Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect after TDSS killer ran successfully


  • This topic is locked This topic is locked
18 replies to this topic

#1 painaxl

painaxl

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 22 April 2012 - 09:42 PM

I'm working on a Toshiba laptop that I had most of the crap cleaned off of, but the Google redirect keeps coming back. I've run TDSS Killer multiple times; the first time it came back with two issues that it cured and deleted respectively, the second time (after a reboot) one more issue that was deleted and since then, it comes up with nothing though the redirect is still coming back. Not sure how to proceed. Any help would hugely appreciated.

Attached Files

  • Attached File  DDS.txt   21.07KB   1 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:55 PM

Posted 23 April 2012 - 12:18 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 painaxl

painaxl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 23 April 2012 - 08:16 PM

EDIT:

Scratch that. The google search was running swimmingly for a while, but after a few searches (I'd say about 6), I'm getting redirects again. Hopefully there's something in the combofix log that helps sort this out

Attached Files


Edited by painaxl, 23 April 2012 - 08:22 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:55 PM

Posted 23 April 2012 - 08:58 PM

Greetings

I need to know which browsers are redirecting
Firefox
chrome
internet explorer
check any that are installed

I know you have run TDSSKIller already but delete the one you have and download it fresh

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 painaxl

painaxl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 23 April 2012 - 10:41 PM

Downloaded and ran new TDSS killer, it found one problem and the solution was delete and restart. Log file:

