66e3f7a34eeed891f\System.Messaging.ni.dll
+ 2012-04-11 08:31 . 2012-04-11 08:31 288768 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\a94125636875d06389922fcd86b7a615\System.Drawing.Design.ni.dll
+ 2012-04-11 08:35 . 2012-04-11 08:35 855040 c:\windows\assembly\NativeImages_v2.0.50727_64\napsnap\cc4082d64c96ff7569aa540b2bfb4e4e\napsnap.ni.dll
+ 2012-04-11 08:35 . 2012-04-11 08:35 162816 c:\windows\assembly\NativeImages_v2.0.50727_64\napinit\30d62e0be22cd4569141c32f8650773b\napinit.ni.dll
+ 2012-04-11 08:34 . 2012-04-11 08:34 417792 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCFxCommon\0da2c8a454593084e0215266b5572bf0\MMCFxCommon.ni.dll
+ 2012-04-11 08:34 . 2012-04-11 08:34 312320 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\ecaf4199c3937827b85be8e8ac36de2b\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-04-11 08:34 . 2012-04-11 08:34 152576 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\8dd963b1ac45ad4d484855d9853747bd\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-04-11 08:34 . 2012-04-11 08:34 798720 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Managemen#\fe924ef08b715e71e410270c60cc372c\Microsoft.ManagementConsole.ni.dll
+ 2012-04-11 08:34 . 2012-04-11 08:34 549376 c:\windows\assembly\NativeImages_v2.0.50727_64\mcplayerinterop\857d04eadbf226277488bfabfda2a01d\mcplayerinterop.ni.dll
+ 2012-04-11 08:34 . 2012-04-11 08:34 696320 c:\windows\assembly\NativeImages_v2.0.50727_64\mcGlidHostObj\7a2e04f455b793a14e9d1df5fdd93bf7\mcGlidHostObj.ni.dll
+ 2012-04-11 08:34 . 2012-04-11 08:34 659456 c:\windows\assembly\NativeImages_v2.0.50727_64\EventViewer\56c25b27b777af0b93999261cfeec0cd\EventViewer.ni.dll
+ 2012-04-11 08:33 . 2012-04-11 08:33 389120 c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\2c9f3eaa3e79d491c1e29ab58fdcc54a\ehExtHost.ni.exe
+ 2012-04-11 08:32 . 2012-04-11 08:32 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\d18f95503898b5d36f34b0c2872e3bf8\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dfc4c5fb2fd7cf7ef2ca7904ed8894cd\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c1cebbe0a603a48640715cc614a56e17\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7199c63efa6d23b6c1d6b9ff71c398b8\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6f253f7ba5f5f6c78b49e04ced9dd12a\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6dcc537cfbcba1817782f9e511c2e723\WindowsLive.Writer.Interop.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\56037ee13224135f0d3ee8880bbb33fc\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\33a88abae7d5ca2d8ead246bf37f50e1\WindowsLive.Writer.Api.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1b9c8bb92aacd9125d1e28ca09671a91\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1813db84c903f2ef58c0ba888a4facb8\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0d389bf5258c236e30054063334a45ee\WindowsLive.Writer.Controls.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\4725a5afe563175d731fa6b5c338803b\WindowsLive.Client.ni.dll
+ 2012-04-11 08:33 . 2012-04-11 08:33 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\688abb339fb8301c37b0889a0d01dfa3\WindowsFormsIntegration.ni.dll
+ 2012-04-11 08:33 . 2012-04-11 08:33 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\97d8bd8f21969a91b7c5171031250d1e\TaskScheduler.ni.dll
+ 2012-04-11 08:33 . 2012-04-11 08:33 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\2d9aab831590b771aa70cd6991f7af88\System.Web.Routing.ni.dll
+ 2012-04-11 08:33 . 2012-04-11 08:33 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\47e3f7fa0b07e85e269f2e152e0e5e29\System.Web.Extensions.Design.ni.dll
+ 2012-04-11 08:33 . 2012-04-11 08:33 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\3595f5769afb7d38aa5a05abef97364c\System.Web.Entity.ni.dll
+ 2012-04-11 08:33 . 2012-04-11 08:33 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\7485eeab1b46532b35d7ab5814a43a30\System.Web.Entity.Design.ni.dll
+ 2012-04-11 08:33 . 2012-04-11 08:33 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ec083a1d2f94e4c565545f9d090c5039\System.Web.DynamicData.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\88430faf21e241f93d02711e35173de6\System.Web.Abstractions.ni.dll
+ 2012-04-11 08:28 . 2012-04-11 08:28 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c2c7f68605a42caef1b7a19c51de58b4\System.ServiceProcess.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\69b1de7425d09eb9fe42f81882d2896e\System.Messaging.ni.dll
+ 2012-04-11 08:28 . 2012-04-11 08:28 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b64b898fd099d1644a8673137ac56011\System.Drawing.Design.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\2ffec892832457d3530d59a9da07324c\napsnap.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\1167a79ab309e2a4e6da2bd2dbea01a6\napinit.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\c83df01d683dbeb36be10218cc50ff03\MMCFxCommon.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\68842b507f3ad7fa603bf57c813c6a0c\Microsoft.ManagementConsole.ni.dll
+ 2012-04-11 08:31 . 2012-04-11 08:31 492544 c:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\08d989c6748bd53febbd8b5987a2b481\IAStorUtil.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\4e2b9e7e956dcee6a9721b57c8ccde60\EventViewer.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 254464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\380a1283ad9a74eb337feb276453a87f\ehExtHost32.ni.exe
+ 2012-04-10 22:03 . 2012-01-26 23:33 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-02-15 09:00 . 2011-12-14 02:57 1127424 c:\windows\SysWOW64\wininet.dll
+ 2012-04-11 08:01 . 2012-02-28 01:11 1127424 c:\windows\SysWOW64\wininet.dll
- 2012-02-15 09:00 . 2011-12-14 02:57 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-04-11 08:01 . 2012-02-28 01:12 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-04-11 08:01 . 2012-02-28 01:18 1799168 c:\windows\SysWOW64\jscript9.dll
- 2012-02-15 09:00 . 2011-12-14 02:52 1792000 c:\windows\SysWOW64\iertutil.dll
+ 2012-04-11 08:01 . 2012-02-28 01:04 1792000 c:\windows\SysWOW64\iertutil.dll
+ 2012-04-11 08:01 . 2012-02-28 01:27 9705984 c:\windows\SysWOW64\ieframe.dll
+ 2012-04-11 08:01 . 2012-02-28 06:49 1390080 c:\windows\system32\wininet.dll
- 2012-02-15 09:00 . 2011-12-14 07:04 1390080 c:\windows\system32\wininet.dll
+ 2012-04-11 08:01 . 2012-02-28 06:50 1345536 c:\windows\system32\urlmon.dll
- 2012-02-15 09:00 . 2011-12-14 07:04 1345536 c:\windows\system32\urlmon.dll
+ 2012-04-11 08:01 . 2012-02-28 06:56 2311168 c:\windows\system32\jscript9.dll
+ 2012-04-11 08:01 . 2012-02-28 06:43 2144256 c:\windows\system32\iertutil.dll
- 2012-02-15 09:00 . 2011-12-14 06:59 2144256 c:\windows\system32\iertutil.dll
- 2009-07-14 04:45 . 2012-04-01 00:38 7204521 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-04-11 08:29 7204521 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2012-03-25 08:59 . 2012-04-06 05:03 1356336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-25 08:59 . 2012-04-12 00:39 1356336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-10-28 16:09 . 2012-04-12 20:42 1144280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1247527095-1015957483-954240397-1001-12288.dat
+ 2012-04-11 08:07 . 2012-04-11 08:07 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-04-11 08:06 . 2012-04-11 08:06 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-02-28 09:03 . 2012-02-28 09:03 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-04-11 08:07 . 2012-04-11 08:07 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-04-11 08:05 . 2012-04-11 08:05 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-04-11 08:06 . 2012-04-11 08:06 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-04-11 08:05 . 2012-04-11 08:05 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-02-28 09:02 . 2012-02-28 09:02 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-04-11 08:05 . 2012-04-11 08:05 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-22 15:20 . 2012-01-22 15:20 1707520 c:\windows\Installer\19bbebd.msp