23:10:27.0495 3340 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
23:10:28.0104 3340 ============================================================
23:10:28.0104 3340 Current date / time: 2012/04/23 23:10:28.0104
23:10:28.0104 3340 SystemInfo:
23:10:28.0104 3340
23:10:28.0104 3340 OS Version: 6.1.7601 ServicePack: 1.0
23:10:28.0104 3340 Product type: Workstation
23:10:28.0104 3340 ComputerName: PAVINXAVIE
23:10:28.0104 3340 UserName: PavNXav
23:10:28.0104 3340 Windows directory: C:\windows
23:10:28.0104 3340 System windows directory: C:\windows
23:10:28.0104 3340 Running under WOW64
23:10:28.0104 3340 Processor architecture: Intel x64
23:10:28.0104 3340 Number of processors: 4
23:10:28.0104 3340 Page size: 0x1000
23:10:28.0104 3340 Boot type: Normal boot
23:10:28.0104 3340 ============================================================
23:10:28.0587 3340 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:10:28.0603 3340 ============================================================
23:10:28.0603 3340 \Device\Harddisk0\DR0:
23:10:28.0603 3340 MBR partitions:
23:10:28.0603 3340 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48733000
23:10:28.0603 3340 ============================================================
23:10:28.0634 3340 C: <-> \Device\Harddisk0\DR0\Partition0
23:10:28.0634 3340 ============================================================
23:10:28.0634 3340 Initialize success
23:10:28.0634 3340 ============================================================
23:10:32.0441 0820 ============================================================
23:10:32.0441 0820 Scan started
23:10:32.0441 0820 Mode: Manual;
23:10:32.0441 0820 ============================================================
23:10:32.0878 0820 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
23:10:32.0878 0820 1394ohci - ok
23:10:32.0956 0820 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
23:10:32.0971 0820 ACPI - ok
23:10:33.0002 0820 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
23:10:33.0018 0820 AcpiPmi - ok
23:10:33.0112 0820 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:10:33.0112 0820 AdobeARMservice - ok
23:10:33.0268 0820 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:10:33.0283 0820 AdobeFlashPlayerUpdateSvc - ok
23:10:33.0361 0820 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
23:10:33.0361 0820 adp94xx - ok
23:10:33.0424 0820 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
23:10:33.0424 0820 adpahci - ok
23:10:33.0470 0820 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
23:10:33.0470 0820 adpu320 - ok
23:10:33.0533 0820 advservice (5f22132c9153639762708909f156b33d) C:\windows\system32\sglfb.dll
23:10:33.0533 0820 advservice ( Backdoor.Multi.ZAccess.gen ) - infected
23:10:33.0533 0820 advservice - detected Backdoor.Multi.ZAccess.gen (0)
23:10:33.0564 0820 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
23:10:33.0564 0820 AeLookupSvc - ok
23:10:33.0642 0820 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
23:10:33.0658 0820 AFD - ok
23:10:33.0704 0820 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
23:10:33.0704 0820 agp440 - ok
23:10:33.0751 0820 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
23:10:33.0751 0820 ALG - ok
23:10:33.0798 0820 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
23:10:33.0798 0820 aliide - ok
23:10:33.0814 0820 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
23:10:33.0814 0820 amdide - ok
23:10:33.0860 0820 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
23:10:33.0860 0820 AmdK8 - ok
23:10:33.0892 0820 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
23:10:33.0892 0820 AmdPPM - ok
23:10:33.0954 0820 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
23:10:33.0970 0820 amdsata - ok
23:10:34.0001 0820 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
23:10:34.0001 0820 amdsbs - ok
23:10:34.0048 0820 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
23:10:34.0048 0820 amdxata - ok
23:10:34.0126 0820 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
23:10:34.0126 0820 AppID - ok
23:10:34.0157 0820 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
23:10:34.0157 0820 AppIDSvc - ok
23:10:34.0204 0820 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
23:10:34.0219 0820 Appinfo - ok
23:10:34.0328 0820 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:10:34.0328 0820 Apple Mobile Device - ok
23:10:34.0406 0820 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
23:10:34.0406 0820 arc - ok
23:10:34.0438 0820 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
23:10:34.0453 0820 arcsas - ok
23:10:34.0640 0820 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:10:34.0687 0820 aspnet_state - ok
23:10:34.0750 0820 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
23:10:34.0750 0820 AsyncMac - ok
23:10:34.0765 0820 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
23:10:34.0765 0820 atapi - ok
23:10:34.0828 0820 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
23:10:34.0843 0820 AudioEndpointBuilder - ok
23:10:34.0859 0820 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
23:10:34.0874 0820 AudioSrv - ok
23:10:34.0921 0820 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
23:10:34.0921 0820 AxInstSV - ok
23:10:34.0968 0820 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
23:10:34.0984 0820 b06bdrv - ok
23:10:35.0015 0820 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
23:10:35.0030 0820 b57nd60a - ok
23:10:35.0186 0820 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
23:10:35.0186 0820 BBSvc - ok
23:10:35.0249 0820 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
23:10:35.0249 0820 BBUpdate - ok
23:10:35.0280 0820 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
23:10:35.0280 0820 BDESVC - ok
23:10:35.0327 0820 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
23:10:35.0327 0820 Beep - ok
23:10:35.0405 0820 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
23:10:35.0420 0820 BFE - ok
23:10:35.0498 0820 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
23:10:35.0514 0820 BITS - ok
23:10:35.0561 0820 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
23:10:35.0576 0820 blbdrive - ok
23:10:35.0654 0820 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:10:35.0670 0820 Bonjour Service - ok
23:10:35.0717 0820 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
23:10:35.0717 0820 bowser - ok
23:10:35.0764 0820 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
23:10:35.0764 0820 BrFiltLo - ok
23:10:35.0779 0820 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
23:10:35.0795 0820 BrFiltUp - ok
23:10:35.0857 0820 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
23:10:35.0857 0820 BridgeMP - ok
23:10:35.0904 0820 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
23:10:35.0920 0820 Browser - ok
23:10:35.0951 0820 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
23:10:35.0966 0820 Brserid - ok
23:10:35.0982 0820 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
23:10:35.0998 0820 BrSerWdm - ok
23:10:36.0044 0820 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
23:10:36.0044 0820 BrUsbMdm - ok
23:10:36.0044 0820 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
23:10:36.0044 0820 BrUsbSer - ok
23:10:36.0076 0820 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
23:10:36.0076 0820 BTHMODEM - ok
23:10:36.0138 0820 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
23:10:36.0138 0820 bthserv - ok
23:10:36.0169 0820 catchme - ok
23:10:36.0216 0820 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
23:10:36.0232 0820 cdfs - ok
23:10:36.0278 0820 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
23:10:36.0294 0820 cdrom - ok
23:10:36.0341 0820 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
23:10:36.0341 0820 CertPropSvc - ok
23:10:36.0388 0820 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
23:10:36.0388 0820 circlass - ok
23:10:36.0419 0820 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
23:10:36.0434 0820 CLFS - ok
23:10:36.0497 0820 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:10:36.0497 0820 clr_optimization_v2.0.50727_32 - ok
23:10:36.0528 0820 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:10:36.0544 0820 clr_optimization_v2.0.50727_64 - ok
23:10:36.0668 0820 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:10:36.0793 0820 clr_optimization_v4.0.30319_32 - ok
23:10:36.0902 0820 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:10:36.0949 0820 clr_optimization_v4.0.30319_64 - ok
23:10:36.0996 0820 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
23:10:36.0996 0820 CmBatt - ok
23:10:37.0012 0820 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
23:10:37.0012 0820 cmdide - ok
23:10:37.0074 0820 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
23:10:37.0074 0820 CNG - ok
23:10:37.0105 0820 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
23:10:37.0105 0820 Compbatt - ok
23:10:37.0136 0820 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
23:10:37.0136 0820 CompositeBus - ok
23:10:37.0152 0820 COMSysApp - ok
23:10:37.0183 0820 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
23:10:37.0183 0820 crcdisk - ok
23:10:37.0246 0820 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
23:10:37.0246 0820 CryptSvc - ok
23:10:37.0370 0820 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:10:37.0386 0820 cvhsvc - ok
23:10:37.0464 0820 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
23:10:37.0464 0820 DcomLaunch - ok
23:10:37.0542 0820 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
23:10:37.0542 0820 defragsvc - ok
23:10:37.0698 0820 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
23:10:37.0698 0820 DfsC - ok
23:10:37.0776 0820 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
23:10:37.0792 0820 Dhcp - ok
23:10:37.0838 0820 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
23:10:37.0838 0820 discache - ok
23:10:37.0916 0820 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
23:10:37.0916 0820 Disk - ok
23:10:37.0979 0820 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
23:10:37.0979 0820 Dnscache - ok
23:10:38.0072 0820 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
23:10:38.0072 0820 dot3svc - ok
23:10:38.0119 0820 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
23:10:38.0119 0820 DPS - ok
23:10:38.0166 0820 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
23:10:38.0166 0820 drmkaud - ok
23:10:38.0244 0820 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
23:10:38.0260 0820 DXGKrnl - ok
23:10:38.0291 0820 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
23:10:38.0291 0820 EapHost - ok
23:10:38.0447 0820 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
23:10:38.0540 0820 ebdrv - ok
23:10:38.0634 0820 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
23:10:38.0634 0820 EFS - ok
23:10:38.0712 0820 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
23:10:38.0728 0820 ehRecvr - ok
23:10:38.0759 0820 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
23:10:38.0759 0820 ehSched - ok
23:10:38.0821 0820 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
23:10:38.0837 0820 elxstor - ok
23:10:38.0852 0820 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
23:10:38.0868 0820 ErrDev - ok
23:10:38.0930 0820 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
23:10:38.0930 0820 EventSystem - ok
23:10:38.0962 0820 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
23:10:38.0962 0820 exfat - ok
23:10:39.0008 0820 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
23:10:39.0024 0820 fastfat - ok
23:10:39.0086 0820 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
23:10:39.0102 0820 Fax - ok
23:10:39.0133 0820 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
23:10:39.0149 0820 fdc - ok
23:10:39.0164 0820 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
23:10:39.0164 0820 fdPHost - ok
23:10:39.0180 0820 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
23:10:39.0180 0820 FDResPub - ok
23:10:39.0227 0820 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
23:10:39.0227 0820 FileInfo - ok
23:10:39.0242 0820 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
23:10:39.0242 0820 Filetrace - ok
23:10:39.0258 0820 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
23:10:39.0258 0820 flpydisk - ok
23:10:39.0289 0820 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
23:10:39.0289 0820 FltMgr - ok
23:10:39.0367 0820 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
23:10:39.0383 0820 FontCache - ok
23:10:39.0445 0820 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:10:39.0461 0820 FontCache3.0.0.0 - ok
23:10:39.0508 0820 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
23:10:39.0508 0820 FsDepends - ok
23:10:39.0554 0820 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
23:10:39.0554 0820 Fs_Rec - ok
23:10:39.0586 0820 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
23:10:39.0586 0820 fvevol - ok
23:10:39.0617 0820 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
23:10:39.0617 0820 gagp30kx - ok
23:10:39.0710 0820 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
23:10:39.0726 0820 GamesAppService - ok
23:10:39.0773 0820 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
23:10:39.0773 0820 GEARAspiWDM - ok
23:10:39.0820 0820 GFNEXSrv (fa07ec01952729ddddc5bf4bae06b09e) C:\Windows\System32\GFNEXSrv.exe
23:10:39.0820 0820 GFNEXSrv - ok
23:10:39.0929 0820 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
23:10:39.0944 0820 gpsvc - ok
23:10:40.0007 0820 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:10:40.0007 0820 gupdate - ok
23:10:40.0038 0820 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:10:40.0038 0820 gupdatem - ok
23:10:40.0085 0820 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:10:40.0085 0820 gusvc - ok
23:10:40.0147 0820 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
23:10:40.0147 0820 hcw85cir - ok
23:10:40.0194 0820 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
23:10:40.0210 0820 HdAudAddService - ok
23:10:40.0241 0820 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
23:10:40.0241 0820 HDAudBus - ok
23:10:40.0256 0820 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
23:10:40.0256 0820 HidBatt - ok
23:10:40.0303 0820 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
23:10:40.0303 0820 HidBth - ok
23:10:40.0334 0820 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
23:10:40.0334 0820 HidIr - ok
23:10:40.0366 0820 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
23:10:40.0366 0820 hidserv - ok
23:10:40.0412 0820 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
23:10:40.0412 0820 HidUsb - ok
23:10:40.0444 0820 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
23:10:40.0444 0820 hkmsvc - ok
23:10:40.0475 0820 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
23:10:40.0475 0820 HomeGroupListener - ok
23:10:40.0537 0820 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
23:10:40.0537 0820 HomeGroupProvider - ok
23:10:40.0568 0820 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
23:10:40.0568 0820 HpSAMD - ok
23:10:40.0631 0820 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
23:10:40.0631 0820 HTTP - ok
23:10:40.0678 0820 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
23:10:40.0678 0820 hwpolicy - ok
23:10:40.0724 0820 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
23:10:40.0724 0820 i8042prt - ok
23:10:40.0818 0820 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
23:10:40.0818 0820 iaStor - ok
23:10:40.0896 0820 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
23:10:40.0896 0820 iaStorV - ok
23:10:41.0036 0820 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:10:41.0052 0820 idsvc - ok
23:10:41.0567 0820 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\windows\system32\DRIVERS\igdkmd64.sys
23:10:41.0863 0820 igfx - ok
23:10:41.0972 0820 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
23:10:41.0972 0820 iirsp - ok
23:10:42.0035 0820 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
23:10:42.0050 0820 IKEEXT - ok
23:10:42.0206 0820 IntcAzAudAddService (028e40182a6f0374978c755f85b9f07c) C:\windows\system32\drivers\RTKVHD64.sys
23:10:42.0238 0820 IntcAzAudAddService - ok
23:10:42.0347 0820 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
23:10:42.0347 0820 IntcDAud - ok
23:10:42.0378 0820 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
23:10:42.0378 0820 intelide - ok
23:10:42.0409 0820 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
23:10:42.0409 0820 intelppm - ok
23:10:42.0440 0820 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
23:10:42.0456 0820 IPBusEnum - ok
23:10:42.0472 0820 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
23:10:42.0487 0820 IpFilterDriver - ok
23:10:42.0550 0820 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
23:10:42.0550 0820 iphlpsvc - ok
23:10:42.0565 0820 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
23:10:42.0565 0820 IPMIDRV - ok
23:10:42.0596 0820 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
23:10:42.0596 0820 IPNAT - ok
23:10:42.0721 0820 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
23:10:42.0737 0820 iPod Service - ok
23:10:42.0784 0820 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
23:10:42.0784 0820 IRENUM - ok
23:10:42.0799 0820 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
23:10:42.0799 0820 isapnp - ok
23:10:42.0830 0820 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
23:10:42.0830 0820 iScsiPrt - ok
23:10:42.0877 0820 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
23:10:42.0877 0820 kbdclass - ok
23:10:42.0908 0820 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
23:10:42.0908 0820 kbdhid - ok
23:10:42.0940 0820 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:10:42.0940 0820 KeyIso - ok
23:10:42.0971 0820 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
23:10:42.0971 0820 KSecDD - ok
23:10:42.0986 0820 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
23:10:43.0002 0820 KSecPkg - ok
23:10:43.0049 0820 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
23:10:43.0049 0820 ksthunk - ok
23:10:43.0096 0820 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
23:10:43.0096 0820 KtmRm - ok
23:10:43.0142 0820 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
23:10:43.0158 0820 LanmanServer - ok
23:10:43.0174 0820 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
23:10:43.0189 0820 LanmanWorkstation - ok
23:10:43.0236 0820 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
23:10:43.0236 0820 lltdio - ok
23:10:43.0283 0820 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
23:10:43.0298 0820 lltdsvc - ok
23:10:43.0314 0820 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
23:10:43.0314 0820 lmhosts - ok
23:10:43.0423 0820 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:10:43.0423 0820 LMS - ok
23:10:43.0454 0820 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
23:10:43.0470 0820 LSI_FC - ok
23:10:43.0501 0820 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
23:10:43.0501 0820 LSI_SAS - ok
23:10:43.0517 0820 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
23:10:43.0517 0820 LSI_SAS2 - ok
23:10:43.0548 0820 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
23:10:43.0548 0820 LSI_SCSI - ok
23:10:43.0579 0820 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
23:10:43.0595 0820 luafv - ok
23:10:43.0626 0820 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
23:10:43.0626 0820 Mcx2Svc - ok
23:10:43.0673 0820 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
23:10:43.0673 0820 megasas - ok
23:10:43.0720 0820 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
23:10:43.0720 0820 MegaSR - ok
23:10:43.0798 0820 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
23:10:43.0798 0820 MEIx64 - ok
23:10:43.0844 0820 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
23:10:43.0844 0820 MMCSS - ok
23:10:43.0891 0820 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
23:10:43.0891 0820 Modem - ok
23:10:43.0907 0820 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
23:10:43.0907 0820 monitor - ok
23:10:43.0938 0820 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
23:10:43.0938 0820 mouclass - ok
23:10:43.0954 0820 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
23:10:43.0954 0820 mouhid - ok
23:10:43.0985 0820 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
23:10:43.0985 0820 mountmgr - ok
23:10:44.0000 0820 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
23:10:44.0016 0820 mpio - ok
23:10:44.0047 0820 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
23:10:44.0047 0820 mpsdrv - ok
23:10:44.0141 0820 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
23:10:44.0156 0820 MpsSvc - ok
23:10:44.0188 0820 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
23:10:44.0188 0820 MRxDAV - ok
23:10:44.0219 0820 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
23:10:44.0219 0820 mrxsmb - ok
23:10:44.0266 0820 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
23:10:44.0266 0820 mrxsmb10 - ok
23:10:44.0281 0820 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
23:10:44.0281 0820 mrxsmb20 - ok
23:10:44.0312 0820 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
23:10:44.0312 0820 msahci - ok
23:10:44.0344 0820 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
23:10:44.0344 0820 msdsm - ok
23:10:44.0406 0820 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
23:10:44.0422 0820 MSDTC - ok
23:10:44.0484 0820 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
23:10:44.0484 0820 Msfs - ok
23:10:44.0515 0820 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
23:10:44.0515 0820 mshidkmdf - ok
23:10:44.0515 0820 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
23:10:44.0515 0820 msisadrv - ok
23:10:44.0609 0820 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
23:10:44.0624 0820 MSiSCSI - ok
23:10:44.0624 0820 msiserver - ok
23:10:44.0718 0820 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
23:10:44.0718 0820 MSKSSRV - ok
23:10:44.0749 0820 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
23:10:44.0749 0820 MSPCLOCK - ok
23:10:44.0765 0820 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
23:10:44.0765 0820 MSPQM - ok
23:10:44.0796 0820 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
23:10:44.0796 0820 MsRPC - ok
23:10:44.0827 0820 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
23:10:44.0827 0820 mssmbios - ok
23:10:44.0874 0820 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
23:10:44.0874 0820 MSTEE - ok
23:10:44.0921 0820 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
23:10:44.0921 0820 MTConfig - ok
23:10:44.0952 0820 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
23:10:44.0952 0820 Mup - ok
23:10:45.0046 0820 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
23:10:45.0061 0820 napagent - ok
23:10:45.0170 0820 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
23:10:45.0170 0820 NativeWifiP - ok
23:10:45.0248 0820 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
23:10:45.0264 0820 NDIS - ok
23:10:45.0326 0820 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
23:10:45.0326 0820 NdisCap - ok
23:10:45.0389 0820 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
23:10:45.0389 0820 NdisTapi - ok
23:10:45.0451 0820 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
23:10:45.0451 0820 Ndisuio - ok
23:10:45.0514 0820 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
23:10:45.0514 0820 NdisWan - ok
23:10:45.0560 0820 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
23:10:45.0560 0820 NDProxy - ok
23:10:45.0592 0820 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
23:10:45.0592 0820 NetBIOS - ok
23:10:45.0638 0820 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
23:10:45.0638 0820 NetBT - ok
23:10:45.0810 0820 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:10:45.0826 0820 Netlogon - ok
23:10:45.0888 0820 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
23:10:45.0888 0820 Netman - ok
23:10:46.0216 0820 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:10:46.0262 0820 NetMsmqActivator - ok
23:10:46.0278 0820 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:10:46.0278 0820 NetPipeActivator - ok
23:10:46.0387 0820 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
23:10:46.0403 0820 netprofm - ok
23:10:46.0403 0820 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:10:46.0403 0820 NetTcpActivator - ok
23:10:46.0418 0820 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:10:46.0418 0820 NetTcpPortSharing - ok
23:10:46.0481 0820 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
23:10:46.0496 0820 nfrd960 - ok
23:10:46.0559 0820 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
23:10:46.0559 0820 NlaSvc - ok
23:10:46.0652 0820 Norton PC Checkup Application Launcher - ok
23:10:46.0668 0820 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
23:10:46.0668 0820 Npfs - ok
23:10:46.0699 0820 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
23:10:46.0699 0820 nsi - ok
23:10:46.0746 0820 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
23:10:46.0746 0820 nsiproxy - ok
23:10:46.0840 0820 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
23:10:46.0871 0820 Ntfs - ok
23:10:46.0980 0820 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
23:10:46.0980 0820 Null - ok
23:10:47.0011 0820 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
23:10:47.0027 0820 nvraid - ok
23:10:47.0042 0820 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
23:10:47.0058 0820 nvstor - ok
23:10:47.0089 0820 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
23:10:47.0089 0820 nv_agp - ok
23:10:47.0120 0820 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
23:10:47.0120 0820 ohci1394 - ok
23:10:47.0198 0820 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:10:47.0198 0820 ose - ok
23:10:47.0479 0820 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:10:47.0620 0820 osppsvc - ok
23:10:47.0729 0820 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
23:10:47.0729 0820 p2pimsvc - ok
23:10:47.0854 0820 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
23:10:47.0854 0820 p2psvc - ok
23:10:47.0932 0820 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
23:10:47.0932 0820 Parport - ok
23:10:47.0947 0820 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
23:10:47.0947 0820 partmgr - ok
23:10:47.0994 0820 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
23:10:48.0010 0820 PcaSvc - ok
23:10:48.0103 0820 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
23:10:48.0103 0820 PCCUJobMgr - ok
23:10:48.0150 0820 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
23:10:48.0150 0820 pci - ok
23:10:48.0181 0820 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
23:10:48.0181 0820 pciide - ok
23:10:48.0212 0820 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
23:10:48.0212 0820 pcmcia - ok
23:10:48.0228 0820 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
23:10:48.0228 0820 pcw - ok
23:10:48.0290 0820 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
23:10:48.0290 0820 PEAUTH - ok
23:10:48.0368 0820 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
23:10:48.0368 0820 PerfHost - ok
23:10:48.0431 0820 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
23:10:48.0431 0820 PGEffect - ok
23:10:48.0540 0820 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
23:10:48.0556 0820 pla - ok
23:10:48.0634 0820 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
23:10:48.0649 0820 PlugPlay - ok
23:10:48.0665 0820 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
23:10:48.0680 0820 PNRPAutoReg - ok
23:10:48.0712 0820 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
23:10:48.0727 0820 PNRPsvc - ok
23:10:48.0790 0820 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
23:10:48.0790 0820 PolicyAgent - ok
23:10:48.0836 0820 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
23:10:48.0852 0820 Power - ok
23:10:48.0914 0820 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
23:10:48.0914 0820 PptpMiniport - ok
23:10:48.0977 0820 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
23:10:48.0977 0820 Processor - ok
23:10:49.0024 0820 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
23:10:49.0039 0820 ProfSvc - ok
23:10:49.0102 0820 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:10:49.0102 0820 ProtectedStorage - ok
23:10:49.0273 0820 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
23:10:49.0273 0820 Psched - ok
23:10:49.0492 0820 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
23:10:49.0538 0820 ql2300 - ok
23:10:49.0632 0820 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
23:10:49.0632 0820 ql40xx - ok
23:10:49.0710 0820 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
23:10:49.0710 0820 QWAVE - ok
23:10:49.0772 0820 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
23:10:49.0772 0820 QWAVEdrv - ok
23:10:49.0819 0820 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
23:10:49.0835 0820 RasAcd - ok
23:10:49.0897 0820 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
23:10:49.0897 0820 RasAgileVpn - ok
23:10:50.0006 0820 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
23:10:50.0022 0820 RasAuto - ok
23:10:50.0100 0820 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
23:10:50.0100 0820 Rasl2tp - ok
23:10:50.0178 0820 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
23:10:50.0178 0820 RasMan - ok
23:10:50.0256 0820 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
23:10:50.0256 0820 RasPppoe - ok
23:10:50.0350 0820 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
23:10:50.0365 0820 RasSstp - ok
23:10:50.0521 0820 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
23:10:50.0537 0820 rdbss - ok
23:10:50.0584 0820 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
23:10:50.0584 0820 rdpbus - ok
23:10:50.0599 0820 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
23:10:50.0599 0820 RDPCDD - ok
23:10:50.0630 0820 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
23:10:50.0630 0820 RDPENCDD - ok
23:10:50.0662 0820 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
23:10:50.0662 0820 RDPREFMP - ok
23:10:50.0740 0820 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
23:10:50.0740 0820 RDPWD - ok
23:10:50.0802 0820 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
23:10:50.0802 0820 rdyboost - ok
23:10:50.0927 0820 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
23:10:50.0942 0820 RemoteAccess - ok
23:10:51.0005 0820 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
23:10:51.0005 0820 RemoteRegistry - ok
23:10:51.0036 0820 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
23:10:51.0036 0820 RpcEptMapper - ok
23:10:51.0083 0820 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
23:10:51.0083 0820 RpcLocator - ok
23:10:51.0145 0820 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
23:10:51.0161 0820 RpcSs - ok
23:10:51.0254 0820 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
23:10:51.0254 0820 rspndr - ok
23:10:51.0379 0820 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
23:10:51.0379 0820 RSUSBSTOR - ok
23:10:51.0457 0820 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\windows\system32\DRIVERS\Rt64win7.sys
23:10:51.0457 0820 RTL8167 - ok
23:10:51.0613 0820 RTL8192Ce (e7d79600575f755614dd5d79b044d588) C:\windows\system32\DRIVERS\rtl8192Ce.sys
23:10:51.0629 0820 RTL8192Ce - ok
23:10:51.0660 0820 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:10:51.0660 0820 SamSs - ok
23:10:51.0707 0820 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
23:10:51.0707 0820 sbp2port - ok
23:10:51.0956 0820 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
23:10:51.0988 0820 SBSDWSCService - ok
23:10:52.0034 0820 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
23:10:52.0034 0820 SCardSvr - ok
23:10:52.0097 0820 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
23:10:52.0097 0820 scfilter - ok
23:10:52.0222 0820 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
23:10:52.0284 0820 Schedule - ok
23:10:52.0315 0820 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
23:10:52.0315 0820 SCPolicySvc - ok
23:10:52.0378 0820 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
23:10:52.0393 0820 SDRSVC - ok
23:10:52.0471 0820 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
23:10:52.0471 0820 secdrv - ok
23:10:52.0534 0820 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
23:10:52.0534 0820 seclogon - ok
23:10:52.0565 0820 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
23:10:52.0565 0820 SENS - ok
23:10:52.0596 0820 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
23:10:52.0596 0820 SensrSvc - ok
23:10:52.0643 0820 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
23:10:52.0643 0820 Serenum - ok
23:10:52.0674 0820 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
23:10:52.0674 0820 Serial - ok
23:10:52.0783 0820 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
23:10:52.0783 0820 sermouse - ok
23:10:52.0861 0820 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
23:10:52.0877 0820 SessionEnv - ok
23:10:52.0877 0820 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
23:10:52.0877 0820 sffdisk - ok
23:10:52.0924 0820 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
23:10:52.0924 0820 sffp_mmc - ok
23:10:52.0939 0820 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
23:10:52.0939 0820 sffp_sd - ok
23:10:52.0970 0820 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
23:10:52.0970 0820 sfloppy - ok
23:10:53.0142 0820 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
23:10:53.0142 0820 Sftfs - ok
23:10:53.0329 0820 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:10:53.0329 0820 sftlist - ok
23:10:53.0392 0820 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
23:10:53.0407 0820 Sftplay - ok
23:10:53.0454 0820 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
23:10:53.0454 0820 Sftredir - ok
23:10:53.0485 0820 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
23:10:53.0485 0820 Sftvol - ok
23:10:53.0532 0820 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:10:53.0532 0820 sftvsa - ok
23:10:53.0610 0820 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
23:10:53.0626 0820 SharedAccess - ok
23:10:53.0704 0820 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
23:10:53.0719 0820 ShellHWDetection - ok
23:10:53.0782 0820 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
23:10:53.0782 0820 SiSRaid2 - ok
23:10:53.0875 0820 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
23:10:53.0875 0820 SiSRaid4 - ok
23:10:53.0953 0820 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
23:10:53.0953 0820 SkypeUpdate - ok
23:10:54.0000 0820 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
23:10:54.0000 0820 Smb - ok
23:10:54.0094 0820 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
23:10:54.0094 0820 SNMPTRAP - ok
23:10:54.0172 0820 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
23:10:54.0187 0820 spldr - ok
23:10:54.0265 0820 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
23:10:54.0281 0820 Spooler - ok
23:10:54.0764 0820 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
23:10:54.0827 0820 sppsvc - ok
23:10:55.0045 0820 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
23:10:55.0045 0820 sppuinotify - ok
23:10:55.0170 0820 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
23:10:55.0170 0820 srv - ok
23:10:55.0264 0820 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
23:10:55.0295 0820 srv2 - ok
23:10:55.0342 0820 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
23:10:55.0342 0820 srvnet - ok
23:10:55.0420 0820 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
23:10:55.0420 0820 SSDPSRV - ok
23:10:55.0466 0820 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
23:10:55.0466 0820 SstpSvc - ok
23:10:55.0513 0820 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
23:10:55.0513 0820 stexstor - ok
23:10:55.0591 0820 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
23:10:55.0591 0820 StillCam - ok
23:10:55.0716 0820 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
23:10:55.0747 0820 stisvc - ok
23:10:55.0794 0820 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
23:10:55.0794 0820 swenum - ok
23:10:55.0919 0820 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
23:10:55.0934 0820 swprv - ok
23:10:56.0231 0820 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
23:10:56.0246 0820 SynTP - ok
23:10:56.0652 0820 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
23:10:56.0714 0820 SysMain - ok
23:10:56.0933 0820 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
23:10:56.0933 0820 TabletInputService - ok
23:10:56.0995 0820 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
23:10:57.0011 0820 TapiSrv - ok
23:10:57.0042 0820 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
23:10:57.0042 0820 TBS - ok
23:10:57.0588 0820 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
23:10:57.0635 0820 Tcpip - ok
23:10:58.0040 0820 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
23:10:58.0072 0820 TCPIP6 - ok
23:10:58.0196 0820 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
23:10:58.0196 0820 tcpipreg - ok
23:10:58.0228 0820 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
23:10:58.0228 0820 tdcmdpst - ok
23:10:58.0259 0820 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
23:10:58.0259 0820 TDPIPE - ok
23:10:58.0368 0820 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
23:10:58.0368 0820 TDTCP - ok
23:10:58.0446 0820 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
23:10:58.0446 0820 tdx - ok
23:10:58.0462 0820 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
23:10:58.0462 0820 TermDD - ok
23:10:58.0633 0820 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
23:10:58.0742 0820 TermService - ok
23:10:58.0805 0820 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
23:10:58.0805 0820 Themes - ok
23:10:58.0867 0820 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
23:10:58.0867 0820 THREADORDER - ok
23:10:58.0961 0820 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
23:10:58.0961 0820 TMachInfo - ok
23:10:59.0569 0820 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
23:10:59.0569 0820 TODDSrv - ok
23:10:59.0819 0820 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
23:10:59.0850 0820 TosCoSrv - ok
23:11:00.0022 0820 TOSHIBA eco Utility Service (63aafcf3ea5dbb17123e0bae9afe4d58) C:\Program Files\TOSHIBA\TECO\TecoService.exe
23:11:00.0022 0820 TOSHIBA eco Utility Service - ok
23:11:00.0100 0820 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
23:11:00.0100 0820 TOSHIBA HDD SSD Alert Service - ok
23:11:00.0412 0820 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
23:11:00.0412 0820 tos_sps64 - ok
23:11:00.0536 0820 TPCHSrv (098b8a408c17e125a3d9a8e1166780c8) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
23:11:00.0568 0820 TPCHSrv - ok
23:11:00.0739 0820 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
23:11:00.0739 0820 TrkWks - ok
23:11:00.0770 0820 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
23:11:00.0786 0820 TrustedInstaller - ok
23:11:00.0864 0820 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
23:11:00.0864 0820 tssecsrv - ok
23:11:00.0895 0820 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
23:11:00.0895 0820 TsUsbFlt - ok
23:11:00.0926 0820 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
23:11:00.0926 0820 TsUsbGD - ok
23:11:00.0973 0820 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
23:11:00.0989 0820 tunnel - ok
23:11:01.0036 0820 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
23:11:01.0036 0820 TVALZ - ok
23:11:01.0067 0820 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
23:11:01.0067 0820 TVALZFL - ok
23:11:01.0098 0820 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
23:11:01.0098 0820 uagp35 - ok
23:11:01.0145 0820 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
23:11:01.0145 0820 udfs - ok
23:11:01.0238 0820 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
23:11:01.0254 0820 UI0Detect - ok
23:11:01.0285 0820 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
23:11:01.0285 0820 uliagpkx - ok
23:11:01.0348 0820 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
23:11:01.0348 0820 umbus - ok
23:11:01.0379 0820 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
23:11:01.0379 0820 UmPass - ok
23:11:01.0925 0820 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:11:02.0034 0820 UNS - ok
23:11:02.0268 0820 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
23:11:02.0284 0820 upnphost - ok
23:11:02.0424 0820 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
23:11:02.0440 0820 USBAAPL64 - ok
23:11:02.0564 0820 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
23:11:02.0596 0820 usbccgp - ok
23:11:02.0689 0820 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
23:11:02.0720 0820 usbcir - ok
23:11:02.0736 0820 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
23:11:02.0752 0820 usbehci - ok
23:11:02.0814 0820 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
23:11:02.0830 0820 usbhub - ok
23:11:02.0892 0820 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
23:11:02.0892 0820 usbohci - ok
23:11:02.0892 0820 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
23:11:02.0908 0820 usbprint - ok
23:11:02.0923 0820 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
23:11:02.0939 0820 USBSTOR - ok
23:11:02.0954 0820 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
23:11:02.0954 0820 usbuhci - ok
23:11:03.0048 0820 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
23:11:03.0048 0820 usbvideo - ok
23:11:03.0095 0820 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
23:11:03.0095 0820 UxSms - ok
23:11:03.0157 0820 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
23:11:03.0157 0820 VaultSvc - ok
23:11:03.0188 0820 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
23:11:03.0204 0820 vdrvroot - ok
23:11:03.0485 0820 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
23:11:03.0516 0820 vds - ok
23:11:03.0610 0820 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
23:11:03.0625 0820 vga - ok
23:11:03.0625 0820 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
23:11:03.0625 0820 VgaSave - ok
23:11:03.0656 0820 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
23:11:03.0672 0820 vhdmp - ok
23:11:03.0688 0820 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
23:11:03.0688 0820 viaide - ok
23:11:03.0734 0820 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
23:11:03.0734 0820 volmgr - ok
23:11:03.0797 0820 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
23:11:03.0812 0820 volmgrx - ok
23:11:03.0859 0820 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
23:11:03.0875 0820 volsnap - ok
23:11:03.0937 0820 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
23:11:03.0937 0820 vsmraid - ok
23:11:04.0124 0820 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
23:11:04.0202 0820 VSS - ok
23:11:04.0436 0820 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
23:11:04.0436 0820 vwifibus - ok
23:11:04.0468 0820 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
23:11:04.0468 0820 vwififlt - ok
23:11:04.0514 0820 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
23:11:04.0530 0820 W32Time - ok
23:11:04.0561 0820 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
23:11:04.0561 0820 WacomPen - ok
23:11:04.0608 0820 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
23:11:04.0608 0820 WANARP - ok
23:11:04.0624 0820 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
23:11:04.0624 0820 Wanarpv6 - ok
23:11:04.0748 0820 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
23:11:04.0764 0820 WatAdminSvc - ok
23:11:04.0889 0820 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
23:11:04.0920 0820 wbengine - ok
23:11:05.0154 0820 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
23:11:05.0154 0820 WbioSrvc - ok
23:11:05.0201 0820 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
23:11:05.0216 0820 wcncsvc - ok
23:11:05.0263 0820 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
23:11:05.0263 0820 WcsPlugInService - ok
23:11:05.0326 0820 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
23:11:05.0326 0820 Wd - ok
23:11:05.0404 0820 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
23:11:05.0419 0820 Wdf01000 - ok
23:11:05.0450 0820 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
23:11:05.0450 0820 WdiServiceHost - ok
23:11:05.0450 0820 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
23:11:05.0466 0820 WdiSystemHost - ok
23:11:05.0497 0820 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
23:11:05.0497 0820 WebClient - ok
23:11:05.0560 0820 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
23:11:05.0560 0820 Wecsvc - ok
23:11:05.0575 0820 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
23:11:05.0591 0820 wercplsupport - ok
23:11:05.0622 0820 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
23:11:05.0638 0820 WerSvc - ok
23:11:05.0747 0820 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
23:11:05.0747 0820 WfpLwf - ok
23:11:05.0762 0820 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
23:11:05.0762 0820 WIMMount - ok
23:11:05.0856 0820 WinDefend - ok
23:11:05.0872 0820 WinHttpAutoProxySvc - ok
23:11:06.0028 0820 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
23:11:06.0028 0820 Winmgmt - ok
23:11:06.0230 0820 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
23:11:06.0277 0820 WinRM - ok
23:11:06.0418 0820 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
23:11:06.0418 0820 WinUsb - ok
23:11:06.0480 0820 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
23:11:06.0496 0820 Wlansvc - ok
23:11:06.0574 0820 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:11:06.0574 0820 wlcrasvc - ok
23:11:06.0698 0820 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:11:06.0730 0820 wlidsvc - ok
23:11:06.0839 0820 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
23:11:06.0839 0820 WmiAcpi - ok
23:11:06.0901 0820 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
23:11:06.0917 0820 wmiApSrv - ok
23:11:06.0964 0820 WMPNetworkSvc - ok
23:11:06.0995 0820 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
23:11:06.0995 0820 WPCSvc - ok
23:11:07.0026 0820 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
23:11:07.0026 0820 WPDBusEnum - ok
23:11:07.0057 0820 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
23:11:07.0057 0820 ws2ifsl - ok
23:11:07.0088 0820 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
23:11:07.0104 0820 wscsvc - ok
23:11:07.0104 0820 WSearch - ok
23:11:07.0229 0820 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
23:11:07.0260 0820 wuauserv - ok
23:11:07.0369 0820 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
23:11:07.0369 0820 WudfPf - ok
23:11:07.0416 0820 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
23:11:07.0416 0820 WUDFRd - ok
23:11:07.0463 0820 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
23:11:07.0463 0820 wudfsvc - ok
23:11:07.0510 0820 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
23:11:07.0510 0820 WwanSvc - ok
23:11:07.0572 0820 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
23:11:07.0634 0820 \Device\Harddisk0\DR0 - ok
23:11:07.0650 0820 Boot (0x1200) (2423424004f267d537af242b28a7f4ed) \Device\Harddisk0\DR0\Partition0
23:11:07.0650 0820 \Device\Harddisk0\DR0\Partition0 - ok
23:11:07.0650 0820 ============================================================
23:11:07.0650 0820 Scan finished
23:11:07.0650 0820 ============================================================
23:11:07.0666 2020 Detected object count: 1
23:11:07.0666 2020 Actual detected object count: 1
23:11:18.0211 2020 C:\windows\system32\sglfb.dll - copied to quarantine
23:11:18.0211 2020 HKLM\SYSTEM\ControlSet001\services\advservice - will be deleted on reboot
23:11:18.0242 2020 HKLM\SYSTEM\ControlSet002\services\advservice - will be deleted on reboot
23:11:18.0383 2020 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
23:11:18.0445 2020 C:\windows\system32\sglfb.dll - will be deleted on reboot
23:11:18.0445 2020 advservice ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
23:11:37.0867 4636 Deinitialize success