+ 2012-04-11 08:11 . 2012-04-11 08:11 5237248 c:\windows\assembly\NativeImages_v4.0.30319_64\WindowsBase\fb00cd7183b28470878a3b5687929a56\WindowsBase.ni.dll
+ 2012-04-11 08:13 . 2012-04-11 08:13 5645824 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Form#\80de3f9f56bed3e05ba97741905abddb\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-04-11 08:12 . 2012-04-11 08:12 1467392 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Printing\21c096f214db354198e2664473875f06\System.Printing.ni.dll
+ 2012-04-11 08:12 . 2012-04-11 08:12 2303488 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\9bcabb321026ee927401cbba73dff054\System.Drawing.ni.dll
+ 2012-04-11 08:12 . 2012-04-11 08:12 2403328 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\90ec5a09a2329a45554d79e0fd9fbbee\System.Deployment.ni.dll
+ 2012-04-11 08:13 . 2012-04-11 08:13 5048832 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Activities.P#\45d4a9fa235f5658f8c9b89f6a4f691f\System.Activities.Presentation.ni.dll
+ 2012-04-11 08:12 . 2012-04-11 08:12 4233216 c:\windows\assembly\NativeImages_v4.0.30319_64\ReachFramework\8ad595c3d0668d10777d8ce28b88cc7c\ReachFramework.ni.dll
+ 2012-04-11 08:12 . 2012-04-11 08:12 2056704 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationUI\cb31bfb24a52f83cf826c00979827ba6\PresentationUI.ni.dll
+ 2012-04-11 08:10 . 2012-04-11 08:10 1838080 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\96723fe4390cc2babaded28c43eff391\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-04-11 08:10 . 2012-04-11 08:10 2317312 c:\windows\assembly\NativeImages_v4.0.30319_64\Microsoft.VisualBas#\5281ac494089700d1c72c16478ab3363\Microsoft.VisualBasic.ni.dll
+ 2012-04-11 08:09 . 2012-04-11 08:09 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\02ea3ff3b5908b51da47e1aeb9e75b04\WindowsBase.ni.dll
+ 2012-04-11 08:14 . 2012-04-11 08:14 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\acae13e8725a0a5da6dcda3e309cb9d2\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-04-11 08:14 . 2012-04-11 08:14 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\7175344bfab919484674d37de776a82f\System.Printing.ni.dll
+ 2012-04-11 08:08 . 2012-04-11 08:08 1665536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c02325260bdcecd695a87bbb24547df2\System.Drawing.ni.dll
+ 2012-04-11 08:14 . 2012-04-11 08:14 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\d0ae88ebdc709e940fbd0c6bafcab13c\System.Deployment.ni.dll
+ 2012-04-11 08:14 . 2012-04-11 08:14 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\f4311e621d2bbf4de0d32bae765b1484\System.Activities.Presentation.ni.dll
+ 2012-04-11 08:14 . 2012-04-11 08:14 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\f4ab7bc19b981163de613143a1e1c997\ReachFramework.ni.dll
+ 2012-04-11 08:14 . 2012-04-11 08:14 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\3e896ba1c3cc8d62c267508dccd7aa5a\PresentationUI.ni.dll
+ 2012-04-11 08:14 . 2012-04-11 08:14 1136640 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\c078f61cba33cffc3d7648509f7a3b54\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-04-11 08:14 . 2012-04-11 08:14 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1f54c28f39e25b121c374480ad50d384\Microsoft.VisualBasic.ni.dll
+ 2012-04-11 08:35 . 2012-04-11 08:35 1818112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\8f4bee781d2709ba927b31c6bee8abce\System.WorkflowServices.ni.dll
+ 2012-04-11 08:31 . 2012-04-11 08:31 5957632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\d26e6d07c2e10bc55c2bfd2440ec14bc\System.Workflow.ComponentModel.ni.dll
+ 2012-04-11 08:31 . 2012-04-11 08:31 3895296 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\f044eaa5dc79454c4081bdbea81bf67e\System.Workflow.Activities.ni.dll
+ 2012-04-11 08:35 . 2012-04-11 08:35 3336704 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\57631b92442dcbaa782800614f11eed4\System.Web.Mobile.ni.dll
+ 2012-04-11 08:35 . 2012-04-11 08:35 3044352 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\f21b305ec2cacfd1737aba590508716a\System.Web.Extensions.ni.dll
+ 2012-04-11 08:35 . 2012-04-11 08:35 1155072 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\01e5bdd5a9c2db218cf64aff1875bf10\System.Web.Extensions.Design.ni.dll
+ 2012-04-11 08:30 . 2012-04-11 08:30 1463808 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\7e62d5f06809c96b0e957cc948d98d7c\System.Printing.ni.dll
+ 2012-04-11 08:29 . 2012-04-11 08:29 2317312 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\95d41ace5d8803b9318366ad5f0fbdff\System.Drawing.ni.dll
+ 2012-04-11 08:29 . 2012-04-11 08:29 2444288 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\7e705656ef1ee9078e0d51699d9e0858\System.Deployment.ni.dll
+ 2012-04-11 08:30 . 2012-04-11 08:30 3116032 c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\df3b4d20eaf81da80db9be811947e475\ReachFramework.ni.dll
+ 2012-04-11 08:30 . 2012-04-11 08:30 2109952 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\8e76dcfa3f4676022f95437037c8ad51\PresentationUI.ni.dll
+ 2012-04-11 08:35 . 2012-04-11 08:35 3601920 c:\windows\assembly\NativeImages_v2.0.50727_64\Narrator\92ab2a505e2b1e55887248752fc8791b\Narrator.ni.exe
+ 2012-04-11 08:35 . 2012-04-11 08:35 2327552 c:\windows\assembly\NativeImages_v2.0.50727_64\MMCEx\b843ee3c17f0b9d517f74f2fc2cef321\MMCEx.ni.dll
+ 2012-04-11 08:34 . 2012-04-11 08:34 7970304 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\ff499b53b4b43e5cf6175a7d95fb15ea\MIGUIControls.ni.dll
+ 2012-04-11 08:34 . 2012-04-11 08:34 2131968 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\a2368cca7264c3f047d16fefcb29ca66\Microsoft.VisualBasic.ni.dll
+ 2012-04-11 08:34 . 2012-04-11 08:34 5350912 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a365fda36604d8f8b6ea67667dc3dd46\Microsoft.PowerShell.Editor.ni.dll
+ 2012-04-11 08:34 . 2012-04-11 08:34 2176512 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\a1c24b217f836d73170c0f32b7dda5c2\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-04-11 08:33 . 2012-04-11 08:33 1516544 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\8dff78b6458b3995288e7e89aa7ae34a\Microsoft.MediaCenter.ni.dll
+ 2012-04-11 08:33 . 2012-04-11 08:33 8979456 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\88b7272ddb53920b927a7ef59fd3ad6a\Microsoft.MediaCenter.UI.ni.dll
+ 2012-04-11 08:34 . 2012-04-11 08:34 1508864 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\1225d00b36449afd4a4314eadcb8bf58\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-04-11 08:34 . 2012-04-11 08:34 2365952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Ink\9e91d7c4464a12eb7d2c174ffc56c168\Microsoft.Ink.ni.dll
+ 2012-04-11 08:34 . 2012-04-11 08:34 2218496 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\a67cf1480b9711c9e9da320bc5114879\Microsoft.Build.Tasks.ni.dll
+ 2012-04-11 08:34 . 2012-04-11 08:34 2682880 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Build.Tas#\7b5c7863043af7cd47dfb104c0fe6879\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-04-11 08:33 . 2012-04-11 08:33 2801664 c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\a1c741fa6d3e2635dd2a2a77890c87b5\mcstore.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ccd6bd76154a0c65e99ce3dfbfd99a77\WindowsLive.Writer.Localization.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 1285632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b92ca36379e0e7fcfe5ef1e28b5cd7cf\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 7025152 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5a0f0d8b2827bb43452046b47b5846a8\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\02ffe1a4f894782e139d2da83562dfb8\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-04-11 08:33 . 2012-04-11 08:33 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\d362f68d3bf954ba55a4494a659492af\System.WorkflowServices.ni.dll
+ 2012-04-11 08:28 . 2012-04-11 08:28 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6d2f8bad410dae6049507d7bc097a62d\System.Workflow.ComponentModel.ni.dll
+ 2012-04-11 08:28 . 2012-04-11 08:28 2995200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\31fd6842b7ccb502dc2f5f11c1f991bd\System.Workflow.Activities.ni.dll