----

Ran aswMBR which found four infected files. I did NOT click fix and am posting the log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-23 23:13:55
-----------------------------
23:13:55.783 OS Version: Windows x64 6.1.7601 Service Pack 1
23:13:55.783 Number of processors: 4 586 0x2A07
23:13:55.783 ComputerName: PAVINXAVIE UserName: PavNXav
23:13:57.952 Initialize success
23:15:42.908 AVAST engine defs: 12042301
23:16:45.698 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:16:45.713 Disk 0 Vendor: TOSHIBA_ GT00 Size: 610480MB BusType: 3
23:16:45.729 Disk 0 MBR read successfully
23:16:45.729 Disk 0 MBR scan
23:16:45.745 Disk 0 Windows VISTA default MBR code
23:16:45.760 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
23:16:45.776 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 593510 MB offset 3074048
23:16:45.823 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 15469 MB offset 1218582528
23:16:45.885 Disk 0 scanning C:\windows\system32\drivers
23:16:56.836 Service scanning
23:17:33.403 Modules scanning
23:17:33.418 Disk 0 trace - called modules:
23:17:33.465 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
23:17:33.481 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800607d060]
23:17:33.481 3 CLASSPNP.SYS[fffff8800186c43f] -> nt!IofCallDriver -> [0xfffffa80041faa10]
23:17:33.496 5 ACPI.sys[fffff88000f1d7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800455f050]
23:17:35.134 AVAST engine scan C:\windows
23:17:38.878 AVAST engine scan C:\windows\system32
23:17:49.767 File: C:\windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
23:20:02.617 File: C:\windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
23:20:04.863 File: C:\windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
23:21:44.391 File: C:\windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
23:21:47.901 AVAST engine scan C:\windows\system32\drivers
23:22:12.320 AVAST engine scan C:\Users\PavNXav
23:24:31.067 AVAST engine scan C:\ProgramData
23:24:59.490 Scan finished successfully
23:25:14.918 Disk 0 MBR has been saved successfully to "C:\Users\PavNXav\Desktop\MBR.dat"
23:25:14.934 The log file has been saved successfully to "C:\Users\PavNXav\Desktop\aswMBR.txt"

----

After both of these have run (aswMBR is still open), Firefox, Chrome and IE are all currently NOT redirecting, but I'm a little gunshy after last time.
Ready for the next move.
Thanks again for your help.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:55 PM

Posted 23 April 2012 - 10:58 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 painaxl

painaxl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 23 April 2012 - 11:24 PM

Ran FRST

Here's the log:

Scan result of Farbar Recovery Scan Tool Version: 22-04-2012
Ran by SYSTEM at 24-04-2012 00:20:45
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [167704 2011-10-07] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [392472 2011-10-07] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [416024 2011-10-07] (Intel Corporation)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12558440 2011-07-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2226280 2011-06-03] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKU\PavNXav\...\Run: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1AI0C49705NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1 [2672488 2011-05-25] (Hewlett-Packard Co.)
HKU\PavNXav\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-29] (Skype Technologies S.A.)
HKU\PavNXav\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\PavNXav\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\PavNXav\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-12-10] (Google Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253088 2012-04-22] (Adobe Systems Incorporated)
2 BBSvc; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [193816 2012-02-10] (Microsoft Corporation.)
3 BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [240408 2012-02-10] (Microsoft Corporation.)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
2 grmnusb; C:\Windows\System32\win32sl.dll [6656 2011-03-01] (Oak Technology Inc.)
2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe /s [123320 2011-07-19] (Symantec Corporation)
2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll" /prefetch:1 [132984 2011-07-19] (Symantec Corporation)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [158856 2012-02-29] (Skype Technologies)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)

========================== Drivers (Whitelisted) =============

3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 RTL8192Ce; C:\Windows\System32\Drivers\RTL8192Ce.sys [1103464 2010-11-02] (Realtek Semiconductor Corporation )
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2009-07-13] (Microsoft Corporation)
3 TsUsbGD; C:\Windows\System32\Drivers\TsUsbGD.sys [31232 2010-11-20] (Microsoft Corporation)
1 wvmavqgz; C:\Windows\System32\Drivers\wvmavqgz.sys [50000 2012-04-23] (Microsoft Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: grmnusb

============ One Month Created Files and Folders ==============

2012-04-23 19:38 - 2010-11-20 19:23 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wvmavqgz.sys
2012-04-23 19:25 - 2012-04-23 19:04 - 0002415 ____A C:\Users\PavNXav\Desktop\aswMBR.txt
2012-04-23 19:25 - 2012-04-23 19:03 - 0000512 ____A C:\Users\PavNXav\Desktop\MBR.dat
2012-04-23 19:10 - 2012-04-22 15:42 - 0129504 ____A C:\TDSSKiller.2.7.32.0_23.04.2012_23.10.27_log.txt
2012-04-23 19:10 - 2012-02-15 22:03 - 2073648 ____A (Kaspersky Lab ZAO) C:\Users\PavNXav\Desktop\hgf83jr.exe
2012-04-23 19:09 - - 4731392 ____A (AVAST Software) C:\Users\PavNXav\Desktop\aswMBR.exe
2012-04-23 16:56 - - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-23 04:45 - 2011-11-03 02:36 - 0019506 ____A C:\ComboFix.txt
2012-04-23 04:40 - 2012-04-23 04:40 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-23 04:40 - 2012-04-23 04:40 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-23 04:40 - 2012-04-23 04:40 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-23 04:40 - 2012-04-23 04:40 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-23 04:40 - 2011-06-25 22:45 - 0000546 ____A C:\Windows\PFRO.log
2012-04-23 04:40 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-23 04:40 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-23 04:40 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-23 04:40 - 2009-07-13 18:34 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-23 04:39 - 2012-04-23 04:39 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-23 04:39 - 2012-02-05 23:09 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-23 04:30 - 2012-04-23 04:38 - 0000000 ____D C:\Qoobox
2012-04-23 04:30 - 2012-04-22 15:16 - 0208896 ____A C:\Windows\MBR.exe
2012-04-23 04:30 - 2011-12-10 16:35 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-04-23 04:30 - 2010-11-20 23:19 - 0080412 ____A C:\Windows\grep.exe
2012-04-23 04:30 - 2010-11-20 23:06 - 0000000 ____D C:\Windows\ERDNT
2012-04-23 04:30 - 2009-07-13 21:32 - 0256000 ____A C:\Windows\PEV.exe
2012-04-23 04:30 - 2009-07-13 19:20 - 0098816 ____A C:\Windows\sed.exe
2012-04-23 04:30 - 2009-07-13 17:39 - 0068096 ____A C:\Windows\zip.exe
2012-04-23 04:30 - 2009-06-10 12:31 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-23 04:30 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-23 04:28 - 2012-04-23 19:25 - 0879714 ____A C:\Users\PavNXav\Desktop\SecurityCheck.exe
2012-04-23 04:28 - 2012-03-11 13:29 - 4472002 ____R (Swearware) C:\Users\PavNXav\Desktop\ComboFix.exe
2012-04-22 18:38 - 2012-04-23 19:25 - 0006149 ____A C:\Users\PavNXav\Desktop\Attach.txt
2012-04-22 18:38 - 2012-04-22 15:35 - 0021578 ____A C:\Users\PavNXav\Desktop\DDS.txt
2012-04-22 15:42 - 2012-04-22 15:40 - 0125982 ____A C:\TDSSKiller.2.7.31.0_22.04.2012_19.42.06_log.txt
2012-04-22 15:39 - 2012-04-22 15:30 - 0125982 ____A C:\TDSSKiller.2.7.31.0_22.04.2012_19.39.28_log.txt
2012-04-22 15:29 - 2012-04-22 15:25 - 0127340 ____A C:\TDSSKiller.2.7.31.0_22.04.2012_19.29.36_log.txt
2012-04-22 15:26 - 2012-04-23 19:12 - 0000000 ____A C:\Windows\setuperr.log
2012-04-22 15:26 - 2011-11-03 02:36 - 0000448 ____A C:\Windows\setupact.log
2012-04-22 15:25 - 2012-04-23 19:11 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-22 15:24 - 2012-04-23 17:22 - 0133542 ____A C:\TDSSKiller.2.7.31.0_22.04.2012_19.24.26_log.txt
2012-04-22 15:17 - 2012-01-29 14:41 - 0092650 ____A C:\Users\PavNXav\Documents\Registry backup.reg
2012-04-22 15:14 - 2012-01-29 16:00 - 0000000 ____D C:\Program Files\CCleaner
2012-04-22 15:13 - 2012-03-06 08:39 - 3645656 ____A (Piriform Ltd) C:\Users\PavNXav\Downloads\ccsetup317.exe
2012-04-22 13:46 - 2012-02-27 23:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-22 13:46 - 2012-02-27 22:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-22 13:46 - 2012-02-27 22:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-22 13:46 - 2012-02-27 22:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-22 13:46 - 2012-02-27 22:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-22 13:46 - 2012-02-27 17:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-22 13:46 - 2012-02-27 17:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-22 13:46 - 2012-02-27 17:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-22 13:46 - 2012-02-27 17:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-22 13:46 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-22 13:46 - 2011-11-03 04:37 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-22 13:46 - 2011-11-03 04:37 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-22 13:46 - 2011-11-03 04:37 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-22 13:46 - 2011-11-03 04:37 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-22 13:46 - 2011-11-03 04:37 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-22 13:46 - 2011-11-03 04:37 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-22 13:46 - 2011-11-03 04:37 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-22 13:46 - 2011-11-03 04:37 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-22 13:46 - 2011-05-02 21:29 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-22 13:46 - 2011-05-02 20:30 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-22 13:46 - 2010-11-20 19:24 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-22 13:46 - 2010-11-20 19:23 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-22 13:46 - 2009-07-13 17:41 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-22 13:46 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-22 13:46 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-22 13:46 - 2009-07-13 17:16 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-22 13:46 - 2009-07-13 17:16 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-22 13:46 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-22 13:46 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-22 13:44 - 2009-07-13 17:47 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-22 13:44 - 2009-07-13 17:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-22 13:44 - 2009-07-13 17:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-22 13:44 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-22 13:44 - 2009-07-13 17:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-22 13:44 - 2009-07-13 17:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-22 13:44 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-22 13:40 - 2012-04-22 13:16 - 0000000 ____D C:\Program Files (x86)\SpywareBlaster
2012-04-22 13:40 - 2012-04-22 13:15 - 0001094 ____A C:\Users\PavNXav\Desktop\SpywareBlaster.lnk
2012-04-22 13:40 - 2011-05-03 20:32 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2012-04-22 13:40 - 2010-11-20 19:24 - 1071088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2012-04-22 13:40 - 2009-07-13 17:14 - 0000208 ____A C:\Windows\wininit.ini
2012-04-22 13:15 - 2012-04-23 04:05 - 0001273 ____A C:\Users\PavNXav\Desktop\Spybot - Search & Destroy.lnk
2012-04-22 13:15 - 2012-03-11 11:42 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-22 13:15 - 2012-03-11 11:41 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-04-22 13:15 - 2012-03-11 11:41 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-04-22 13:14 - 2012-04-22 18:38 - 74761776 ____A C:\Users\PavNXav\Desktop\avast_free_antivirus_setup.exe
2012-04-22 13:02 - 2012-02-05 16:14 - 1359824 ____A C:\Users\PavNXav\Downloads\pc-decrapifier-2.2.8.exe
2012-04-22 12:39 - 2011-11-03 04:51 - 0000000 ____D C:\Users\PavNXav\AppData\Roaming\Malwarebytes
2012-04-22 12:38 - 2012-03-20 17:29 - 0001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-22 12:38 - 2012-02-19 21:25 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-22 12:38 - 2012-02-19 21:25 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-22 12:38 - 2011-11-03 04:45 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-22 12:34 - 2012-04-22 13:01 - 0001888 ____A C:\Users\Public\Desktop\HP ePrintCenter - HP Photosmart 5510 series.lnk
2012-04-22 12:34 - 2012-04-22 12:38 - 0001153 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-04-22 12:34 - 2012-03-20 17:33 - 0001191 ____A C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 5510 series.lnk
2012-04-22 12:34 - 2012-03-11 11:41 - 0002085 ____A C:\Users\Public\Desktop\Toshiba Book Place.lnk
2012-04-22 12:34 - 2012-02-19 21:25 - 0002223 ____A C:\Users\Public\Desktop\HP Photosmart 5510 series.lnk
2012-04-22 12:34 - 2012-02-19 21:24 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-04-22 12:34 - 2012-02-19 21:24 - 0002018 ____A C:\Users\Public\Desktop\HP Photo Creations.lnk
2012-04-22 12:34 - 2012-02-19 21:24 - 0001794 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-22 12:34 - 2012-01-29 14:46 - 0002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-04-22 12:34 - - 0000174 __ASH C:\Users\All Users\Start Menu\Programs\Startup\desktop.ini
2012-04-22 12:27 - 2012-04-22 13:40 - 0399264 ____A (Bleeping Computer, LLC) C:\Users\PavNXav\Desktop\unhide.exe
2012-04-22 12:27 - 2012-04-22 12:15 - 0002130 ____A C:\Users\PavNXav\Desktop\unhide.txt
2012-04-02 06:56 - 2012-04-22 13:42 - 8741536 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-03-29 15:48 - 2012-01-29 14:41 - 0000000 ____D C:\Users\PavNXav\AppData\Local\CrashDumps
2012-03-29 15:45 - 2012-04-22 12:10 - 0000200 ____A C:\Users\All Users\-vImSZtXGh71y1rr
2012-03-29 15:45 - 2012-04-22 12:10 - 0000200 ____A C:\ProgramData\-vImSZtXGh71y1rr
2012-03-29 15:45 - - 0000000 ____A C:\Users\All Users\-vImSZtXGh71y1r
2012-03-29 15:45 - - 0000000 ____A C:\ProgramData\-vImSZtXGh71y1r
2012-03-29 07:58 - 2009-07-13 17:40 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-03-29 07:58 - 2009-07-13 17:14 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-29 07:58 - 2009-06-10 13:10 - 0000000 ____D C:\Windows\System32\Macromed
2012-03-29 07:58 - - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-03-26 14:14 - 2012-03-26 13:58 - 0000000 ____D C:\Users\PavNXav\Downloads\NoDJ-Elle_Varner-Conversational_Lush
2012-03-26 14:11 - 2012-03-26 14:14 - 42071802 ____A C:\Users\PavNXav\Downloads\NoDJ-Elle_Varner-Conversational_Lush.zip
2012-03-26 14:06 - 2012-03-14 17:25 - 3752199 ____A C:\Users\PavNXav\Downloads\Rick_Ross_Feat_Future-Ring_Ring.mp3
2012-03-26 14:03 - 2012-03-14 17:18 - 6532443 ____A C:\Users\PavNXav\Downloads\Young_Jeezy_Feat_2_Chainz-Supa_Freak.mp3
2012-03-26 13:58 - 2012-01-29 14:55 - 9705045 ____A C:\Users\PavNXav\Downloads\Nicki_Minaj_&_Chris_Brown-Right_By_My_Side.mp3
2012-03-25 09:33 - 2009-07-13 17:39 - 0000000 ____D C:\Windows\Hewlett-Packard