+ 2012-04-11 08:33 . 2012-04-11 08:33 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\a118322b0f5ffc0e67c06658e8788e1d\System.Web.Mobile.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e6747d0470e8a42907df14af10862844\System.Web.Extensions.ni.dll
+ 2012-04-11 08:28 . 2012-04-11 08:28 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0b27d6da6e6bc319c3805435b818c1e5\System.Printing.ni.dll
+ 2012-04-11 08:27 . 2012-04-11 08:27 1590784 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
+ 2012-04-11 08:27 . 2012-04-11 08:27 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\e45611cad86870a7011bb18b9e993861\System.Deployment.ni.dll
+ 2012-04-11 08:28 . 2012-04-11 08:28 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\ffe872f5d03f8bf4d1e1aca71274aec4\ReachFramework.ni.dll
+ 2012-04-11 08:28 . 2012-04-11 08:28 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\167ae650f54f5cd46c07329972f179ad\PresentationUI.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\a61a4567bd8a09a0068db7fcc46151e1\Narrator.ni.exe
+ 2012-04-11 08:32 . 2012-04-11 08:32 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\a8ac3e062a13d75ff8d632bed75358b0\MMCEx.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\2a348513f0f83117bedeb39a7d10b034\MIGUIControls.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ce70b84dbb9970e1893672c5d430c80\Microsoft.VisualBasic.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a7364db379808ebdee5cd876d5af2656\Microsoft.PowerShell.Editor.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2a9dff80feb7cf8dbac17adb959159ca\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4a603d10666b9ee9487e7f0ce27c1c68\Microsoft.MediaCenter.UI.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\142b59a72b233db75ede02941b86291d\Microsoft.MediaCenter.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\ffc29e128c4ddebb991189d617ed1bf7\Microsoft.Ink.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\0c9d80e810caa6aeb85bd4d253281434\Microsoft.Build.Tasks.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\008b235de7df9c690e3f289f3c776eda\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-04-11 08:32 . 2012-04-11 08:32 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\227b7eaefe6ae6b78190516516793b4b\mcstore.ni.dll
+ 2012-04-11 08:01 . 2012-02-28 01:52 12281856 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2012-04-11 08:25 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-03-20 05:49 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-04-11 08:01 . 2012-02-28 07:34 17790976 c:\windows\system32\mshtml.dll
+ 2012-04-11 08:01 . 2012-02-28 07:02 10888704 c:\windows\system32\ieframe.dll
+ 2011-10-26 03:19 . 2012-04-12 20:42 16323524 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1247527095-1015957483-954240397-1001-8192.dat
+ 2012-04-11 08:12 . 2012-04-11 08:12 17353728 c:\windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\c80f2e11e938ed65b843f750add94b35\System.Windows.Forms.ni.dll
+ 2012-04-11 08:12 . 2012-04-11 08:12 24407040 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationFramewo#\b93196152e384bd43b9abf1e20c8d067\PresentationFramework.ni.dll
+ 2012-04-11 08:11 . 2012-04-11 08:11 15907328 c:\windows\assembly\NativeImages_v4.0.30319_64\PresentationCore\fc074b5198bd925a4f5b48403bba0e34\PresentationCore.ni.dll
+ 2012-04-11 08:09 . 2012-04-11 08:09 13197312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0b36565a61f83137806e71b287d81042\System.Windows.Forms.ni.dll
+ 2012-04-11 08:09 . 2012-04-11 08:09 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7786f3e95a399a8b6691170ae2fe0e1c\PresentationFramework.ni.dll
+ 2012-04-11 08:09 . 2012-04-11 08:09 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\239eba799555dbe10760ee80c8c8df7c\PresentationCore.ni.dll
+ 2012-04-11 08:29 . 2012-04-11 08:29 17379840 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\3466442b4168ba11787961fcfd410adf\System.Windows.Forms.ni.dll
+ 2012-04-11 08:30 . 2012-04-11 08:30 15270912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\79c8a2e836c01784bb8e3e2d0ed26850\System.Web.ni.dll
+ 2012-04-11 08:31 . 2012-04-11 08:31 13609472 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\552733f73f5483946cce9229b27bdcb2\System.Design.ni.dll
+ 2012-04-11 08:30 . 2012-04-11 08:30 19195392 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\b87e4cff3eb13680c55a5f4ee9786b56\PresentationFramework.ni.dll
+ 2012-04-11 08:29 . 2012-04-11 08:29 16540160 c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\1233412b58120995b639428b5e6d998e\PresentationCore.ni.dll
+ 2012-04-11 08:34 . 2012-04-11 08:34 25470976 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\d9a8c2b82b4370a5b0f537a65d867f49\ehshell.ni.dll
+ 2012-04-11 08:27 . 2012-04-11 08:27 12433408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
+ 2012-04-11 08:28 . 2012-04-11 08:28 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
+ 2012-04-11 08:28 . 2012-04-11 08:28 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\846a51eb446bee41a26a6914a95e38cd\System.Design.ni.dll
+ 2012-04-11 08:28 . 2012-04-11 08:28 14339072 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43e23da6683962ea1168aaf007bbc35d\PresentationFramework.ni.dll
+ 2012-04-11 08:27 . 2012-04-11 08:27 12234752 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74d980e52c1791f1b8608d767a393144\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-10-26 1242448]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-11-05 3077528]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2011-11-12 5960560]
"Akamai NetSession Interface"="c:\users\Kyle\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2007-02-16 282624]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
.
c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdcserv.exe [2007-05-25 34224]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120402.001\BHDrvx64.sys [2012-04-02 1160824]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120411.001\IDSvia64.sys [2012-03-17 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-05-06 263496]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-03-20 2425960]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe [2007-05-25 567216]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe [2011-04-17 130008]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-12 c:\windows\Tasks\HPCeeScheduleForKyle.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"lxdcmon.exe"="c:\program files (x86)\Lexmark 1300 Series\lxdcmon.exe" [BU]
"lxdcamon"="c:\program files (x86)\Lexmark 1300 Series\lxdcamon.exe" [2009-04-27 25256]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-08 1424896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-12-08 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-12-08 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-12-08 416024]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 4.2.2.2 8.8.8.8
TCP: Interfaces\{6793F14E-FF6D-4EF4-9B97-25F49B3DBF25}\E494557657563747: DhcpNameServer = 131.156.1.11 131.156.126.2
FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\o1kyaz0f.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=1097&systemid=1&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - 27e7d0f4-8045-46ab-b817-cf9a9de8df30
FF - user.js: extentions.y2layers.defaultEnableAppsList - PageRage/Ads,PageRage/Global,PageRageTeases,Buzzdock,BuzzDockTease,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-04-12 15:58:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-12 20:58
ComboFix2.txt 2012-04-11 00:13
ComboFix3.txt 2012-04-10 22:34
.
Pre-Run: 207,829,016,576 bytes free
Post-Run: 207,455,879,168 bytes free
.
- - End Of File - - 9367658F5A7B926D8C813B3815C3EBD6

#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:49 PM

Posted 12 April 2012 - 07:32 PM

Hello,

Please delete the copy of TDSSKiler you have and download a fresh copy.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 reikendude

reikendude
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 13 April 2012 - 08:49 AM

Still have the redirects.