============ 3 Months Modified Files and Folders =============

2012-04-24 00:21 - 2012-04-24 00:20 - 0000000 ____D C:\FRST
2012-04-23 20:17 - 2012-02-19 21:25 - 0000260 ____A C:\Windows\Tasks\HP Photo Creations Messager.job
2012-04-23 20:17 - 2011-12-10 15:47 - 2094246 ____A C:\Windows\WindowsUpdate.log
2012-04-23 19:42 - 2012-03-29 07:58 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-23 19:38 - 2012-04-23 19:38 - 0050000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wvmavqgz.sys
2012-04-23 19:37 - 2011-12-10 16:30 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-23 19:27 - 2009-07-13 21:13 - 0006426 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-23 19:25 - 2012-04-23 19:25 - 0002415 ____A C:\Users\PavNXav\Desktop\aswMBR.txt
2012-04-23 19:25 - 2012-04-23 19:25 - 0000512 ____A C:\Users\PavNXav\Desktop\MBR.dat
2012-04-23 19:19 - 2009-07-13 20:45 - 0024608 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-23 19:19 - 2009-07-13 20:45 - 0024608 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-23 19:13 - 2012-03-11 11:41 - 0000000 ____D C:\Users\PavNXav\AppData\Roaming\Skype
2012-04-23 19:13 - 2011-12-10 16:30 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-23 19:12 - 2012-04-22 15:26 - 0000448 ____A C:\Windows\setupact.log
2012-04-23 19:12 - 2012-03-29 07:58 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-23 19:12 - 2011-12-10 15:42 - 3152003072 __ASH C:\hiberfil.sys
2012-04-23 19:12 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-23 19:11 - 2012-04-23 19:10 - 0129504 ____A C:\TDSSKiller.2.7.32.0_23.04.2012_23.10.27_log.txt
2012-04-23 19:11 - 2012-04-22 15:25 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-23 19:04 - 2012-04-23 19:09 - 4731392 ____A (AVAST Software) C:\Users\PavNXav\Desktop\aswMBR.exe
2012-04-23 19:03 - 2012-04-23 19:10 - 2073648 ____A (Kaspersky Lab ZAO) C:\Users\PavNXav\Desktop\hgf83jr.exe
2012-04-23 16:56 - 2012-04-23 16:56 - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-23 04:45 - 2012-04-23 04:45 - 0019506 ____A C:\ComboFix.txt
2012-04-23 04:45 - 2012-04-23 04:30 - 0000000 ____D C:\Qoobox
2012-04-23 04:45 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public
2012-04-23 04:42 - 2012-04-23 04:30 - 0000000 ____D C:\Windows\ERDNT
2012-04-23 04:41 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-04-23 04:40 - 2012-04-23 04:40 - 0000546 ____A C:\Windows\PFRO.log
2012-04-23 04:40 - 2012-04-23 04:40 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG2
2012-04-23 04:40 - 2012-04-23 04:40 - 0000000 __ASH C:\Windows\System32\config\SYSTEM.tmp.LOG1
2012-04-23 04:40 - 2012-04-23 04:40 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG2
2012-04-23 04:40 - 2012-04-23 04:40 - 0000000 __ASH C:\Windows\System32\config\SECURITY.tmp.LOG1
2012-04-23 04:40 - 2012-04-23 04:40 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG2
2012-04-23 04:40 - 2012-04-23 04:40 - 0000000 __ASH C:\Windows\System32\config\SAM.tmp.LOG1
2012-04-23 04:40 - 2012-04-23 04:40 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG2
2012-04-23 04:40 - 2012-04-23 04:40 - 0000000 __ASH C:\Windows\System32\config\DEFAULT.tmp.LOG1
2012-04-23 04:40 - 2009-07-13 18:34 - 58458112 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-04-23 04:40 - 2009-07-13 18:34 - 18612224 ____A C:\Windows\System32\config\SYSTEM.bak
2012-04-23 04:40 - 2009-07-13 18:34 - 0524288 ____A C:\Windows\System32\config\DEFAULT.bak
2012-04-23 04:40 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-04-23 04:40 - 2009-07-13 18:34 - 0262144 ____A C:\Windows\System32\config\SAM.bak
2012-04-23 04:39 - 2012-04-23 04:39 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG2
2012-04-23 04:39 - 2012-04-23 04:39 - 0000000 __ASH C:\Windows\System32\config\SOFTWARE.tmp.LOG1
2012-04-23 04:05 - 2012-04-23 04:28 - 0879714 ____A C:\Users\PavNXav\Desktop\SecurityCheck.exe
2012-04-22 18:38 - 2012-04-22 18:38 - 0021578 ____A C:\Users\PavNXav\Desktop\DDS.txt
2012-04-22 18:38 - 2012-04-22 18:38 - 0006149 ____A C:\Users\PavNXav\Desktop\Attach.txt
2012-04-22 15:42 - 2012-04-22 15:42 - 0125982 ____A C:\TDSSKiller.2.7.31.0_22.04.2012_19.42.06_log.txt
2012-04-22 15:40 - 2012-04-22 15:39 - 0125982 ____A C:\TDSSKiller.2.7.31.0_22.04.2012_19.39.28_log.txt
2012-04-22 15:35 - 2012-04-23 04:28 - 4472002 ____R (Swearware) C:\Users\PavNXav\Desktop\ComboFix.exe
2012-04-22 15:30 - 2012-04-22 15:29 - 0127340 ____A C:\TDSSKiller.2.7.31.0_22.04.2012_19.29.36_log.txt
2012-04-22 15:26 - 2012-04-22 15:26 - 0000000 ____A C:\Windows\setuperr.log
2012-04-22 15:25 - 2012-04-22 15:24 - 0133542 ____A C:\TDSSKiller.2.7.31.0_22.04.2012_19.24.26_log.txt
2012-04-22 15:17 - 2012-04-22 15:17 - 0092650 ____A C:\Users\PavNXav\Documents\Registry backup.reg
2012-04-22 15:16 - 2012-04-22 13:15 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-04-22 15:16 - 2012-04-22 13:15 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-04-22 15:16 - 2012-03-29 15:48 - 0000000 ____D C:\Users\PavNXav\AppData\Local\CrashDumps
2012-04-22 15:16 - 2011-11-03 02:36 - 0000000 ____D C:\Windows\Panther
2012-04-22 15:14 - 2012-04-22 15:14 - 0000000 ____D C:\Program Files\CCleaner
2012-04-22 15:14 - 2012-04-22 15:13 - 3645656 ____A (Piriform Ltd) C:\Users\PavNXav\Downloads\ccsetup317.exe
2012-04-22 13:44 - 2012-02-08 21:35 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-22 13:42 - 2012-04-02 06:56 - 8741536 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-22 13:42 - 2012-03-29 07:58 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-22 13:42 - 2011-11-03 04:51 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-22 13:41 - 2012-04-22 13:40 - 0000000 ____D C:\Program Files (x86)\SpywareBlaster
2012-04-22 13:40 - 2012-04-22 13:40 - 0001094 ____A C:\Users\PavNXav\Desktop\SpywareBlaster.lnk
2012-04-22 13:40 - 2012-04-22 13:40 - 0000208 ____A C:\Windows\wininit.ini
2012-04-22 13:16 - 2012-04-22 13:15 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-22 13:15 - 2012-04-22 13:15 - 0001273 ____A C:\Users\PavNXav\Desktop\Spybot - Search & Destroy.lnk
2012-04-22 13:07 - 2011-11-03 04:45 - 0000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2012-04-22 13:04 - 2011-11-03 04:51 - 0000000 ____D C:\Users\All Users\Toshiba
2012-04-22 13:04 - 2011-11-03 04:51 - 0000000 ____D C:\ProgramData\Toshiba
2012-04-22 13:04 - 2011-11-03 04:45 - 0000000 ____D C:\Program Files (x86)\Toshiba
2012-04-22 13:02 - 2012-04-22 13:02 - 1359824 ____A C:\Users\PavNXav\Downloads\pc-decrapifier-2.2.8.exe
2012-04-22 13:01 - 2012-02-08 21:37 - 0002030 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-04-22 12:44 - 2012-01-29 14:41 - 0000000 ____D C:\users\PavNXav
2012-04-22 12:39 - 2012-04-22 12:39 - 0000000 ____D C:\Users\PavNXav\AppData\Roaming\Malwarebytes
2012-04-22 12:38 - 2012-04-22 12:38 - 0001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-22 12:38 - 2012-04-22 12:38 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-22 12:38 - 2012-04-22 12:38 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-22 12:38 - 2012-04-22 12:38 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-22 12:34 - 2012-04-22 12:27 - 0002130 ____A C:\Users\PavNXav\Desktop\unhide.txt
2012-04-22 12:15 - 2012-04-22 12:27 - 0399264 ____A (Bleeping Computer, LLC) C:\Users\PavNXav\Desktop\unhide.exe
2012-04-22 12:10 - 2012-03-29 15:45 - 0000000 ____A C:\Users\All Users\-vImSZtXGh71y1r
2012-04-22 12:10 - 2012-03-29 15:45 - 0000000 ____A C:\ProgramData\-vImSZtXGh71y1r
2012-03-31 18:27 - 2012-01-29 14:43 - 0000000 ____D C:\Users\PavNXav\AppData\Local\VirtualStore
2012-03-29 15:54 - 2011-12-10 16:37 - 0000000 ____D C:\Users\All Users\Norton
2012-03-29 15:54 - 2011-12-10 16:37 - 0000000 ____D C:\ProgramData\Norton
2012-03-29 15:54 - 2011-12-10 16:37 - 0000000 ____D C:\Program Files (x86)\NortonInstaller
2012-03-29 15:45 - 2012-03-29 15:45 - 0000200 ____A C:\Users\All Users\-vImSZtXGh71y1rr
2012-03-29 15:45 - 2012-03-29 15:45 - 0000200 ____A C:\ProgramData\-vImSZtXGh71y1rr
2012-03-29 08:00 - 2012-02-19 21:24 - 0000000 ____D C:\Users\PavNXav\AppData\Roaming\HpUpdate
2012-03-29 07:58 - 2012-03-29 07:58 - 0000000 ____D C:\Windows\System32\Macromed
2012-03-29 05:56 - 2012-01-29 14:44 - 0000000 ____D C:\Users\PavNXav\AppData\Local\Google
2012-03-26 14:14 - 2012-03-26 14:14 - 0000000 ____D C:\Users\PavNXav\Downloads\NoDJ-Elle_Varner-Conversational_Lush
2012-03-26 14:14 - 2012-03-26 14:11 - 42071802 ____A C:\Users\PavNXav\Downloads\NoDJ-Elle_Varner-Conversational_Lush.zip
2012-03-26 14:06 - 2012-03-26 14:06 - 3752199 ____A C:\Users\PavNXav\Downloads\Rick_Ross_Feat_Future-Ring_Ring.mp3
2012-03-26 14:05 - 2012-03-26 14:03 - 6532443 ____A C:\Users\PavNXav\Downloads\Young_Jeezy_Feat_2_Chainz-Supa_Freak.mp3
2012-03-26 13:58 - 2012-03-26 13:58 - 9705045 ____A C:\Users\PavNXav\Downloads\Nicki_Minaj_&_Chris_Brown-Right_By_My_Side.mp3
2012-03-25 09:34 - 2012-02-19 21:23 - 0000000 ____D C:\Program Files (x86)\HP
2012-03-25 09:33 - 2012-03-25 09:33 - 0000000 ____D C:\Windows\Hewlett-Packard
2012-03-22 10:38 - 2012-03-22 10:32 - 95511579 ____A C:\Users\PavNXav\Downloads\DJ_Steph_Floss-Ray_Jr-Elected.zip
2012-03-21 06:57 - 2012-01-29 16:02 - 0000000 ____D C:\Users\PavNXav\AppData\Roaming\Apple Computer
2012-03-20 17:33 - 2012-04-22 12:34 - 0002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-03-20 17:33 - 2012-03-20 17:33 - 0000000 ____D C:\Program Files (x86)\Safari
2012-03-20 17:30 - 2012-03-20 17:30 - 0000628 ____A C:\Windows\System32\mapisvc.inf
2012-03-20 17:30 - 2012-01-29 16:01 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-03-20 17:29 - 2012-04-22 12:34 - 0001794 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-20 17:29 - 2012-03-20 17:28 - 0000000 ____D C:\Program Files\iTunes
2012-03-20 17:29 - 2012-03-20 17:28 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-03-20 17:28 - 2012-03-20 17:28 - 0000000 ____D C:\Program Files\iPod
2012-03-20 17:21 - 2012-03-20 17:20 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-03-20 17:20 - 2012-01-29 14:41 - 0000000 ____D C:\Users\PavNXav\AppData\LocalLow
2012-03-20 17:03 - 2012-03-20 17:03 - 0000000 ____D C:\Users\PavNXav\Downloads\DJ_Smallz-Southern_Smoke_Radio_R&B_6_(Hosted_By_Bei_Maejor)
2012-03-20 16:29 - 2012-03-20 16:22 - 117779265 ____A C:\Users\PavNXav\Downloads\DJ_Smallz-Southern_Smoke_Radio_R&B_6_(Hosted_By_Bei_Maejor).zip
2012-03-20 16:21 - 2012-03-20 16:21 - 0000000 ____D C:\Users\PavNXav\Downloads\DJ_Spinatik-Street_Runnaz_64
2012-03-20 16:19 - 2012-03-20 16:11 - 113408213 ____A C:\Users\PavNXav\Downloads\DJ_Spinatik-Street_Runnaz_64.zip
2012-03-20 11:28 - 2009-07-13 20:45 - 0274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-17 07:07 - 2012-01-29 14:52 - 0006408 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-03-15 06:02 - 2012-03-15 06:02 - 0000000 ____D C:\Users\PavNXav\Downloads\DJ_Holiday-Gucci_Mane-Trap_Back
2012-03-15 06:01 - 2012-02-05 15:35 - 0000000 ____D C:\Users\PavNXav\Downloads\NoDJ-Trey_Songz-Anticipation_2
2012-03-14 17:39 - 2012-01-29 14:52 - 0000000 ____D C:\Users\PavNXav\AppData\Roaming\SoftGrid Client
2012-03-14 17:30 - 2012-01-29 14:45 - 0057560 ____A C:\Users\PavNXav\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-14 17:29 - 2011-11-03 05:03 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-03-14 17:28 - 2012-03-14 17:27 - 0000000 ____D C:\Program Files (x86)\MSECache
2012-03-14 17:25 - 2012-03-14 17:12 - 63210976 ____A (Microsoft Corporation) C:\Users\PavNXav\Downloads\PowerPointViewer.exe
2012-03-14 17:18 - 2012-03-14 17:12 - 25685128 ____A (Microsoft Corporation) C:\Users\PavNXav\Downloads\wordview_en-us.exe
2012-03-14 17:17 - 2012-04-22 12:34 - 0002085 ____A C:\Users\Public\Desktop\Toshiba Book Place.lnk
2012-03-14 17:17 - 2012-03-14 17:17 - 0000000 ____D C:\Users\Public\Book Place
2012-03-14 17:12 - 2012-03-14 17:12 - 0936168 ____A (Microsoft Corporation) C:\Users\PavNXav\Downloads\SaveAsPDF.exe
2012-03-14 16:43 - 2012-03-13 13:39 - 0000000 ____D C:\Users\PavNXav\AppData\Local\Kjs.AppLife.Update
2012-03-14 16:40 - 2012-03-14 16:40 - 0102065 ____A C:\Users\PavNXav\Documents\ED.docx
2012-03-13 06:38 - 2012-03-13 06:38 - 0122549 ____A C:\Users\PavNXav\Documents\taxes.pdf
2012-03-11 13:29 - 2012-04-22 13:14 - 74761776 ____A C:\Users\PavNXav\Desktop\avast_free_antivirus_setup.exe
2012-03-11 11:42 - 2012-03-11 11:41 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-03-11 11:41 - 2012-04-22 12:34 - 0002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-03-11 11:41 - 2012-03-11 11:41 - 0000000 ____D C:\Users\All Users\Skype
2012-03-11 11:41 - 2012-03-11 11:41 - 0000000 ____D C:\ProgramData\Skype
2012-03-11 11:36 - 2012-03-11 11:36 - 0944264 ____A (Skype Technologies S.A.) C:\Users\PavNXav\Downloads\SkypeSetup.exe
2012-03-06 08:39 - 2012-03-06 07:59 - 179595236 ____A C:\Users\PavNXav\Downloads\Cartune_Netwerk-XO_(The_Remixes).zip.part
2012-03-06 07:28 - 2012-03-06 07:21 - 93620443 ____A C:\Users\PavNXav\Downloads\DJ_Holiday-Gucci_Mane-Trap_Back.zip
2012-03-05 22:53 - 2012-04-22 13:46 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-05 21:59 - 2012-04-22 13:46 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-05 21:59 - 2012-04-22 13:46 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-02-29 22:46 - 2012-04-22 13:44 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-04-22 13:44 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-04-22 13:44 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-04-22 13:44 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-04-22 13:44 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-04-22 13:44 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-04-22 13:44 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-27 23:34 - 2012-04-22 13:46 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-22 13:46 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-22 13:46 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-22 13:46 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-22 13:46 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-22 13:46 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-22 13:46 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-22 13:46 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-22 13:46 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-22 13:46 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-22 13:46 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-22 13:46 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-22 13:46 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-04-22 13:46 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-22 13:46 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-22 13:46 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-22 13:46 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-22 13:46 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-22 13:46 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-22 13:46 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-22 13:46 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-22 13:46 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-22 13:46 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-22 13:46 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-22 13:46 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-22 13:46 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-26 06:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-02-23 16:04 - 2011-11-03 04:53 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-23 06:18 - 2010-11-20 19:27 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-19 21:39 - 2012-02-19 21:17 - 168784452 ____A C:\Users\PavNXav\Downloads\DJ_Kurupt-Love_&_Music_(Hosted_By_Candi_Coated).zip.part
2012-02-19 21:28 - 2012-02-19 21:28 - 0000000 ____D C:\Users\PavNXav\Downloads\DJ_Ace-Bedroom_Only_(Valentines_Edition)
2012-02-19 21:27 - 2012-02-19 21:19 - 0000000 ____D C:\Users\PavNXav\AppData\Local\HP
2012-02-19 21:26 - 2012-02-19 21:26 - 0000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-02-19 21:25 - 2012-04-22 12:34 - 0002018 ____A C:\Users\Public\Desktop\HP Photo Creations.lnk
2012-02-19 21:25 - 2012-02-19 21:25 - 0000000 ____D C:\Users\All Users\HP Photo Creations
2012-02-19 21:25 - 2012-02-19 21:25 - 0000000 ____D C:\ProgramData\HP Photo Creations
2012-02-19 21:25 - 2012-02-19 21:25 - 0000000 ____D C:\Program Files (x86)\HP Photo Creations
2012-02-19 21:25 - 2012-02-19 21:25 - 0000000 ____D C:\Program Files (x86)\Coupons
2012-02-19 21:24 - 2012-04-22 12:34 - 0002223 ____A C:\Users\Public\Desktop\HP Photosmart 5510 series.lnk
2012-02-19 21:24 - 2012-04-22 12:34 - 0001888 ____A C:\Users\Public\Desktop\HP ePrintCenter - HP Photosmart 5510 series.lnk
2012-02-19 21:24 - 2012-04-22 12:34 - 0001191 ____A C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 5510 series.lnk
2012-02-19 21:24 - 2012-02-19 21:13 - 71488957 ____A C:\Users\PavNXav\Downloads\DJ_Ace-Bedroom_Only_(Valentines_Edition).zip
2012-02-19 21:24 - 2012-01-29 14:46 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-02-19 21:23 - 2012-02-19 21:23 - 0000000 ____D C:\Users\All Users\HP
2012-02-19 21:23 - 2012-02-19 21:23 - 0000000 ____D C:\ProgramData\HP
2012-02-19 21:21 - 2012-02-19 21:21 - 0000000 ____D C:\Program Files\HP
2012-02-19 21:20 - 2012-02-19 21:20 - 0000057 ____A C:\Users\All Users\Ament.ini
2012-02-19 21:20 - 2012-02-19 21:20 - 0000057 ____A C:\ProgramData\Ament.ini
2012-02-19 21:18 - 2012-02-19 21:18 - 0000000 ____D C:\Users\PavNXav\Downloads\DJ_Smallz-Bobby_V-V_Day
2012-02-19 20:52 - 2012-02-19 20:45 - 51330912 ____A C:\Users\PavNXav\Downloads\DJ_Smallz-Bobby_V-V_Day.zip
2012-02-19 20:07 - 2012-02-19 20:07 - 0000000 ____A C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-02-16 22:38 - 2012-03-14 16:49 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-14 16:49 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-14 16:49 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-14 16:49 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-15 22:03 - 2012-01-29 14:43 - 0000174 ___SH C:\Users\PavNXav\Start Menu\Programs\Startup\desktop.ini
2012-02-15 22:03 - 2012-01-29 14:43 - 0000174 ___SH C:\Users\PavNXav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-15 05:36 - 2012-01-29 14:51 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-02-10 06:42 - 2012-02-10 06:42 - 0014819 ____A C:\Users\PavNXav\Documents\CHAPTER 4.docx
2012-02-10 06:36 - 2012-02-10 06:36 - 0014132 ____A C:\Users\PavNXav\Documents\evalutaion.docx
2012-02-09 22:36 - 2012-03-15 06:08 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-15 06:08 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 11:06 - 2012-02-09 11:06 - 0044045 ____A C:\Users\PavNXav\Downloads\IFile.pdf
2012-02-09 10:29 - 2012-02-09 10:29 - 0552380 ____A C:\Users\PavNXav\Downloads\FullReport.do.htm
2012-02-09 10:29 - 2012-02-09 10:29 - 0000000 ____D C:\Users\PavNXav\Downloads\FullReport.do_files
2012-02-09 10:23 - 2012-02-09 10:23 - 0204640 ____A C:\Users\PavNXav\Downloads\Equifax_FACT_Rpt_02092012.pdf
2012-02-09 09:43 - 2012-02-09 09:43 - 0198921 ____A C:\Users\PavNXav\Downloads\TaxReturn.pdf
2012-02-09 09:43 - 2012-02-09 09:43 - 0120741 ____A C:\Users\PavNXav\Downloads\TaxReturn(1).pdf
2012-02-08 21:54 - 2012-02-08 21:53 - 0541655 ____A C:\Users\PavNXav\Downloads\PdfFile.pdf
2012-02-06 16:46 - 2012-01-29 18:18 - 0000000 ____D C:\Users\All Users\VirtualizedApplications
2012-02-06 16:46 - 2012-01-29 18:18 - 0000000 ____D C:\ProgramData\VirtualizedApplications
2012-02-06 16:22 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-02-06 00:19 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-02-05 18:44 - 2012-02-05 18:44 - 0000000 ____D C:\1589022a921de4aaa6e260c7fd45
2012-02-05 18:35 - 2012-02-05 18:35 - 0013919 ____A C:\Users\PavNXav\Documents\SOSC 102.docx
2012-02-05 18:34 - 2012-02-05 18:34 - 0014554 ____A C:\Users\PavNXav\Documents\ENGL 101 2.docx
2012-02-05 16:54 - 2010-11-20 23:16 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-02-05 16:18 - 2012-02-05 16:18 - 0000000 ____D C:\Users\PavNXav\Downloads\NoDJ-Trey_Songz-Lemmeholdatbeat_2
2012-02-05 16:14 - 2012-02-05 16:07 - 102213024 ____A C:\Users\PavNXav\Downloads\NoDJ-Trey_Songz-Lemmeholdatbeat_2.zip
2012-02-05 16:08 - 2012-02-05 16:08 - 0000000 ____D C:\Users\PavNXav\Downloads\Tapemasters_Inc_-The_Future_Of_R&B_43
2012-02-05 16:08 - 2012-02-05 16:08 - 0000000 ____D C:\Users\PavNXav\Downloads\DJ_E_Sudd-Executive_R&B_29
2012-02-05 15:56 - 2012-02-05 15:32 - 192841637 ____A C:\Users\PavNXav\Downloads\Tapemasters_Inc_-The_Future_Of_R&B_43.zip
2012-02-05 15:54 - 2012-02-05 15:48 - 79176714 ____A C:\Users\PavNXav\Downloads\DJ_E_Sudd-Executive_R&B_29.zip
2012-02-05 15:31 - 2012-02-05 15:24 - 82546950 ____A C:\Users\PavNXav\Downloads\NoDJ-Trey_Songz-Anticipation_2.zip
2012-02-05 15:07 - 2012-02-05 15:07 - 0000000 ____D C:\Users\PavNXav\Downloads\DJ_New_Era-Mood_Musiq_(Fitted_Cap_Low_R&B_Radio)
2012-02-05 15:03 - 2012-02-05 14:49 - 203959332 ____A C:\Users\PavNXav\Downloads\DJ_New_Era-Mood_Musiq_(Fitted_Cap_Low_R&B_Radio).zip
2012-02-05 14:47 - 2012-02-05 14:47 - 0000000 ____D C:\Users\PavNXav\Downloads\DJ_Iceberg-Fire_&_Ice(1)
2012-02-05 14:46 - 2012-02-05 14:33 - 194839225 ____A C:\Users\PavNXav\Downloads\DJ_Iceberg-Fire_&_Ice(1).zip
2012-02-05 14:30 - 2012-02-05 14:30 - 0000000 ____D C:\Users\PavNXav\Downloads\DJ_Jay_Rock-Down_South_Bangers_19
2012-02-05 09:54 - 2012-02-05 08:53 - 128035598 ____A C:\Users\PavNXav\Downloads\DJ_Jay_Rock-Down_South_Bangers_19.zip
2012-02-05 08:58 - 2012-02-05 08:58 - 0000000 ___SD C:\Users\PavNXav\Documents\Chica Passwords
2012-02-05 08:40 - 2012-02-05 08:40 - 0000000 ____D C:\Users\PavNXav\Downloads\DJ_Lil_Keem-Just_For_Her_2
2012-02-05 08:40 - 2012-02-05 07:47 - 121383283 ____A C:\Users\PavNXav\Downloads\DJ_Lil_Keem-Just_For_Her_2.zip
2012-02-05 07:38 - 2012-02-05 07:38 - 0000000 ____D C:\Program Files (x86)\The Weather Channel FW
2012-02-05 07:37 - 2012-02-05 07:37 - 0000000 ____D C:\Users\PavNXav\AppData\Local\The Weather Channel
2012-02-05 07:36 - 2012-02-05 07:36 - 1653952 ____A (W3i, LLC) C:\Users\PavNXav\Downloads\ac3filter_app_1200.exe
2012-02-05 07:33 - 2012-02-05 07:33 - 0000000 ____D C:\Users\All Users\Toshiba Book Place
2012-02-05 07:33 - 2012-02-05 07:33 - 0000000 ____D C:\ProgramData\Toshiba Book Place
2012-02-05 07:33 - 2012-02-05 07:32 - 0000000 ____D C:\Users\PavNXav\AppData\Roaming\Book Place
2012-02-05 07:32 - 2012-02-05 07:32 - 0000000 ____D C:\Users\PavNXav\Documents\Book Place
2012-02-02 22:21 - 2012-02-02 22:21 - 0000795 ____A C:\Users\PavNXav\Downloads\enus_084705_06_1_lab.zip
2012-02-02 21:18 - 2012-02-02 21:18 - 0023552 ____A C:\Users\PavNXav\Documents\Chapter 2.doc
2012-02-02 21:18 - 2012-02-02 21:17 - 0015512 ____A C:\Users\PavNXav\Documents\CHAPTER 3.docx
2012-02-02 20:47 - 2012-01-29 14:44 - 0000000 ____D C:\Users\PavNXav\AppData\Roaming\Google
2012-02-02 20:34 - 2012-03-15 06:08 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-02 18:14 - 2009-07-13 21:08 - 0016652 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-01-30 19:50 - 2012-01-30 19:11 - 0031806 ____A C:\Users\PavNXav\Documents\Alexander X.docx
2012-01-30 19:33 - 2012-01-30 19:33 - 0000000 ____D C:\Users\PavNXav\AppData\Local\Microsoft Help
2012-01-30 19:33 - 2012-01-30 19:33 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-01-30 19:33 - 2012-01-30 19:33 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-01-30 16:08 - 2012-01-30 16:08 - 0000000 ___RD C:\MSOCache
2012-01-29 17:02 - 2012-01-29 17:02 - 0211593 ____A C:\Users\PavNXav\Documents\Mommy.pdf
2012-01-29 17:02 - 2011-11-03 04:51 - 0000000 ____D C:\Users\All Users\Adobe
2012-01-29 17:02 - 2011-11-03 04:51 - 0000000 ____D C:\ProgramData\Adobe
2012-01-29 17:01 - 2012-01-29 17:01 - 0000000 ____D C:\Users\PavNXav\AppData\Local\Adobe
2012-01-29 17:01 - 2012-01-29 14:44 - 0000000 ____D C:\Users\PavNXav\AppData\Roaming\Adobe
2012-01-29 16:31 - 2012-01-29 16:31 - 0000000 ____D C:\Users\PavNXav\AppData\Roaming\Tific
2012-01-29 16:02 - 2012-01-29 16:02 - 0000000 ____D C:\Users\PavNXav\AppData\Local\Apple Computer
2012-01-29 16:02 - 2012-01-29 16:01 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-01-29 16:02 - 2012-01-29 16:01 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-01-29 16:01 - 2012-01-29 16:01 - 0000000 ____D C:\Users\PavNXav\AppData\Local\Apple
2012-01-29 16:01 - 2012-01-29 16:01 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-01-29 16:01 - 2012-01-29 16:01 - 0000000 ____D C:\ProgramData\Apple Computer
2012-01-29 16:01 - 2012-01-29 16:01 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-01-29 16:01 - 2012-01-29 16:00 - 0000000 ____D C:\Users\All Users\Apple
2012-01-29 16:01 - 2012-01-29 16:00 - 0000000 ____D C:\ProgramData\Apple
2012-01-29 16:00 - 2012-01-29 16:00 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{016888b8-6c6f-11de-8d1d-001e0bcde3ec}.TxR.blf
2012-01-29 16:00 - 2012-01-29 16:00 - 0000000 ____D C:\Program Files\Bonjour
2012-01-29 16:00 - 2012-01-29 16:00 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-01-29 14:55 - 2012-01-29 14:50 - 71279472 ____A (Apple Inc.) C:\Users\PavNXav\Downloads\iTunes64Setup.exe
2012-01-29 14:52 - 2012-01-29 14:52 - 0000000 ____D C:\Users\PavNXav\AppData\Local\SoftGrid Client
2012-01-29 14:52 - 2012-01-29 14:51 - 0000000 ____D C:\Users\PavNXav\AppData\Roaming\TP
2012-01-29 14:51 - 2012-01-29 14:51 - 0000000 ____D C:\Program Files\Microsoft Office
2012-01-29 14:48 - 2012-01-29 14:48 - 0000000 ____D C:\Users\PavNXav\AppData\Roaming\Mozilla
2012-01-29 14:48 - 2012-01-29 14:48 - 0000000 ____D C:\Users\PavNXav\AppData\Local\Mozilla
2012-01-29 14:46 - 2012-04-22 12:34 - 0001153 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-01-29 14:45 - 2012-01-29 14:45 - 0000000 ____D C:\Users\PavNXav\AppData\Roaming\Toshiba
2012-01-29 14:44 - 2012-01-29 14:43 - 0000000 ____D C:\Users\PavNXav\AppData\Local\TOSHIBA
2012-01-29 14:43 - 2010-11-20 23:06 - 0000000 ____D C:\Windows\SysWOW64\sysprep
2012-01-29 14:43 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Sysprep
2012-01-29 14:42 - 2012-01-29 14:42 - 0000013 __RSH C:\Windows\System32\Drivers\fbd.sys
2012-01-29 14:42 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\restore
2012-01-29 14:41 - 2012-01-29 14:41 - 0000020 ___SH C:\Users\PavNXav\ntuser.ini
2012-01-29 14:41 - 2012-01-29 14:41 - 0000000 __SHD C:\Users\PavNXav\Templates
2012-01-29 14:41 - 2012-01-29 14:41 - 0000000 __SHD C:\Users\PavNXav\Start Menu
2012-01-29 14:41 - 2012-01-29 14:41 - 0000000 __SHD C:\Users\PavNXav\PrintHood
2012-01-29 14:41 - 2012-01-29 14:41 - 0000000 __SHD C:\Users\PavNXav\NetHood
2012-01-29 14:41 - 2012-01-29 14:41 - 0000000 __SHD C:\Users\PavNXav\My Documents
2012-01-29 14:41 - 2012-01-29 14:41 - 0000000 __SHD C:\Users\PavNXav\Documents\My Videos
2012-01-29 14:41 - 2012-01-29 14:41 - 0000000 __SHD C:\Users\PavNXav\Documents\My Pictures
2012-01-29 14:41 - 2012-01-29 14:41 - 0000000 __SHD C:\Users\PavNXav\Documents\My Music
2012-01-29 14:41 - 2012-01-29 14:41 - 0000000 __SHD C:\Users\PavNXav\AppData\Local\Temporary Internet Files
2012-01-29 14:41 - 2012-01-29 14:41 - 0000000 __SHD C:\Users\PavNXav\AppData\Local\History
2012-01-29 14:41 - 2012-01-29 14:41 - 0000000 ____D C:\Users\PavNXav\AppData\Roaming\WinBatch
2012-01-29 14:41 - 2009-07-13 19:20 - 0000000 ___RD C:\Users\Public\Libraries
2012-01-29 13:40 - 2009-07-13 21:01 - 0108227 ____A C:\Windows\SysWOW64\license.rtf
2012-01-29 13:40 - 2009-07-13 21:01 - 0108227 ____A C:\Windows\System32\license.rtf
2012-01-29 13:40 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2011-11-03 04:25] - [2011-03-01 00:07] - 0027648 ____A (Microsoft Corporation) 6F68F63794097E54F36474ED4384B759