TDSS:
20:04:03.0956 6268 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
20:04:04.0130 6268 ============================================================
20:04:04.0130 6268 Current date / time: 2012/04/12 20:04:04.0130
20:04:04.0130 6268 SystemInfo:
20:04:04.0130 6268
20:04:04.0130 6268 OS Version: 6.1.7601 ServicePack: 1.0
20:04:04.0130 6268 Product type: Workstation
20:04:04.0130 6268 ComputerName: QUINCY
20:04:04.0130 6268 UserName: Kyle
20:04:04.0130 6268 Windows directory: C:\Windows
20:04:04.0130 6268 System windows directory: C:\Windows
20:04:04.0130 6268 Running under WOW64
20:04:04.0130 6268 Processor architecture: Intel x64
20:04:04.0130 6268 Number of processors: 4
20:04:04.0130 6268 Page size: 0x1000
20:04:04.0130 6268 Boot type: Normal boot
20:04:04.0130 6268 ============================================================
20:04:05.0008 6268 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:04:05.0012 6268 Drive \Device\Harddisk1\DR1 - Size: 0xEEF00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:04:05.0014 6268 \Device\Harddisk0\DR0:
20:04:05.0015 6268 MBR used
20:04:05.0015 6268 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:04:05.0015 6268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37C6E000
20:04:05.0015 6268 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x37CD2000, BlocksNum 0x1EC4000
20:04:05.0015 6268 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x39B96000, BlocksNum 0x7EF830
20:04:05.0015 6268 \Device\Harddisk1\DR1:
20:04:05.0015 6268 MBR used
20:04:05.0015 6268 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x775800
20:04:05.0187 6268 Initialize success
20:04:05.0187 6268 ============================================================
20:04:06.0151 6204 ============================================================
20:04:06.0151 6204 Scan started
20:04:06.0151 6204 Mode: Manual;
20:04:06.0151 6204 ============================================================
20:04:07.0796 6204 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:04:07.0802 6204 1394ohci - ok
20:04:07.0854 6204 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:04:07.0861 6204 ACPI - ok
20:04:07.0921 6204 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:04:07.0924 6204 AcpiPmi - ok
20:04:07.0977 6204 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:04:07.0987 6204 adp94xx - ok
20:04:08.0069 6204 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:04:08.0091 6204 adpahci - ok
20:04:08.0191 6204 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:04:08.0197 6204 adpu320 - ok
20:04:08.0236 6204 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:04:08.0239 6204 AeLookupSvc - ok
20:04:08.0318 6204 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:04:08.0340 6204 AFD - ok
20:04:08.0403 6204 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:04:08.0407 6204 agp440 - ok
20:04:08.0460 6204 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:04:08.0462 6204 ALG - ok
20:04:08.0538 6204 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:04:08.0541 6204 aliide - ok
20:04:08.0553 6204 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:04:08.0556 6204 amdide - ok
20:04:08.0602 6204 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:04:08.0605 6204 AmdK8 - ok
20:04:08.0628 6204 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
20:04:08.0631 6204 AmdPPM - ok
20:04:08.0670 6204 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:04:08.0673 6204 amdsata - ok
20:04:08.0712 6204 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:04:08.0717 6204 amdsbs - ok
20:04:08.0747 6204 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:04:08.0749 6204 amdxata - ok
20:04:08.0797 6204 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:04:08.0800 6204 AppID - ok
20:04:08.0829 6204 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:04:08.0832 6204 AppIDSvc - ok
20:04:08.0851 6204 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:04:08.0853 6204 Appinfo - ok
20:04:08.0954 6204 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:04:08.0959 6204 Apple Mobile Device - ok
20:04:09.0052 6204 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:04:09.0071 6204 arc - ok
20:04:09.0119 6204 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:04:09.0123 6204 arcsas - ok
20:04:09.0178 6204 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:04:09.0181 6204 AsyncMac - ok
20:04:09.0229 6204 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:04:09.0233 6204 atapi - ok
20:04:09.0316 6204 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:04:09.0341 6204 AudioEndpointBuilder - ok
20:04:09.0368 6204 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:04:09.0376 6204 AudioSrv - ok
20:04:09.0475 6204 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:04:09.0479 6204 AxInstSV - ok
20:04:09.0565 6204 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:04:09.0575 6204 b06bdrv - ok
20:04:09.0691 6204 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:04:09.0698 6204 b57nd60a - ok
20:04:09.0754 6204 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
20:04:09.0760 6204 BBSvc - ok
20:04:09.0893 6204 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
20:04:09.0929 6204 BCM43XX - ok
20:04:09.0965 6204 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:04:09.0967 6204 BDESVC - ok
20:04:10.0012 6204 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:04:10.0014 6204 Beep - ok
20:04:10.0057 6204 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:04:10.0079 6204 BFE - ok
20:04:10.0259 6204 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120402.001\BHDrvx64.sys
20:04:10.0293 6204 BHDrvx64 - ok
20:04:10.0372 6204 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
20:04:10.0402 6204 BITS - ok
20:04:10.0446 6204 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
20:04:10.0449 6204 blbdrive - ok
20:04:10.0552 6204 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:04:10.0560 6204 Bonjour Service - ok
20:04:10.0650 6204 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:04:10.0655 6204 bowser - ok
20:04:10.0687 6204 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:04:10.0689 6204 BrFiltLo - ok
20:04:10.0716 6204 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:04:10.0719 6204 BrFiltUp - ok
20:04:10.0804 6204 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:04:10.0809 6204 BridgeMP - ok
20:04:10.0887 6204 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:04:10.0893 6204 Browser - ok
20:04:10.0952 6204 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:04:10.0961 6204 Brserid - ok
20:04:10.0987 6204 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:04:10.0989 6204 BrSerWdm - ok
20:04:11.0015 6204 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:04:11.0017 6204 BrUsbMdm - ok
20:04:11.0039 6204 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:04:11.0042 6204 BrUsbSer - ok
20:04:11.0067 6204 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:04:11.0069 6204 BTHMODEM - ok
20:04:11.0125 6204 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:04:11.0128 6204 bthserv - ok
20:04:11.0176 6204 catchme - ok
20:04:11.0268 6204 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:04:11.0271 6204 cdfs - ok
20:04:11.0319 6204 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:04:11.0324 6204 cdrom - ok
20:04:11.0410 6204 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:04:11.0414 6204 CertPropSvc - ok
20:04:11.0477 6204 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
20:04:11.0482 6204 circlass - ok
20:04:11.0514 6204 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:04:11.0521 6204 CLFS - ok
20:04:11.0592 6204 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:04:11.0596 6204 clr_optimization_v2.0.50727_32 - ok
20:04:11.0653 6204 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:04:11.0656 6204 clr_optimization_v2.0.50727_64 - ok
20:04:11.0792 6204 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:04:11.0799 6204 clr_optimization_v4.0.30319_32 - ok
20:04:11.0883 6204 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:04:11.0891 6204 clr_optimization_v4.0.30319_64 - ok
20:04:11.0958 6204 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
20:04:11.0961 6204 clwvd - ok
20:04:11.0995 6204 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
20:04:11.0998 6204 CmBatt - ok
20:04:12.0038 6204 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:04:12.0040 6204 cmdide - ok
20:04:12.0102 6204 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:04:12.0112 6204 CNG - ok
20:04:12.0192 6204 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
20:04:12.0195 6204 Compbatt - ok
20:04:12.0232 6204 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:04:12.0235 6204 CompositeBus - ok
20:04:12.0253 6204 COMSysApp - ok
20:04:12.0279 6204 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:04:12.0282 6204 crcdisk - ok
20:04:12.0337 6204 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:04:12.0342 6204 CryptSvc - ok
20:04:12.0423 6204 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:04:12.0433 6204 DcomLaunch - ok
20:04:12.0472 6204 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:04:12.0478 6204 defragsvc - ok
20:04:12.0543 6204 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:04:12.0549 6204 DfsC - ok
20:04:12.0807 6204 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:04:12.0817 6204 Dhcp - ok
20:04:12.0874 6204 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:04:12.0876 6204 discache - ok
20:04:12.0915 6204 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:04:12.0919 6204 Disk - ok
20:04:12.0980 6204 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:04:12.0986 6204 Dnscache - ok
20:04:13.0053 6204 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:04:13.0060 6204 dot3svc - ok
20:04:13.0190 6204 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
20:04:13.0212 6204 Dot4 - ok
20:04:13.0329 6204 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:04:13.0333 6204 Dot4Print - ok
20:04:13.0383 6204 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
20:04:13.0386 6204 dot4usb - ok
20:04:13.0424 6204 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:04:13.0429 6204 DPS - ok
20:04:13.0466 6204 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:04:13.0468 6204 drmkaud - ok
20:04:13.0509 6204 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:04:13.0537 6204 DXGKrnl - ok
20:04:13.0575 6204 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:04:13.0578 6204 EapHost - ok
20:04:13.0702 6204 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:04:13.0793 6204 ebdrv - ok
20:04:13.0941 6204 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:04:13.0964 6204 eeCtrl - ok
20:04:14.0053 6204 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:04:14.0057 6204 EFS - ok
20:04:14.0124 6204 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:04:14.0147 6204 ehRecvr - ok
20:04:14.0171 6204 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:04:14.0176 6204 ehSched - ok
20:04:14.0296 6204 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
20:04:14.0300 6204 ElbyCDIO - ok
20:04:14.0349 6204 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:04:14.0372 6204 elxstor - ok
20:04:14.0500 6204 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:04:14.0505 6204 EraserUtilRebootDrv - ok
20:04:14.0597 6204 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:04:14.0600 6204 ErrDev - ok
20:04:14.0712 6204 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:04:14.0722 6204 EventSystem - ok
20:04:14.0780 6204 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:04:14.0786 6204 exfat - ok
20:04:14.0820 6204 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:04:14.0826 6204 fastfat - ok
20:04:14.0893 6204 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:04:14.0916 6204 Fax - ok
20:04:14.0985 6204 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:04:14.0989 6204 fdc - ok
20:04:15.0111 6204 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:04:15.0113 6204 fdPHost - ok
20:04:15.0140 6204 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:04:15.0143 6204 FDResPub - ok
20:04:15.0192 6204 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:04:15.0195 6204 FileInfo - ok
20:04:15.0211 6204 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:04:15.0214 6204 Filetrace - ok
20:04:15.0292 6204 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:04:15.0315 6204 FLEXnet Licensing Service - ok
20:04:15.0402 6204 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:04:15.0406 6204 flpydisk - ok
20:04:15.0449 6204 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:04:15.0457 6204 FltMgr - ok
20:04:15.0518 6204 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:04:15.0548 6204 FontCache - ok
20:04:15.0614 6204 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:04:15.0617 6204 FontCache3.0.0.0 - ok
20:04:15.0671 6204 FPLService (26065327bb2aa358140381fc76520908) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
20:04:15.0677 6204 FPLService - ok
20:04:15.0745 6204 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:04:15.0749 6204 FsDepends - ok
20:04:15.0806 6204 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:04:15.0809 6204 Fs_Rec - ok
20:04:15.0867 6204 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:04:15.0873 6204 fvevol - ok
20:04:15.0911 6204 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:04:15.0914 6204 gagp30kx - ok
20:04:15.0993 6204 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
20:04:15.0999 6204 GamesAppService - ok
20:04:16.0125 6204 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:04:16.0129 6204 GEARAspiWDM - ok
20:04:16.0249 6204 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:04:16.0295 6204 gpsvc - ok
20:04:16.0393 6204 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
20:04:16.0397 6204 hamachi - ok
20:04:16.0545 6204 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
20:04:16.0612 6204 Hamachi2Svc - ok
20:04:16.0692 6204 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:04:16.0696 6204 hcw85cir - ok
20:04:16.0765 6204 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:04:16.0775 6204 HdAudAddService - ok
20:04:16.0869 6204 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:04:16.0872 6204 HDAudBus - ok
20:04:16.0908 6204 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:04:16.0911 6204 HidBatt - ok
20:04:16.0932 6204 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:04:16.0936 6204 HidBth - ok
20:04:16.0960 6204 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
20:04:16.0964 6204 HidIr - ok
20:04:16.0993 6204 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:04:16.0996 6204 hidserv - ok
20:04:17.0074 6204 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:04:17.0078 6204 HidUsb - ok
20:04:17.0109 6204 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:04:17.0113 6204 hkmsvc - ok
20:04:17.0140 6204 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:04:17.0147 6204 HomeGroupListener - ok
20:04:17.0174 6204 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:04:17.0180 6204 HomeGroupProvider - ok
20:04:17.0304 6204 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
20:04:17.0307 6204 HP Support Assistant Service - ok
20:04:17.0369 6204 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
20:04:17.0376 6204 HPClientSvc - ok
20:04:17.0442 6204 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
20:04:17.0447 6204 HPDrvMntSvc.exe - ok
20:04:17.0580 6204 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
20:04:17.0615 6204 hpqwmiex - ok
20:04:17.0800 6204 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:04:17.0805 6204 HpSAMD - ok
20:04:17.0870 6204 HPWMISVC (77c15d7e8f002a173eebff0b20cd697d) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
20:04:17.0872 6204 HPWMISVC - ok
20:04:17.0967 6204 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:04:18.0002 6204 HTTP - ok
20:04:18.0037 6204 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:04:18.0039 6204 hwpolicy - ok
20:04:18.0074 6204 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:04:18.0078 6204 i8042prt - ok
20:04:18.0134 6204 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\DRIVERS\iaStor.sys
20:04:18.0139 6204 iaStor - ok
20:04:18.0250 6204 IAStorDataMgrSvc (e79a8e33bd136d14bae1fa20eb2ef124) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
20:04:18.0251 6204 IAStorDataMgrSvc - ok
20:04:18.0349 6204 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:04:18.0359 6204 iaStorV - ok
20:04:18.0490 6204 IconMan_R (d3090576412ec63e0c6271d8b0974d73) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
20:04:18.0563 6204 IconMan_R - ok
20:04:18.0664 6204 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:04:18.0719 6204 idsvc - ok
20:04:18.0917 6204 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120412.001\IDSvia64.sys
20:04:18.0941 6204 IDSVia64 - ok
20:04:19.0315 6204 igfx (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:04:19.0572 6204 igfx - ok
20:04:19.0612 6204 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:04:19.0615 6204 iirsp - ok
20:04:19.0660 6204 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:04:19.0682 6204 IKEEXT - ok
20:04:19.0727 6204 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
20:04:19.0734 6204 IntcDAud - ok
20:04:19.0786 6204 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:04:19.0788 6204 intelide - ok
20:04:19.0820 6204 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:04:19.0822 6204 intelppm - ok
20:04:19.0863 6204 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:04:19.0867 6204 IPBusEnum - ok
20:04:19.0927 6204 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:04:19.0932 6204 IpFilterDriver - ok
20:04:19.0987 6204 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:04:19.0998 6204 iphlpsvc - ok
20:04:20.0083 6204 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:04:20.0087 6204 IPMIDRV - ok
20:04:20.0135 6204 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:04:20.0140 6204 IPNAT - ok
20:04:20.0242 6204 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
20:04:20.0276 6204 iPod Service - ok
20:04:20.0359 6204 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:04:20.0363 6204 IRENUM - ok
20:04:20.0392 6204 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:04:20.0396 6204 isapnp - ok
20:04:20.0442 6204 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:04:20.0448 6204 iScsiPrt - ok
20:04:20.0543 6204 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
20:04:20.0550 6204 jhi_service - ok
20:04:20.0659 6204 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:04:20.0663 6204 kbdclass - ok
20:04:20.0690 6204 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:04:20.0693 6204 kbdhid - ok
20:04:20.0744 6204 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:04:20.0745 6204 KeyIso - ok
20:04:20.0767 6204 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:04:20.0770 6204 KSecDD - ok
20:04:20.0790 6204 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:04:20.0795 6204 KSecPkg - ok
20:04:20.0832 6204 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:04:20.0834 6204 ksthunk - ok
20:04:20.0873 6204 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:04:20.0880 6204 KtmRm - ok
20:04:20.0918 6204 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:04:20.0925 6204 LanmanServer - ok
20:04:20.0962 6204 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:04:20.0966 6204 LanmanWorkstation - ok
20:04:21.0013 6204 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:04:21.0016 6204 lltdio - ok
20:04:21.0071 6204 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:04:21.0078 6204 lltdsvc - ok
20:04:21.0098 6204 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:04:21.0099 6204 lmhosts - ok
20:04:21.0181 6204 LMS (d75c4b4a8fe6d7fd74a7eecdbaec729f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:04:21.0196 6204 LMS - ok
20:04:21.0294 6204 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:04:21.0299 6204 LSI_FC - ok
20:04:21.0343 6204 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:04:21.0348 6204 LSI_SAS - ok