C:\Windows\SysWOW64\svchost.exe
[2011-11-03 04:25] - [2011-03-01 00:05] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2011-11-03 04:24] - [2011-02-24 22:25] - 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B


========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 4007.98 MB
Available physical RAM: 3451.44 MB
Total Pagefile: 4006.18 MB
Available Pagefile: 3433.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (TI106303W0D) (Fixed) (Total:579.6 GB) (Free:528.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (UDISK) (Removable) (Total:3.81 GB) (Free:1.79 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 3915 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 579 GB 1501 MB
Partition 3 Primary 15 GB 581 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI106303W0D NTFS Partition 579 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3913 MB 1380 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F UDISK FAT32 Removable 3913 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-20 16:47

======================= End Of Log ==========================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:55 PM

Posted 23 April 2012 - 11:49 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
2 grmnusb; C:\Windows\System32\win32sl.dll [6656 2011-03-01] (Oak Technology Inc.)
C:\Windows\System32\win32sl.dll
NETSVC: grmnusb
C:\Windows\System32\dds_trash_log.cmd


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 painaxl

painaxl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 24 April 2012 - 08:04 AM

Ok, here's FIXLOG.txt:

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 22-04-2012
Ran by SYSTEM at 2012-04-24 09:02:44 R:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
grmnusb service deleted successfully.
C:\Windows\System32\win32sl.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs grmnusb Deleted successfully.
C:\Windows\System32\dds_trash_log.cmd moved successfully.

==== End of Fixlog ====

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:55 PM

Posted 24 April 2012 - 08:30 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
C:\windows\assembly\temp\U

File::
C:\windows\system32\consrv.dll
C:\windows\assembly\GAC_32\Desktop.ini
C:\windows\assembly\GAC_64\Desktop.ini

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 painaxl

painaxl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 24 April 2012 - 09:30 AM

Ran the script. A few errors came up while ComboFix was running...

First was "The contents of folder C:\Windows\erdnt\Hiv-backup could not be completely deleted", then pev.3xe has stopped working with the option to close the program.

The script finished and combofix restarted the computer. On the next login, after ComboFix finished and made the log, I got a registry marked for deletion error so I restarted again before testing.

Upon testing, Chrome, Firefox and IE are NOT redirecting.

Here's the log from ComboFix:

ComboFix 12-04-22.02 - PavNXav 04/24/2012 9:41.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4008.2707 [GMT -4:00]
Running from: c:\users\PavNXav\Desktop\ComboFix.exe
Command switches used :: c:\users\PavNXav\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\assembly\GAC_32\Desktop.ini"
"c:\windows\assembly\GAC_64\Desktop.ini"
"c:\windows\system32\consrv.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\system32\consrv.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-24 13:49 . 2012-04-24 13:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 08:20 . 2012-04-24 08:21 -------- d-----w- C:\FRST
2012-04-24 01:00 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39D8B6B2-CB04-4A13-967B-2C9C9693A14B}\mpengine.dll
2012-04-22 23:25 . 2012-04-24 03:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-22 23:14 . 2012-04-22 23:14 -------- d-----w- c:\program files\CCleaner
2012-04-22 21:44 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-22 21:44 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-22 21:44 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-22 21:44 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-22 21:44 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-22 21:44 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-22 21:44 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-22 21:40 . 2012-04-22 21:41 -------- d-----w- c:\program files (x86)\SpywareBlaster
2012-04-22 21:40 . 2010-01-10 22:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2012-04-22 21:40 . 2010-01-10 22:40 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-04-22 21:15 . 2012-04-22 23:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-22 21:15 . 2012-04-22 21:16 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-22 20:39 . 2012-04-22 20:39 -------- d-----w- c:\users\PavNXav\AppData\Roaming\Malwarebytes
2012-04-22 20:38 . 2012-04-22 20:38 -------- d-----w- c:\programdata\Malwarebytes
2012-04-22 20:38 . 2012-04-22 20:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-04-02 14:56 . 2012-04-22 21:42 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-29 23:48 . 2012-04-24 13:42 -------- d-----w- c:\users\PavNXav\AppData\Local\CrashDumps
2012-03-29 15:58 . 2012-04-22 21:42 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-29 15:58 . 2012-03-29 15:58 -------- d-----w- c:\windows\system32\Macromed
2012-03-25 17:33 . 2012-03-25 17:33 -------- d-----w- c:\windows\Hewlett-Packard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-22 21:42 . 2011-11-03 12:51 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-05 23:27 . 2012-03-05 23:27 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-03-05 23:26 . 2012-03-05 23:26 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-03-05 23:26 . 2012-03-05 23:26 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-02-23 14:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-15 00:49 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-15 00:49 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-15 00:49 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-15 00:49 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-15 14:08 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-15 14:08 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-06 01:07 . 2012-02-06 01:07 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-02-06 01:06 . 2012-02-06 01:06 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-02-06 01:06 . 2012-02-06 01:06 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-02-06 01:06 . 2012-02-06 01:06 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-03 04:34 . 2012-03-15 14:08 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-29 22:42 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-23_12.41.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-04-24 03:14 47520 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-24 13:39 37368 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-01-29 22:43 . 2012-04-23 12:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-29 22:43 . 2012-04-24 00:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-01-29 22:43 . 2012-04-23 12:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-29 22:43 . 2012-04-24 00:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-24 00:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-23 12:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-21 15:12 . 2012-03-21 15:12 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 11120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 62880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2012-03-21 15:12 . 2012-03-21 15:12 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 94552 c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 91488 c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-24 13:45 . 2012-04-24 13:45 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2012-04-24 13:45 . 2012-04-24 13:45 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-01-30 00:09 . 2012-04-24 13:39 6614 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3144500824-2865972327-3220356923-1001_UserData.bin
+ 2012-04-24 13:50 . 2012-04-24 13:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-23 12:40 . 2012-04-23 12:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-24 13:50 . 2012-04-24 13:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-23 12:40 . 2012-04-23 12:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-30 12:07 . 2012-04-22 23:21 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-03-30 12:07 . 2012-04-24 01:22 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-04-24 03:12 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-23 12:38 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-29 21:39 . 2012-04-24 04:17 231164 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-04-24 13:44 447922 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-24 13:49 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-23 12:40 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-21 21:40 . 2012-01-21 21:40 616216 c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll
+ 2012-01-21 21:40 . 2012-01-21 21:40 616216 c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 236880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 616216 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 288616 c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 335712 c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 125440 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 237424 c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 187776 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
+ 2012-04-24 13:45 . 2012-04-24 13:45 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-24 13:45 . 2012-04-24 13:45 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-04-24 13:45 . 2012-04-24 13:45 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
+ 2012-04-24 13:47 . 2012-04-24 13:47 226304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\7f51b59dc6c39bbc00776c9204d7525d\System.Drawing.Design.ni.dll
- 2009-07-14 04:54 . 2012-04-23 12:38 2146304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-24 03:12 2146304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-24 03:12 1228800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-23 12:38 1228800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:36 . 2012-04-24 13:44 1593130 c:\windows\system32\perfh009.dat
- 2011-12-11 00:34 . 2012-04-22 23:26 4416724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2011-12-11 00:34 . 2012-04-24 01:24 4416724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2012-03-21 15:12 . 2012-03-21 15:12 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 1368920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 3512072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 2207568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 5028200 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 1711496 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 6097256 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 1026936 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 4464480 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 1354584 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 1199968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 1462648 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 6428520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 3116376 c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 3824480 c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 4970768 c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 3563408 c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-04-24 13:45 . 2012-04-24 13:45 2975064 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-04-24 13:46 . 2012-04-24 13:46 3788128 c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll
+ 2012-04-24 13:45 . 2012-04-24 13:45 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 5201168 c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
- 2012-03-21 15:12 . 2012-03-21 15:12 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-04-24 13:45 . 2012-04-24 13:45 2989456 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll
+ 2012-01-22 14:20 . 2012-01-22 14:20 1707520 c:\windows\Installer\4ca48.msp
+ 2012-04-24 13:47 . 2012-04-24 13:47 3858432 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\02ea3ff3b5908b51da47e1aeb9e75b04\WindowsBase.ni.dll
+ 2012-04-24 13:47 . 2012-04-24 13:47 1665536 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c02325260bdcecd695a87bbb24547df2\System.Drawing.ni.dll
+ 2012-01-30 02:21 . 2012-04-24 13:49 12474872 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3144500824-2865972327-3220356923-1001-8192.dat
+ 2012-04-24 13:47 . 2012-04-24 13:47 13197312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0b36565a61f83137806e71b287d81042\System.Windows.Forms.ni.dll
+ 2012-04-24 13:47 . 2012-04-24 13:47 11021824 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Design\cd7e0c408cc063860fbccce73bbc9c8d\System.Design.ni.dll
+ 2012-04-24 13:47 . 2012-04-24 13:47 18000384 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7786f3e95a399a8b6691170ae2fe0e1c\PresentationFramework.ni.dll
+ 2012-04-24 13:47 . 2012-04-24 13:47 11450880 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\239eba799555dbe10760ee80c8c8df7c\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-05-25 2672488]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-11 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 253088]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-11 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [x]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 21:42]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-11 00:30]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-11 00:30]
.
2012-04-24 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-07 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-07 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-07 416024]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/?cid=C001B2Y
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\PavNXav\AppData\Roaming\Mozilla\Firefox\Profiles\65wc6o19.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.brc - BRI/1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-14883359.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-04-24 09:54:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-24 13:54
ComboFix2.txt 2012-04-23 12:45
.
Pre-Run: 567,012,970,496 bytes free
Post-Run: 567,625,531,392 bytes free
.
- - End Of File - - C7097F046E96A3D798A38842299539A2

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:55 PM

Posted 24 April 2012 - 01:00 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 painaxl

painaxl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 24 April 2012 - 06:15 PM

Ok, here's the log you requested:
Adobe AIR
Adobe Reader X (10.1.3) MUI
Apple Application Support
Apple Software Update
Bejeweled 3
Bing Bar
Bing Rewards Client Installer
Coupon Printer for Windows
D3DX10
FATE - The Traitor Soul
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HP Photo Creations
HP Photosmart 5510 series Help
HP Update
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 25
Junk Mail filter update
Label@Once 1.0
Letters from Nowhere 2
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Office Word Viewer 2003
Microsoft PowerPoint Viewer
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Polar Bowler
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
RollerCoaster Tycoon 3: Platinum
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Click to Call
Skype Launcher
Skype™ 5.8
Spybot - Search & Destroy
SpywareBlaster 4.6
Tales of Lagoona
The Weather Channel Desktop 6
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBARegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge

-----

So far so good with the browsers not redirecting. Anything suspicious in the program list?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:55 PM

Posted 24 April 2012 - 09:36 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Bing Bar
Bing Rewards Client Installer
Coupon Printer for Windows
Java™ 6 Update 25
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 painaxl

painaxl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 25 April 2012 - 07:39 AM

Everything seems to be running smoothly!

MBAM log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.22.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
PavNXav :: PAVINXAVIE [administrator]

4/25/2012 8:29:01 AM
mbam-log-2012-04-25 (08-29-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197968
Time elapsed: 4 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

-----


HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:39:24 AM, on 4/25/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/?cid=C001B2Y
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1AI0C49705NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nwprovau.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11843 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users