20:04:21.0389 6204 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:04:21.0395 6204 LSI_SAS2 - ok
20:04:21.0432 6204 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:04:21.0436 6204 LSI_SCSI - ok
20:04:21.0453 6204 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:04:21.0458 6204 luafv - ok
20:04:21.0527 6204 lxdcCATSCustConnectService (7e3198b66bdaea4db49c99d19ec6bc5a) C:\Windows\system32\spool\DRIVERS\x64\3\\lxdcserv.exe
20:04:21.0532 6204 lxdcCATSCustConnectService - ok
20:04:21.0543 6204 lxdc_device - ok
20:04:21.0574 6204 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:04:21.0602 6204 Mcx2Svc - ok
20:04:21.0648 6204 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:04:21.0651 6204 megasas - ok
20:04:21.0698 6204 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:04:21.0704 6204 MegaSR - ok
20:04:21.0734 6204 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
20:04:21.0737 6204 MEIx64 - ok
20:04:21.0769 6204 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:04:21.0773 6204 MMCSS - ok
20:04:21.0807 6204 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:04:21.0810 6204 Modem - ok
20:04:21.0830 6204 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:04:21.0830 6204 monitor - ok
20:04:21.0892 6204 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:04:21.0895 6204 mouclass - ok
20:04:21.0923 6204 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:04:21.0925 6204 mouhid - ok
20:04:21.0955 6204 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:04:21.0958 6204 mountmgr - ok
20:04:21.0988 6204 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:04:21.0993 6204 mpio - ok
20:04:22.0019 6204 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:04:22.0022 6204 mpsdrv - ok
20:04:22.0068 6204 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:04:22.0094 6204 MpsSvc - ok
20:04:22.0138 6204 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:04:22.0143 6204 MRxDAV - ok
20:04:22.0183 6204 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:04:22.0188 6204 mrxsmb - ok
20:04:22.0232 6204 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:04:22.0239 6204 mrxsmb10 - ok
20:04:22.0264 6204 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:04:22.0267 6204 mrxsmb20 - ok
20:04:22.0298 6204 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:04:22.0301 6204 msahci - ok
20:04:22.0336 6204 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:04:22.0341 6204 msdsm - ok
20:04:22.0369 6204 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:04:22.0374 6204 MSDTC - ok
20:04:22.0407 6204 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:04:22.0410 6204 Msfs - ok
20:04:22.0440 6204 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:04:22.0442 6204 mshidkmdf - ok
20:04:22.0473 6204 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:04:22.0476 6204 msisadrv - ok
20:04:22.0518 6204 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:04:22.0523 6204 MSiSCSI - ok
20:04:22.0531 6204 msiserver - ok
20:04:22.0583 6204 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:04:22.0586 6204 MSKSSRV - ok
20:04:22.0611 6204 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:04:22.0613 6204 MSPCLOCK - ok
20:04:22.0640 6204 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:04:22.0643 6204 MSPQM - ok
20:04:22.0677 6204 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:04:22.0684 6204 MsRPC - ok
20:04:22.0722 6204 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:04:22.0723 6204 mssmbios - ok
20:04:22.0766 6204 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:04:22.0768 6204 MSTEE - ok
20:04:22.0787 6204 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:04:22.0789 6204 MTConfig - ok
20:04:22.0821 6204 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:04:22.0823 6204 Mup - ok
20:04:22.0950 6204 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton 360\Engine\5.2.1.3\ccSvcHst.exe
20:04:22.0953 6204 N360 - ok
20:04:23.0040 6204 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:04:23.0062 6204 napagent - ok
20:04:23.0120 6204 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:04:23.0127 6204 NativeWifiP - ok
20:04:23.0313 6204 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120412.018\ENG64.SYS
20:04:23.0319 6204 NAVENG - ok
20:04:23.0478 6204 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120412.018\EX64.SYS
20:04:23.0564 6204 NAVEX15 - ok
20:04:23.0678 6204 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
20:04:23.0707 6204 NDIS - ok
20:04:23.0749 6204 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:04:23.0752 6204 NdisCap - ok
20:04:23.0777 6204 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:04:23.0780 6204 NdisTapi - ok
20:04:23.0802 6204 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:04:23.0805 6204 Ndisuio - ok
20:04:23.0831 6204 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:04:23.0835 6204 NdisWan - ok
20:04:23.0856 6204 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:04:23.0858 6204 NDProxy - ok
20:04:23.0917 6204 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
20:04:23.0920 6204 Net Driver HPZ12 - ok
20:04:23.0962 6204 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:04:23.0965 6204 NetBIOS - ok
20:04:23.0987 6204 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:04:23.0993 6204 NetBT - ok
20:04:24.0045 6204 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:04:24.0047 6204 Netlogon - ok
20:04:24.0081 6204 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:04:24.0088 6204 Netman - ok
20:04:24.0112 6204 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:04:24.0121 6204 netprofm - ok
20:04:24.0249 6204 netr28x (2f06e01de7a3e366185e65c41c9debf7) C:\Windows\system32\DRIVERS\netr28x.sys
20:04:24.0339 6204 netr28x - ok
20:04:24.0421 6204 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:04:24.0426 6204 NetTcpPortSharing - ok
20:04:24.0490 6204 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:04:24.0493 6204 nfrd960 - ok
20:04:24.0530 6204 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:04:24.0538 6204 NlaSvc - ok
20:04:24.0574 6204 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:04:24.0577 6204 Npfs - ok
20:04:24.0598 6204 npggsvc - ok
20:04:24.0611 6204 NPPTNT2 - ok
20:04:24.0646 6204 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:04:24.0649 6204 nsi - ok
20:04:24.0663 6204 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:04:24.0666 6204 nsiproxy - ok
20:04:24.0732 6204 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:04:24.0788 6204 Ntfs - ok
20:04:24.0815 6204 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:04:24.0817 6204 Null - ok
20:04:24.0848 6204 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
20:04:24.0855 6204 NVENETFD - ok
20:04:24.0888 6204 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:04:24.0892 6204 nvraid - ok
20:04:24.0935 6204 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:04:24.0941 6204 nvstor - ok
20:04:24.0977 6204 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:04:24.0980 6204 nv_agp - ok
20:04:25.0004 6204 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:04:25.0008 6204 ohci1394 - ok
20:04:25.0048 6204 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:04:25.0055 6204 p2pimsvc - ok
20:04:25.0077 6204 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:04:25.0086 6204 p2psvc - ok
20:04:25.0139 6204 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
20:04:25.0142 6204 Parport - ok
20:04:25.0170 6204 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:04:25.0174 6204 partmgr - ok
20:04:25.0212 6204 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:04:25.0217 6204 PcaSvc - ok
20:04:25.0249 6204 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:04:25.0254 6204 pci - ok
20:04:25.0276 6204 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:04:25.0278 6204 pciide - ok
20:04:25.0319 6204 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:04:25.0325 6204 pcmcia - ok
20:04:25.0342 6204 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:04:25.0345 6204 pcw - ok
20:04:25.0387 6204 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:04:25.0410 6204 PEAUTH - ok
20:04:25.0499 6204 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:04:25.0506 6204 PerfHost - ok
20:04:25.0594 6204 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:04:25.0630 6204 pla - ok
20:04:25.0699 6204 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:04:25.0722 6204 PlugPlay - ok
20:04:25.0829 6204 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
20:04:25.0833 6204 Pml Driver HPZ12 - ok
20:04:25.0861 6204 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:04:25.0866 6204 PNRPAutoReg - ok
20:04:25.0897 6204 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:04:25.0902 6204 PNRPsvc - ok
20:04:25.0941 6204 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:04:25.0963 6204 PolicyAgent - ok
20:04:26.0021 6204 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:04:26.0027 6204 Power - ok
20:04:26.0072 6204 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:04:26.0076 6204 PptpMiniport - ok
20:04:26.0110 6204 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:04:26.0112 6204 Processor - ok
20:04:26.0147 6204 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:04:26.0155 6204 ProfSvc - ok
20:04:26.0202 6204 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:04:26.0204 6204 ProtectedStorage - ok
20:04:26.0252 6204 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:04:26.0256 6204 Psched - ok
20:04:26.0378 6204 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:04:26.0433 6204 ql2300 - ok
20:04:26.0519 6204 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:04:26.0522 6204 ql40xx - ok
20:04:26.0566 6204 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:04:26.0573 6204 QWAVE - ok
20:04:26.0604 6204 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:04:26.0607 6204 QWAVEdrv - ok
20:04:26.0635 6204 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:04:26.0638 6204 RasAcd - ok
20:04:26.0675 6204 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:04:26.0677 6204 RasAgileVpn - ok
20:04:26.0717 6204 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:04:26.0722 6204 RasAuto - ok
20:04:26.0759 6204 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:04:26.0764 6204 Rasl2tp - ok
20:04:26.0794 6204 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:04:26.0801 6204 RasMan - ok
20:04:26.0822 6204 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:04:26.0825 6204 RasPppoe - ok
20:04:26.0852 6204 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:04:26.0855 6204 RasSstp - ok
20:04:26.0890 6204 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:04:26.0896 6204 rdbss - ok
20:04:26.0927 6204 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
20:04:26.0930 6204 rdpbus - ok
20:04:26.0955 6204 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:04:26.0958 6204 RDPCDD - ok
20:04:26.0992 6204 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:04:26.0994 6204 RDPENCDD - ok
20:04:27.0009 6204 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:04:27.0012 6204 RDPREFMP - ok
20:04:27.0056 6204 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:04:27.0062 6204 RDPWD - ok
20:04:27.0093 6204 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:04:27.0098 6204 rdyboost - ok
20:04:27.0145 6204 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:04:27.0150 6204 RemoteAccess - ok
20:04:27.0183 6204 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:04:27.0190 6204 RemoteRegistry - ok
20:04:27.0264 6204 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
20:04:27.0272 6204 RoxioNow Service - ok
20:04:27.0344 6204 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:04:27.0348 6204 RpcEptMapper - ok
20:04:27.0378 6204 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:04:27.0382 6204 RpcLocator - ok
20:04:27.0414 6204 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:04:27.0421 6204 RpcSs - ok
20:04:27.0493 6204 RSPCIESTOR (6e5c3d18c3bcc72aa527dbc5fa61ab8f) C:\Windows\system32\DRIVERS\RtsPStor.sys
20:04:27.0500 6204 RSPCIESTOR - ok
20:04:27.0534 6204 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:04:27.0538 6204 rspndr - ok
20:04:27.0638 6204 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:04:27.0661 6204 RTL8167 - ok
20:04:27.0709 6204 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:04:27.0711 6204 SamSs - ok
20:04:27.0737 6204 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:04:27.0740 6204 sbp2port - ok
20:04:27.0771 6204 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:04:27.0777 6204 SCardSvr - ok
20:04:27.0808 6204 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:04:27.0811 6204 scfilter - ok
20:04:27.0858 6204 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:04:27.0892 6204 Schedule - ok
20:04:27.0927 6204 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:04:27.0929 6204 SCPolicySvc - ok
20:04:27.0993 6204 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
20:04:27.0997 6204 sdbus - ok
20:04:28.0037 6204 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:04:28.0043 6204 SDRSVC - ok
20:04:28.0098 6204 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
20:04:28.0105 6204 SeaPort - ok
20:04:28.0194 6204 SecDrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\SECDRV.SYS
20:04:28.0198 6204 SecDrv - ok
20:04:28.0234 6204 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:04:28.0238 6204 seclogon - ok
20:04:28.0273 6204 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:04:28.0276 6204 SENS - ok
20:04:28.0306 6204 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:04:28.0310 6204 SensrSvc - ok
20:04:28.0351 6204 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
20:04:28.0354 6204 Serenum - ok
20:04:28.0382 6204 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
20:04:28.0386 6204 Serial - ok
20:04:28.0436 6204 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:04:28.0438 6204 sermouse - ok
20:04:28.0482 6204 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:04:28.0486 6204 SessionEnv - ok
20:04:28.0512 6204 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:04:28.0514 6204 sffdisk - ok
20:04:28.0538 6204 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:04:28.0540 6204 sffp_mmc - ok
20:04:28.0570 6204 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:04:28.0572 6204 sffp_sd - ok
20:04:28.0604 6204 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:04:28.0607 6204 sfloppy - ok
20:04:28.0671 6204 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:04:28.0679 6204 SharedAccess - ok
20:04:28.0715 6204 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:04:28.0722 6204 ShellHWDetection - ok
20:04:28.0762 6204 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:04:28.0765 6204 SiSRaid2 - ok
20:04:28.0806 6204 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:04:28.0809 6204 SiSRaid4 - ok
20:04:28.0913 6204 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:04:28.0918 6204 Smb - ok
20:04:28.0988 6204 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:04:28.0992 6204 SNMPTRAP - ok
20:04:29.0017 6204 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:04:29.0020 6204 spldr - ok
20:04:29.0050 6204 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:04:29.0159 6204 Spooler - ok
20:04:29.0277 6204 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:04:29.0390 6204 sppsvc - ok
20:04:29.0424 6204 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:04:29.0428 6204 sppuinotify - ok
20:04:29.0589 6204 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502010.003\SRTSP64.SYS
20:04:29.0622 6204 SRTSP - ok
20:04:29.0764 6204 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502010.003\SRTSPX64.SYS
20:04:29.0767 6204 SRTSPX - ok
20:04:29.0808 6204 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:04:29.0831 6204 srv - ok
20:04:29.0855 6204 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:04:29.0864 6204 srv2 - ok
20:04:29.0954 6204 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:04:29.0963 6204 SrvHsfHDA - ok
20:04:30.0011 6204 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:04:30.0044 6204 SrvHsfV92 - ok
20:04:30.0079 6204 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:04:30.0102 6204 SrvHsfWinac - ok
20:04:30.0177 6204 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:04:30.0182 6204 srvnet - ok
20:04:30.0216 6204 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:04:30.0222 6204 SSDPSRV - ok
20:04:30.0243 6204 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:04:30.0247 6204 SstpSvc - ok
20:04:30.0326 6204 STacSV (7bf818b11c1fedc3e76d233124470a30) C:\Program Files\IDT\WDM\STacSV64.exe
20:04:30.0332 6204 STacSV - ok
20:04:30.0381 6204 Steam Client Service - ok
20:04:30.0468 6204 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:04:30.0471 6204 stexstor - ok
20:04:30.0533 6204 STHDA (ebc1a5e076a9be314d3d9e8ed19abb0a) C:\Windows\system32\DRIVERS\stwrt64.sys
20:04:30.0556 6204 STHDA - ok
20:04:30.0642 6204 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:04:30.0665 6204 stisvc - ok
20:04:30.0704 6204 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:04:30.0707 6204 swenum - ok
20:04:30.0743 6204 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:04:30.0766 6204 swprv - ok
20:04:30.0868 6204 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502010.003\SYMDS64.SYS
20:04:30.0892 6204 SymDS - ok
20:04:31.0063 6204 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502010.003\SYMEFA64.SYS
20:04:31.0092 6204 SymEFA - ok
20:04:31.0207 6204 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:04:31.0214 6204 SymEvent - ok
20:04:31.0323 6204 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502010.003\Ironx64.SYS
20:04:31.0329 6204 SymIRON - ok
20:04:31.0489 6204 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0502010.003\SYMNETS.SYS
20:04:31.0500 6204 SymNetS - ok
20:04:31.0634 6204 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys
20:04:31.0694 6204 SynTP - ok
20:04:31.0770 6204 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:04:31.0826 6204 SysMain - ok
20:04:31.0899 6204 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:04:31.0906 6204 TabletInputService - ok
20:04:31.0965 6204 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:04:31.0974 6204 TapiSrv - ok
20:04:32.0009 6204 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:04:32.0013 6204 TBS - ok
20:04:32.0134 6204 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:04:32.0208 6204 Tcpip - ok
20:04:32.0333 6204 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:04:32.0351 6204 TCPIP6 - ok
20:04:32.0398 6204 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:04:32.0401 6204 tcpipreg - ok
20:04:32.0424 6204 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:04:32.0426 6204 TDPIPE - ok
20:04:32.0476 6204 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:04:32.0478 6204 TDTCP - ok
20:04:32.0505 6204 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:04:32.0508 6204 tdx - ok
20:04:32.0539 6204 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:04:32.0541 6204 TermDD - ok
20:04:32.0589 6204 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:04:32.0612 6204 TermService - ok
20:04:32.0629 6204 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:04:32.0633 6204 Themes - ok
20:04:32.0664 6204 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:04:32.0666 6204 THREADORDER - ok
20:04:32.0700 6204 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:04:32.0704 6204 TrkWks - ok
20:04:32.0743 6204 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:04:32.0747 6204 TrustedInstaller - ok
20:04:32.0791 6204 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:04:32.0794 6204 tssecsrv - ok
20:04:32.0827 6204 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:04:32.0830 6204 TsUsbFlt - ok
20:04:32.0864 6204 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:04:32.0867 6204 TsUsbGD - ok
20:04:32.0912 6204 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:04:32.0916 6204 tunnel - ok
20:04:32.0955 6204 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:04:32.0959 6204 uagp35 - ok
20:04:33.0053 6204 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:04:33.0063 6204 udfs - ok
20:04:33.0165 6204 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:04:33.0172 6204 UI0Detect - ok
20:04:33.0232 6204 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:04:33.0235 6204 uliagpkx - ok
20:04:33.0288 6204 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:04:33.0291 6204 umbus - ok
20:04:33.0356 6204 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:04:33.0359 6204 UmPass - ok
20:04:33.0476 6204 UNS (758c2ce427c343f780a205e28555c98d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:04:33.0587 6204 UNS - ok
20:04:33.0676 6204 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:04:33.0699 6204 upnphost - ok
20:04:33.0779 6204 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
20:04:33.0782 6204 USBAAPL64 - ok
20:04:33.0836 6204 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:04:33.0840 6204 usbccgp - ok
20:04:33.0871 6204 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:04:33.0874 6204 usbcir - ok
20:04:33.0904 6204 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:04:33.0906 6204 usbehci - ok
20:04:33.0947 6204 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:04:33.0955 6204 usbhub - ok
20:04:33.0983 6204 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:04:33.0986 6204 usbohci - ok
20:04:34.0034 6204 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:04:34.0037 6204 usbprint - ok
20:04:34.0099 6204 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:04:34.0102 6204 usbscan - ok
20:04:34.0142 6204 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:04:34.0146 6204 USBSTOR - ok
20:04:34.0180 6204 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:04:34.0184 6204 usbuhci - ok
20:04:34.0225 6204 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
20:04:34.0231 6204 usbvideo - ok
20:04:34.0262 6204 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:04:34.0266 6204 UxSms - ok
20:04:34.0280 6204 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:04:34.0281 6204 VaultSvc - ok
20:04:34.0347 6204 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
20:04:34.0351 6204 VClone - ok
20:04:34.0375 6204 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:04:34.0378 6204 vdrvroot - ok
20:04:34.0418 6204 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:04:34.0440 6204 vds - ok
20:04:34.0488 6204 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:04:34.0492 6204 vga - ok
20:04:34.0516 6204 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:04:34.0519 6204 VgaSave - ok
20:04:34.0562 6204 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:04:34.0568 6204 vhdmp - ok
20:04:34.0602 6204 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:04:34.0605 6204 viaide - ok
20:04:34.0635 6204 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:04:34.0638 6204 volmgr - ok
20:04:34.0726 6204 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:04:34.0735 6204 volmgrx - ok
20:04:34.0766 6204 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:04:34.0774 6204 volsnap - ok
20:04:34.0815 6204 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:04:34.0820 6204 vsmraid - ok
20:04:34.0885 6204 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:04:34.0930 6204 VSS - ok
20:04:34.0971 6204 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:04:34.0975 6204 vwifibus - ok
20:04:35.0065 6204 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:04:35.0068 6204 vwififlt - ok
20:04:35.0110 6204 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:04:35.0120 6204 W32Time - ok
20:04:35.0162 6204 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:04:35.0165 6204 WacomPen - ok
20:04:35.0204 6204 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:04:35.0209 6204 WANARP - ok
20:04:35.0215 6204 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:04:35.0217 6204 Wanarpv6 - ok
20:04:35.0347 6204 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:04:35.0423 6204 WatAdminSvc - ok
20:04:35.0508 6204 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:04:35.0553 6204 wbengine - ok
20:04:35.0602 6204 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:04:35.0608 6204 WbioSrvc - ok
20:04:35.0652 6204 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:04:35.0661 6204 wcncsvc - ok
20:04:35.0695 6204 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:04:35.0699 6204 WcsPlugInService - ok
20:04:35.0746 6204 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:04:35.0748 6204 Wd - ok
20:04:35.0801 6204 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:04:35.0823 6204 Wdf01000 - ok
20:04:35.0886 6204 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:04:35.0894 6204 WdiServiceHost - ok
20:04:35.0898 6204 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:04:35.0901 6204 WdiSystemHost - ok
20:04:35.0924 6204 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:04:35.0945 6204 WebClient - ok
20:04:35.0980 6204 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:04:35.0987 6204 Wecsvc - ok
20:04:36.0035 6204 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:04:36.0039 6204 wercplsupport - ok
20:04:36.0095 6204 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:04:36.0099 6204 WerSvc - ok
20:04:36.0167 6204 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:04:36.0170 6204 WfpLwf - ok
20:04:36.0186 6204 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:04:36.0189 6204 WIMMount - ok
20:04:36.0204 6204 WinDefend - ok
20:04:36.0211 6204 WinHttpAutoProxySvc - ok
20:04:36.0303 6204 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:04:36.0309 6204 Winmgmt - ok
20:04:36.0401 6204 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:04:36.0466 6204 WinRM - ok
20:04:36.0552 6204 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:04:36.0555 6204 WinUsb - ok
20:04:36.0601 6204 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:04:36.0635 6204 Wlansvc - ok
20:04:36.0689 6204 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:04:36.0692 6204 wlcrasvc - ok
20:04:36.0856 6204 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:04:36.0922 6204 wlidsvc - ok
20:04:37.0151 6204 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:04:37.0152 6204 WmiAcpi - ok
20:04:37.0237 6204 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:04:37.0244 6204 wmiApSrv - ok
20:04:37.0275 6204 WMPNetworkSvc - ok
20:04:37.0340 6204 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:04:37.0346 6204 WPCSvc - ok
20:04:37.0372 6204 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:04:37.0376 6204 WPDBusEnum - ok
20:04:37.0416 6204 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:04:37.0419 6204 ws2ifsl - ok
20:04:37.0445 6204 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:04:37.0449 6204 wscsvc - ok
20:04:37.0458 6204 WSearch - ok
20:04:37.0545 6204 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
20:04:37.0615 6204 wuauserv - ok
20:04:37.0672 6204 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:04:37.0675 6204 WudfPf - ok
20:04:37.0708 6204 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:04:37.0712 6204 WUDFRd - ok
20:04:37.0737 6204 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:04:37.0741 6204 wudfsvc - ok
20:04:37.0783 6204 WwanSvc (ce8cf9de9cbfdaa318bd04d8be3fcada) C:\Windows\System32\wwansvc.dll
20:04:37.0789 6204 WwanSvc - ok
20:04:37.0831 6204 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
20:04:37.0833 6204 xusb21 - ok
20:04:37.0879 6204 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:04:37.0981 6204 \Device\Harddisk0\DR0 - ok
20:04:37.0991 6204 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
20:04:37.0996 6204 \Device\Harddisk1\DR1 - ok
20:04:38.0002 6204 Boot (0x1200) (72d041b714864eb91835a84f12a9379d) \Device\Harddisk0\DR0\Partition0
20:04:38.0004 6204 \Device\Harddisk0\DR0\Partition0 - ok
20:04:38.0021 6204 Boot (0x1200) (9f0211928aa3ea36458dd0d371faa251) \Device\Harddisk0\DR0\Partition1
20:04:38.0024 6204 \Device\Harddisk0\DR0\Partition1 - ok
20:04:38.0058 6204 Boot (0x1200) (0aaac348775a76669cad82f665aa7be1) \Device\Harddisk0\DR0\Partition2
20:04:38.0062 6204 \Device\Harddisk0\DR0\Partition2 - ok
20:04:38.0111 6204 Boot (0x1200) (9f72307184e1a12e6562ba062ec9e62f) \Device\Harddisk0\DR0\Partition3
20:04:38.0113 6204 \Device\Harddisk0\DR0\Partition3 - ok
20:04:38.0121 6204 Boot (0x1200) (12ea2d13400874d1fba6d7393f1cf0e2) \Device\Harddisk1\DR1\Partition0
20:04:38.0124 6204 \Device\Harddisk1\DR1\Partition0 - ok
20:04:38.0125 6204 ============================================================
20:04:38.0125 6204 Scan finished
20:04:38.0125 6204 ============================================================
20:04:38.0147 4656 Detected object count: 0
20:04:38.0147 4656 Actual detected object count: 0
20:04:44.0756 1500 Deinitialize success

ESET:
C:\Program Files (x86)\Cheat Engine 6.1\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application cleaned by deleting - quarantined
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Supreme Commander 2\Trainer.exe a variant of Win32/HackTool.CheatEngine.AB application cleaned by deleting - quarantined
C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\A840.tmp.vir Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\A8CE.tmp.vir Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\Kyle\AppData\Local\Babylon\Setup\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\Kyle\Downloads\CheatEngine61.exe multiple threats deleted - quarantined
C:\Users\Kyle\Downloads\cnet2_SetupVirtualCloneDrive5450_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Kyle\Downloads\media.player.codec.pack.v4.1.2.setup.exe probably a variant of Win32/Toolbar.Widgi application deleted - quarantined
C:\Users\Kyle\Downloads\winamp5623_full_emusic-7plus_en-us.exe Win32/OpenCandy application deleted - quarantined
E:\QUINCY\Backup Set 2012-02-19 190002\Backup Files 2012-02-19 190002\Backup files 2.zip Win32/Toolbar.Babylon application deleted - quarantined




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users